CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20298
https://notcve.org/view.php?id=CVE-2021-20298
A flaw was found in OpenEXR's B44Compressor. This flaw allows an attacker who can submit a crafted file to be processed by OpenEXR, to exhaust all memory accessible to the application. The highest threat from this vulnerability is to system availability. Se ha encontrado un fallo en B44Compressor de OpenEXR. Este fallo permite a un atacante que puede enviar un archivo diseñado para ser procesado por OpenEXR, agotar toda la memoria accesible a la aplicación. • https://access.redhat.com/security/cve/CVE-2021-20298 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25913 https://bugzilla.redhat.com/show_bug.cgi?id=1939156 https://github.com/AcademySoftwareFoundation/openexr/commit/85fd638ae0d5fa132434f4cbf32590261c1dba97 https://github.com/AcademySoftwareFoundation/openexr/pull/843 https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html • CWE-400: Uncontrolled Resource Consumption CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-35511
https://notcve.org/view.php?id=CVE-2020-35511
A global buffer overflow was discovered in pngcheck function in pngcheck-2.4.0(5 patches applied) via a crafted png file. Se ha detectado un desbordamiento de búfer global en la función pngcheck en pngcheck versión 2.4.0 (5 parches aplicados) por medio de un archivo png diseñado. • http://www.libpng.org/pub/png/apps/pngcheck.html https://lists.debian.org/debian-lts-announce/2022/12/msg00024.html https://www.debian.org/security/2022/dsa-5300 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-126: Buffer Over-read •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-2946 – Use After Free in vim/vim
https://notcve.org/view.php?id=CVE-2022-2946
Use After Free in GitHub repository vim/vim prior to 9.0.0246. Un Uso de Memoria Previamente Liberada en el repositorio GitHub vim/vim versiones anteriores a 9.0.0246. • https://github.com/vim/vim/commit/adce965162dd89bf29ee0e5baf53652e7515762c https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C72HDIMR3KTTAO7QGTXWUMPBNFUFIBRD https://security.gentoo.org/glsa/202305-16 • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 1CVE-2020-27792 – Ghostscript: heap buffer over write vulnerability in ghostscript's lp8000_print_page() in gdevlp8k.c
https://notcve.org/view.php?id=CVE-2020-27792
A heap-based buffer overwrite vulnerability was found in GhostScript's lp8000_print_page() function in the gdevlp8k.c file. This flaw allows an attacker to trick a user into opening a crafted PDF file, triggering the heap buffer overflow that could lead to memory corruption or a denial of service. Se encontró una vulnerabilidad de escritura excesiva en el búfer en la región heap de la memoria en la función lp8000_print_page() de GhostScript en el archivo gdevlp8k.c. Un atacante podría engañar a un usuario para que abriera un archivo PDF diseñado, desencadenando el desbordamiento del búfer de la pila que podría conllevar la corrupción de la memoria o una denegación de servicio. • https://access.redhat.com/security/cve/CVE-2020-27792 https://bugs.ghostscript.com/show_bug.cgi?id=701844 https://bugzilla.redhat.com/show_bug.cgi?id=2247179 https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=4f6bc662909ab79e8fbe9822afb36e8a0eafc2b7 https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4f6bc662909ab79e8fbe9822afb36e8a0eafc2b7 https://lists.debian.org/debian-lts-announce/2022/09/msg00005.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0CVE-2022-32893 – Apple iOS and macOS Out-of-Bounds Write Vulnerability
https://notcve.org/view.php?id=CVE-2022-32893
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Se abordó un problema de escritura fuera de límites con una comprobación de límites mejorada. • http://seclists.org/fulldisclosure/2022/Aug/16 http://seclists.org/fulldisclosure/2022/Oct/49 http://www.openwall.com/lists/oss-security/2022/08/25/5 http://www.openwall.com/lists/oss-security/2022/08/26/2 http://www.openwall.com/lists/oss-security/2022/08/29/1 http://www.openwall.com/lists/oss-security/2022/08/29/2 http://www.openwall.com/lists/oss-security/2022/09/02/10 http://www.openwall.com/lists/oss-security/2022/09/13/1 https://lis • CWE-787: Out-of-bounds Write •