Page 104 of 703 results (0.012 seconds)

CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1

CVE-2022-28048

https://notcve.org/view.php?id=CVE-2022-28048

STB v2.27 was discovered to contain an integer shift of invalid size in the component stbi__jpeg_decode_block_prog_ac. Se ha detectado que STB versión v2.27, contiene un desplazamiento de enteros de tamaño no válido en el componente stbi__jpeg_decode_block_prog_ac • https://github.com/nothings/stb/issues/1293 https://github.com/nothings/stb/pull/1297 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5FXLM5XL77SNH4IPTSXOQD7XL4E2EMIN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I4HXIWU5HBOADXZVMREHT4YTO5WVYXEQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MMBCMJGAZRQS55SNECUWZSC5URVLEZ5R • CWE-682: Incorrect Calculation •

CVSS: 6.5EPSS: 1%CPEs: 5EXPL: 1

CVE-2022-28041

https://notcve.org/view.php?id=CVE-2022-28041

stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors. Se ha detectado que stb_image.h versión v2.27, contiene un desbordamiento de enteros por medio de la función stbi__jpeg_decode_block_prog_dc. Esta vulnerabilidad permite a atacantes causar una Denegación de Servicio (DoS) por medio de vectores no especificados • https://github.com/nothings/stb/issues/1292 https://github.com/nothings/stb/pull/1297 https://lists.debian.org/debian-lts-announce/2023/01/msg00045.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2G6JJJQ5JABTPF5H2L5FQGLILYLIGPW6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/52ZIQAFEG7A6TO526OJ7OA4GSEZQ2WEG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5FXLM5XL77SNH4IPTSXOQD7XL4E2EMIN https: • CWE-190: Integer Overflow or Wraparound •

CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 1

CVE-2022-28042

https://notcve.org/view.php?id=CVE-2022-28042

stb_image.h v2.27 was discovered to contain an heap-based use-after-free via the function stbi__jpeg_huff_decode. Se ha detectado que stb_image.h versión v2.27, contenía un uso de memoria previamente liberada en la región heap de la memoria por medio de la función stbi__jpeg_huff_decode • https://github.com/nothings/stb/issues/1289 https://github.com/nothings/stb/pull/1297 https://lists.debian.org/debian-lts-announce/2023/01/msg00045.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5FXLM5XL77SNH4IPTSXOQD7XL4E2EMIN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I4HXIWU5HBOADXZVMREHT4YTO5WVYXEQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MMBCMJGAZRQS55SNECUWZSC5URVLEZ5R • CWE-416: Use After Free •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1

CVE-2022-1328 – mutt: buffer overflow in uudecoder function

https://notcve.org/view.php?id=CVE-2022-1328

Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line Un Desbordamiento del Búfer en uudecoder en Mutt afectando a todas las versiones a partir de 0.94.13 antes de 2.2.3 permite leer más allá del final de la línea de entrada A flaw was found in mutt. When reading unencoded messages, mutt uses the line length from the untrusted input without any validation. This flaw allows an attacker to craft a malicious message, which leads to an out-of-bounds read, causing data leaks that include fragments of other unrelated messages. In mutt_decode_uuencoded(), the line length is read from the untrusted uuencoded part without validation. This could result in including private memory in replys, for example fragments of other messages, passphrases or keys. • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1328.json https://gitlab.com/muttmua/mutt/-/commit/e5ed080c00e59701ca62ef9b2a6d2612ebf765a5 https://gitlab.com/muttmua/mutt/-/issues/404 https://access.redhat.com/security/cve/CVE-2022-1328 https://bugzilla.redhat.com/show_bug.cgi?id=2076058 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0

CVE-2022-24828 – Missing input validation can lead to command execution in composer

https://notcve.org/view.php?id=CVE-2022-24828

Composer is a dependency manager for the PHP programming language. Integrators using Composer code to call `VcsDriver::getFileContent` can have a code injection vulnerability if the user can control the `$file` or `$identifier` argument. This leads to a vulnerability on packagist.org for example where the composer.json's `readme` field can be used as a vector for injecting parameters into hg/Mercurial via the `$file` argument, or git via the `$identifier` argument if you allow arbitrary data there (Packagist does not, but maybe other integrators do). Composer itself should not be affected by the vulnerability as it does not call `getFileContent` with arbitrary data into `$file`/`$identifier`. To the best of our knowledge this was not abused, and the vulnerability has been patched on packagist.org and Private Packagist within a day of the vulnerability report. • https://github.com/composer/composer/commit/2c40c53637c5c7e43fff7c09d3d324d632734709 https://github.com/composer/composer/security/advisories/GHSA-x7cr-6qr6-2hh6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/625MT3IKWKFVIWLSYZFSXHVUA2LES7YQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GWT6LDSRY7SFMTDZWJ4MS2ZBXHL7VQEF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QD7JQWL6C4GVROO25DTXWYWM6BPOPPCG https://www.tenable.com& • CWE-20: Improper Input Validation CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •