CVE-2019-18804
https://notcve.org/view.php?id=CVE-2019-18804
DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp. DjVuLibre versión 3.5.27, presenta una desreferencia del puntero NULL en la función DJVU::filter_fv en el archivo IW44EncodeCodec.cpp. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00068.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00069.html https://github.com/TeamSeri0us/pocs/blob/master/djvulibre/DJVU__filter_fv%40IW44EncodeCodec.cpp_499-43___SEGV_UNKNOW.md https://lists.debian.org/debian-lts-announce/2019/11/msg00004.html https://lists.debian.org/debian-lts-announce/2021/05/msg00022.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JO65AW • CWE-476: NULL Pointer Dereference •
CVE-2019-18786
https://notcve.org/view.php?id=CVE-2019-18786
In the Linux kernel through 5.3.8, f->fmt.sdr.reserved is uninitialized in rcar_drif_g_fmt_sdr_cap in drivers/media/platform/rcar_drif.c, which could cause a memory disclosure problem. En el kernel de Linux versiones hasta 5.3.8, f->fmt.sdr.reserved no se inicializa en la función rcar_drif_g_fmt_sdr_cap en el archivo drivers/media/platform/rcar_drif.c, lo que podría causar un problema de divulgación de memoria. • https://patchwork.linuxtv.org/patch/59542 https://usn.ubuntu.com/4284-1 https://usn.ubuntu.com/4285-1 https://usn.ubuntu.com/4287-1 https://usn.ubuntu.com/4287-2 • CWE-908: Use of Uninitialized Resource •
CVE-2019-18683
https://notcve.org/view.php?id=CVE-2019-18683
An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free. • https://github.com/sanjana123-cloud/CVE-2019-18683 http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html http://www.openwall.com/lists/oss-security/2019/11/05/1 https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html https://lore.kernel.org/lkml/20191103221719.27118-1-alex.popov%40linux.com https://seclists.org/bugtraq/2020/Jan/10 https://security.net • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVE-2019-15790 – Apport reads PID files with elevated privileges
https://notcve.org/view.php?id=CVE-2019-15790
Apport reads and writes information on a crashed process to /proc/pid with elevated privileges. Apport then determines which user the crashed process belongs to by reading /proc/pid through get_pid_info() in data/apport. An unprivileged user could exploit this to read information about a privileged running process by exploiting PID recycling. This information could then be used to obtain ASLR offsets for a process with an existing memory corruption vulnerability. The initial fix introduced regressions in the Python Apport library due to a missing argument in Report.add_proc_environ in apport/report.py. • http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html https://bugs.launchpad.net/apport/+bug/1854237 https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1839795 https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1850929 https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1851806 https://usn.ubuntu.com/4171-1 https://usn.ubuntu.com/4171-2 https://usn.ubuntu.com/4171-3 https://usn.ubuntu.com/4171-4 https://usn.u • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •
CVE-2019-11483
https://notcve.org/view.php?id=CVE-2019-11483
Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. Sander Bos detectó que Apport manejó inapropiadamente los vertederos accidentales procedentes de contenedores. Esto podría ser utilizado por un atacante local para generar un reporte de bloqueo para un proceso privilegiado que pueda ser leído por un usuario no privilegiado. • https://usn.ubuntu.com/usn/usn-4171-1 https://usn.ubuntu.com/usn/usn-4171-2 •