CVE-2019-19959 – sqlite: mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames
https://notcve.org/view.php?id=CVE-2019-19959
ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind. El archivo ext/misc/zipfile.c en SQLite versión 3.30.1, maneja inapropiadamente ciertos usos de INSERT INTO en situaciones que involucran caracteres "\0" insertados en los nombres de archivo, conllevando a un error de administración de memoria que puede ser detectado por valgrind (por ejemplo). • https://github.com/sqlite/sqlite/commit/1e490c4ca6b43a9cf8637d695907888349f69bec https://github.com/sqlite/sqlite/commit/d8f2d46cbc9925e034a68aaaf60aad788d9373c1 https://security.netapp.com/advisory/ntap-20200204-0001 https://usn.ubuntu.com/4298-1 https://www.oracle.com/security-alerts/cpuapr2020.html https://access.redhat.com/security/cve/CVE-2019-19959 https://bugzilla.redhat.com/show_bug.cgi?id=1789595 • CWE-626: Null Byte Interaction Error (Poison Null Byte) •
CVE-2020-5310 – python-pillow: Integer overflow leading to buffer overflow in ImagingLibTiffDecode
https://notcve.org/view.php?id=CVE-2020-5310
libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc. El archivo libImaging/TiffDecode.c en Pillow versiones anteriores a la versión 6.2.2, tiene un desbordamiento de enteros de la decodificación TIFF, relacionado con realloc. • https://github.com/python-pillow/Pillow/commit/4e2def2539ec13e53a82e06c4b3daf00454100c4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html https://usn.ubuntu.com/4272-1 https://access.redhat.com/security/cve/CVE-2020-5310 https://bugzilla.redhat.com/show_bug.cgi?id& • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVE-2020-5311 – python-pillow: out-of-bounds write in expandrow in libImaging/SgiRleDecode.c
https://notcve.org/view.php?id=CVE-2020-5311
libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow. El archivo libImaging/SgiRleDecode.c en Pillow versiones anteriores a la versión 6.2.2, tiene un desbordamiento de búfer de SGI. An out-of-bounds write flaw was discovered in python-pillow in the way SGI RLE images are decoded. An application that uses python-pillow to decode untrusted images may be vulnerable to this flaw, which can allow an attacker to crash the application or potentially execute code on the system. • https://access.redhat.com/errata/RHSA-2020:0566 https://access.redhat.com/errata/RHSA-2020:0580 https://github.com/python-pillow/Pillow/commit/a79b65c47c7dc6fe623aadf09aa6192fc54548f3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html https://usn.ubuntu.com/4272-1 h • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVE-2020-5312 – python-pillow: improperly restricted operations on memory buffer in libImaging/PcxDecode.c
https://notcve.org/view.php?id=CVE-2020-5312
libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow. El archivo libImaging/PcxDecode.c en Pillow versiones anteriores a la versión 6.2.2, tiene un desbordamiento de búfer en modo PCX P. A flaw was discovered in python-pillow does where it does not properly restrict operations within the bounds of a memory buffer when decoding PCX images. An application that uses python-pillow to decode untrusted images may be vulnerable to this flaw, which can allow an attacker to crash the application or potentially execute code on the system. • https://access.redhat.com/errata/RHSA-2020:0566 https://access.redhat.com/errata/RHSA-2020:0578 https://access.redhat.com/errata/RHSA-2020:0580 https://access.redhat.com/errata/RHSA-2020:0681 https://access.redhat.com/errata/RHSA-2020:0683 https://access.redhat.com/errata/RHSA-2020:0694 https://github.com/python-pillow/Pillow/commit/93b22b846e0269ee9594ff71a72bec02d2bea8fd https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A https:/& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2020-5313 – python-pillow: out-of-bounds read in ImagingFliDecode when loading FLI images
https://notcve.org/view.php?id=CVE-2020-5313
libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow. El archivo libImaging/FliDecode.c en Pillow versiones anteriores a la versión 6.2.2, tiene un desbordamiento de búfer de FLI. An out-of-bounds read was discovered in python-pillow in the way it decodes FLI images. An application that uses python-pillow to load untrusted images may be vulnerable to this flaw, which can allow an attacker to read the memory of the application they should be not allowed to read. • https://github.com/python-pillow/Pillow/commit/a09acd0decd8a87ccce939d5ff65dab59e7d365b https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html https://usn.ubuntu.com/4272-1 https://www.debian.org/security/2020/dsa-4631 https://access.redhat.com/security/cve/CVE-2020-5 • CWE-125: Out-of-bounds Read •