Page 122 of 1833 results (0.048 seconds)

CVSS: 9.8EPSS: 2%CPEs: 5EXPL: 1

In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference. En GNOME GLib 2.56.1, g_markup_parse_context_end_parse() en gmarkup.c tiene una desreferencia de puntero NULL. • http://www.openwall.com/lists/oss-security/2020/02/14/3 http://www.securityfocus.com/bid/105210 https://gitlab.gnome.org/GNOME/glib/commit/fccef3cc822af74699cca84cd202719ae61ca3b9 https://gitlab.gnome.org/GNOME/glib/issues/1364 https://lists.debian.org/debian-lts-announce/2019/07/msg00029.html https://usn.ubuntu.com/3767-1 https://usn.ubuntu.com/3767-2 • CWE-476: NULL Pointer Dereference •

CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 1

Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile. Little CMS (también conocido como Little Color Management System) 2.9 tiene un desbordamiento de enteros en la función AllocateDataSet en cmscgats.c que conduce a un desbordamiento de búfer basado en memoria dinámica (heap) en la función SetData mediante un archivo manipulado en el segundo argumento en cmsIT8LoadFromFile. • https://access.redhat.com/errata/RHSA-2018:3004 https://github.com/mm2/Little-CMS/commit/768f70ca405cd3159d990e962d54456773bb8cf8 https://github.com/mm2/Little-CMS/issues/171 https://lists.debian.org/debian-lts-announce/2018/09/msg00005.html https://security.gentoo.org/glsa/202105-18 https://usn.ubuntu.com/3770-1 https://usn.ubuntu.com/3770-2 https://www.debian.org/security/2018/dsa-4284 https://access.redhat.com/security/cve/CVE-2018-16435 https://bugzilla.redhat.com/sh • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1

GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str(). GNOME GLib 2.56.1 tiene una vulnerabilidad de lectura fuera de límites en g_markup_parse_context_parse() en gmarkup.c, relacionada con utf8_str(). • https://gitlab.gnome.org/GNOME/glib/commit/cec71705406f0b2790422f0c1aa0ff3b4b464b1b https://gitlab.gnome.org/GNOME/glib/issues/1361 https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E https://lists.debian.org/debian-lts-announce/2019/07/msg00029.html https://usn.ubuntu.com/3767-1 https://usn.ubuntu.com/3767-2 • CWE-125: Out-of-bounds Read •

CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0

Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file, a different vulnerability than CVE-2018-10999. Exiv2::Internal::PngChunk::parseTXTChunk en Exiv2 v0.26 permite que atacantes remotos provoquen una denegación de servicio (sobrelectura de búfer basada en memoria dinámica o heap) mediante un archivo de imagen manipulado. Esta vulnerabilidad es diferente de CVE-2018-10999. • https://github.com/Exiv2/exiv2/issues/400 https://lists.debian.org/debian-lts-announce/2018/10/msg00012.html https://usn.ubuntu.com/3852-1 • CWE-125: Out-of-bounds Read •

CVSS: 6.5EPSS: 29%CPEs: 7EXPL: 1

ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data. ReadXBMImage en coders/xbm.c en ImageMagick en versiones anteriores a la 7.0.8-9 deja los datos sin inicializar al procesar un archivo XBM que tiene un valor de pixel negativo. Si el código afectado se emplea como biblioteca cargada en un proceso que incluye información sensible, esa información a veces puede filtrarse mediante los datos de imagen. ImageMagick versions prior to 7.0.8-9 suffers from a memory leak vulnerability. • https://www.exploit-db.com/exploits/45890 https://github.com/ImageMagick/ImageMagick/commit/216d117f05bff87b9dc4db55a1b1fadb38bcb786 https://usn.ubuntu.com/3785-1 https://usn.ubuntu.com/4034-1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •