CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-1000100
https://notcve.org/view.php?id=CVE-2018-1000100
06 Mar 2018 — GPAC MP4Box version 0.7.1 and earlier contains a Buffer Overflow vulnerability in src/isomedia/avc_ext.c lines 2417 to 2420 that can result in Heap chunks being modified, this could lead to RCE. This attack appear to be exploitable via an attacker supplied MP4 file that when run by the victim may result in RCE. GPAC MP4Box, en versiones 0.7.1 y anteriores, contiene una vulnerabilidad de desbordamiento de búfer en las líneas 2417 a 2420 de src/isomedia/avc_ext.cque puede resultar en la modificación de fragme... • https://github.com/gpac/gpac/issues/994 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 2CVE-2018-7456 – libtiff: NULL pointer dereference in tif_print.c:TIFFPrintDirectory() causes a denial of service
https://notcve.org/view.php?id=CVE-2018-7456
24 Feb 2018 — A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch.) Una desreferencia d... • http://bugzilla.maptools.org/show_bug.cgi?id=2778 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2018-6954
https://notcve.org/view.php?id=CVE-2018-6954
13 Feb 2018 — systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on. systemd-tmpfiles en systemd, hasta 237, gestiona de manera incorrecta los vínculos simbólicos presentes en componentes de ruta no terminales. Esto per... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2017-17669
https://notcve.org/view.php?id=CVE-2017-17669
13 Dec 2017 — There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp in Exiv2 0.26. A crafted PNG file will lead to a remote denial of service attack. Existe una sobrelectura de búfer basada en memoria dinámica (heap) en la función Exiv2::Internal::PngChunk::keyTXTChunk de pngchunk_int.cpp en la versión 0.26 de Exiv2. Un archivo PNG manipulado conducirá a un ataque remoto de denegación de servicio. • https://github.com/Exiv2/exiv2/issues/187 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 1CVE-2017-15873
https://notcve.org/view.php?id=CVE-2017-15873
24 Oct 2017 — The get_next_block function in archival/libarchive/decompress_bunzip2.c in BusyBox 1.27.2 has an Integer Overflow that may lead to a write access violation. La función get_next_block en archival/libarchive/decompress_bunzip2.c en BusyBox 1.27.2 tiene un desbordamiento de enteros que puede provocar una infracción de acceso de escritura. • https://bugs.busybox.net/show_bug.cgi?id=10431 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 2CVE-2017-15298
https://notcve.org/view.php?id=CVE-2017-15298
14 Oct 2017 — Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service (memory consumption) via a crafted repository, aka a Git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its attempt to build the data structure in memory before writing to disk. Git, en versiones hasta la 2.14.2 gestiona de manera incorrecta capas de objetos tipo árbol, lo que permite que atacantes remotos provoquen una denegación ... • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 1CVE-2017-2888
https://notcve.org/view.php?id=CVE-2017-2888
11 Oct 2017 — An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2.0.5. A specially crafted file can cause an integer overflow resulting in too little memory being allocated which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability. Existe una vulnerabilidad explotable de desbordamiento de enteros cuando se crea una nueva superficie RGB en SDL 2.0.5. Un archivo especialmente manipulado pue... • http://www.securityfocus.com/bid/101215 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2017-14864
https://notcve.org/view.php?id=CVE-2017-14864
28 Sep 2017 — An Invalid memory address dereference was discovered in Exiv2::getULong in types.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. Se ha descubierto una desreferencia de dirección de memoria inválida en la función Exiv2::getULong en types.cpp en la versión 0.26 de Exiv2. Esta vulnerabilidad causa un error de segmentación y el cierre inesperado de la aplicación, lo que da lugar a una denegación de servicio. • https://bugzilla.redhat.com/show_bug.cgi?id=1494467 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2017-14859
https://notcve.org/view.php?id=CVE-2017-14859
28 Sep 2017 — An Invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. Se ha descubierto una desreferencia de dirección de memoria inválida en la función Exiv2::StringValueBase::read en value.cpp en la versión 0.26 de Exiv2. Esta vulnerabilidad causa un error de segmentación y el cierre inesperado de la aplicación, lo que da lugar a una denegación de servicio. • https://bugzilla.redhat.com/show_bug.cgi?id=1494780 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2017-14862
https://notcve.org/view.php?id=CVE-2017-14862
28 Sep 2017 — An Invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. Se ha descubierto una desreferencia de dirección de memoria inválida en la función Exiv2::DataValue::read en value.cpp en la versión 0.26 de Exiv2. Esta vulnerabilidad causa un error de segmentación y el cierre inesperado de la aplicación, lo que da lugar a una denegación de servicio. • https://bugzilla.redhat.com/show_bug.cgi?id=1494786 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •