CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2019-13283
https://notcve.org/view.php?id=CVE-2019-13283
In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in strncpy from FoFiType1::parse in fofi/FoFiType1.cc because it does not ensure the source string has a valid length before making a fixed-length copy. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact. En Xpdf versión 4.01.01, se podría desencadenar una lectura excesiva del búfer en la región heap de la memoria en la función strncpy desde FoFiType1::parse en fofi/FoFiType1.cc porque no garantiza que la cadena de origen tenga una longitud válida antes de realizar una copia de longitud fija. Por ejemplo, puede activarse enviando un documento PDF elaborado a la herramienta pdftotext. • https://forum.xpdfreader.com/viewtopic.php?f=3&t=41843 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2019-13282
https://notcve.org/view.php?id=CVE-2019-13282
In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in SampledFunction::transform in Function.cc when using a large index for samples. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact. In Xpdf versión 4.01.01, se podría desencadenar una lectura excesiva del búfer en la región heap de la memoria en la función en SampledFunction::transform en Function.cc cuando se utiliza un índice grande para muestras. Por ejemplo, puede activarse enviando un documento PDF elaborado a la herramienta pdftotext. • https://forum.xpdfreader.com/viewtopic.php?f=3&t=41842 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2019-13281
https://notcve.org/view.php?id=CVE-2019-13281
In Xpdf 4.01.01, a heap-based buffer overflow could be triggered in DCTStream::decodeImage() in Stream.cc when writing to frameBuf memory. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service, an information leak, or possibly unspecified other impact. En Xpdf versión 4.01.01, se podría desencadenar una vulnerabilidad de desbordamiento de búfer basado en memoria dinámica (heap) en DCTStream::decodeImage() en Stream.cc cuando se escribe en la memoria frameBuf. Esto puede, por ejemplo, activarse mediante el envío de un documento PDF especialmente diseñado para la herramienta pdftotext tool. • https://forum.xpdfreader.com/viewtopic.php?f=3&t=41841 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT • CWE-787: Out-of-bounds Write •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2019-13226
https://notcve.org/view.php?id=CVE-2019-13226
deepin-clone before 1.1.3 uses a predictable path /tmp/.deepin-clone/mount/<block-dev-basename> in the Helper::temporaryMountDevice() function to temporarily mount a file system as root. An unprivileged user can prepare a symlink at this location to have the file system mounted in an arbitrary location. By winning a race condition, the attacker can also enter the mount point, thereby preventing a subsequent unmount of the file system. deepin-clone anterior a versión 1.1.3, usa una ruta predecible /tmp/.deepin-clone/mount/ en la función Helper::temporaryMountDevice() para montar temporalmente un sistema de archivos como root. Un usuario sin privilegios puede preparar un enlace simbólico en esta ubicación para que el sistema de archivos sea montado en una ubicación arbitraria. Al ganar una condición de carrera, el atacante también puede ingresar al punto de montaje, lo que impide un desmontaje posterior del sistema de archivos. • http://www.openwall.com/lists/oss-security/2019/07/04/1 https://bugzilla.suse.com/show_bug.cgi?id=1130388 https://github.com/linuxdeepin/deepin-clone/commit/e079f3e2712b4f8c28e3e63e71ba1a1f90fce1ab https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TCHGRJV5CWTMYEE5B5C2FNMCFVP45S7H • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.8EPSS: 3%CPEs: 5EXPL: 0CVE-2019-7165
https://notcve.org/view.php?id=CVE-2019-7165
A buffer overflow in DOSBox 0.74-2 allows attackers to execute arbitrary code. Un desbordamiento de búfer en DOSBox versión 0.74-2 permite a los atacantes ejecutar código arbitrario. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00053.html https://lists.debian.org/debian-lts-announce/2019/07/msg00004.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PYV27Z3QZTDHUZJLW3LDJYO7HBVIMJ5F https://seclists.org/bugtraq/2019/Jul/14 https://security-tracker.debian.org/tracker/CVE-2019-7165 https://www.debian.org/security/2019/dsa-4478 https://www.dosb • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •