CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 3CVE-2022-28506
https://notcve.org/view.php?id=CVE-2022-28506
There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RGB() in gif2rgb.c:298:45. Se presenta un desbordamiento del búfer de la pila en la función DumpScreen2RGB() de GIFLIB versión 5.2.1 en gif2rgb.c:298:45 • https://github.com/verf1sh/Poc/blob/master/asan_report_giflib.png https://github.com/verf1sh/Poc/blob/master/giflib_poc https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4CJSHXBD2RS5OJNWSHQZVMTQCCTIPYS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEAFUZXOOJJVFYRQM6IIJ7LMLEKCCESG https://sourceforge.net/p/giflib/bugs/159 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 1CVE-2022-27404 – FreeType: Buffer overflow in sfnt_init_face
https://notcve.org/view.php?id=CVE-2022-27404
FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face. Se ha detectado que el commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f de FreeType contenía un desbordamiento del búfer de la pila por medio de la función sfnt_init_face A heap buffer overflow flaw was found in Freetype’s sfnt_init_face() function in the sfobjs.c file. The vulnerability occurs when creating a face with a strange file and invalid index. This flaw allows an attacker to read a small amount of memory, causing the application to crash. • https://gitlab.freedesktop.org/freetype/freetype/-/issues/1138 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EFPNRKDLCXHZVYYQLQMP44UHLU32GA6Z https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FDU2FOEMCEF6WVR6ZBIH5MT5O7FAK6UP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWQ7IB2A75MEHM63WEUXBYEC7OR5SGDY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYVC2NPKKXKP3TWJWG4ONYWNO6ZPHLA • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-27405 – FreeType: Segmentation violation via FNT_Size_Request
https://notcve.org/view.php?id=CVE-2022-27405
FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request. Se ha detectado que el commit 53dfdcd8198d2b3201a23c4bad9190519ba918db de FreeType contenía una violación de segmentación por medio de la función FNT_Size_Request A segmentation fault was found in the FreeType library. This flaw allows an attacker to attempt access to a memory location in a way that could cause an application to halt or crash, leading to a denial of service. • http://freetype.com https://gitlab.freedesktop.org/freetype/freetype/-/issues/1139 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EFPNRKDLCXHZVYYQLQMP44UHLU32GA6Z https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FDU2FOEMCEF6WVR6ZBIH5MT5O7FAK6UP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWQ7IB2A75MEHM63WEUXBYEC7OR5SGDY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/me • CWE-125: Out-of-bounds Read CWE-824: Access of Uninitialized Pointer •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2022-27406 – Freetype: Segmentation violation via FT_Request_Size
https://notcve.org/view.php?id=CVE-2022-27406
FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Size. Se ha detectado que el commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 de FreeType contenía una violación de segmentación por medio de la función FT_Request_Size A segmentation fault was found in FreeType’s FT_Request_Size() function in the ftobjs.c file. This flaw allows an attacker to access a memory location in a way that could cause an application to halt or crash, leading to a denial of service. • http://freetype.com https://gitlab.freedesktop.org/freetype/freetype/-/issues/1140 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EFPNRKDLCXHZVYYQLQMP44UHLU32GA6Z https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FDU2FOEMCEF6WVR6ZBIH5MT5O7FAK6UP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWQ7IB2A75MEHM63WEUXBYEC7OR5SGDY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/me • CWE-125: Out-of-bounds Read CWE-824: Access of Uninitialized Pointer •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-29536
https://notcve.org/view.php?id=CVE-2022-29536
In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered. En GNOME Epiphany versiones anteriores a 41.4 y versiones 42.x anteriores a 42.2, un documento HTML puede desencadenar un desbordamiento del búfer del cliente (en ephy_string_shorten en el proceso de la interfaz de usuario) por medio de un título de página largo. El problema es producido porque el número de bytes para un carácter de elipsis UTF-8 no es considerado apropiadamente • https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1106 https://lists.debian.org/debian-lts-announce/2022/08/msg00006.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLLDMY4JYDZTMZSCPSY23K5YW3SQYUR6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N7YWVIUGFRA6GOE3QAPSJJ6EL3DJG5NX https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5K5UPNHVWXDPSMBNSB2645MD2N5CXQS https://www.debian.org/security/ • CWE-787: Out-of-bounds Write •