CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2020-5311 – python-pillow: out-of-bounds write in expandrow in libImaging/SgiRleDecode.c
https://notcve.org/view.php?id=CVE-2020-5311
libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow. El archivo libImaging/SgiRleDecode.c en Pillow versiones anteriores a la versión 6.2.2, tiene un desbordamiento de búfer de SGI. An out-of-bounds write flaw was discovered in python-pillow in the way SGI RLE images are decoded. An application that uses python-pillow to decode untrusted images may be vulnerable to this flaw, which can allow an attacker to crash the application or potentially execute code on the system. • https://access.redhat.com/errata/RHSA-2020:0566 https://access.redhat.com/errata/RHSA-2020:0580 https://github.com/python-pillow/Pillow/commit/a79b65c47c7dc6fe623aadf09aa6192fc54548f3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html https://usn.ubuntu.com/4272-1 h • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 1%CPEs: 9EXPL: 0CVE-2020-5312 – python-pillow: improperly restricted operations on memory buffer in libImaging/PcxDecode.c
https://notcve.org/view.php?id=CVE-2020-5312
libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow. El archivo libImaging/PcxDecode.c en Pillow versiones anteriores a la versión 6.2.2, tiene un desbordamiento de búfer en modo PCX P. A flaw was discovered in python-pillow does where it does not properly restrict operations within the bounds of a memory buffer when decoding PCX images. An application that uses python-pillow to decode untrusted images may be vulnerable to this flaw, which can allow an attacker to crash the application or potentially execute code on the system. • https://access.redhat.com/errata/RHSA-2020:0566 https://access.redhat.com/errata/RHSA-2020:0578 https://access.redhat.com/errata/RHSA-2020:0580 https://access.redhat.com/errata/RHSA-2020:0681 https://access.redhat.com/errata/RHSA-2020:0683 https://access.redhat.com/errata/RHSA-2020:0694 https://github.com/python-pillow/Pillow/commit/93b22b846e0269ee9594ff71a72bec02d2bea8fd https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A https:/& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.2EPSS: 0%CPEs: 9EXPL: 0CVE-2020-5313 – python-pillow: out-of-bounds read in ImagingFliDecode when loading FLI images
https://notcve.org/view.php?id=CVE-2020-5313
libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow. El archivo libImaging/FliDecode.c en Pillow versiones anteriores a la versión 6.2.2, tiene un desbordamiento de búfer de FLI. An out-of-bounds read was discovered in python-pillow in the way it decodes FLI images. An application that uses python-pillow to load untrusted images may be vulnerable to this flaw, which can allow an attacker to read the memory of the application they should be not allowed to read. • https://github.com/python-pillow/Pillow/commit/a09acd0decd8a87ccce939d5ff65dab59e7d365b https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html https://usn.ubuntu.com/4272-1 https://www.debian.org/security/2020/dsa-4631 https://access.redhat.com/security/cve/CVE-2020-5 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2020-5395 – fontforge: out-of-bounds write in SFD_GetFontMetaData function in sfd.c
https://notcve.org/view.php?id=CVE-2020-5395
FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd.c. FontForge versión 20190801, tiene un uso de la memoria previamente liberada de la función SFD_GetFontMetaData en el archivo sfd.c. An out-of-bounds write was discovered in fontforge while parsing SFD files containing very large LayerCount tokens. The flaw allows an attacker to overwrite data before a buffer allocated on the heap, thus causing the application to crash or execute arbitrary code. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00041.html https://github.com/fontforge/fontforge/issues/4084 https://lists.debian.org/debian-lts-announce/2024/03/msg00007.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2S75EAVF4KPCH3WFBMZADUAU7EAXA7ZQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MH6PKVQLBKIO7LQPDXB3MKI5I6AMDCN6 https://security.gentoo.org/glsa/202004-14 https://access.redhat.com/security/cve&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-20176
https://notcve.org/view.php?id=CVE-2019-20176
In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir function in ls.c. En Pure-FTPd versión 1.0.49, Se descubrió un problema de agotamiento de la pila en la función listdir en el archivo ls.c. • https://github.com/jedisct1/pure-ftpd/commit/aea56f4bcb9948d456f3fae4d044fd3fa2e19706 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AHZG5FPCRMCB6Z3L7FPICC6BZ5ZATFTO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PICL3U2J4EPGBLOE555Y5RAZTQL3WBBV • CWE-400: Uncontrolled Resource Consumption •