CVSS: 8.1EPSS: 1%CPEs: 11EXPL: 1CVE-2018-20547
https://notcve.org/view.php?id=CVE-2018-20547
28 Dec 2018 — There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for 24bpp data. Hay un acceso de LECTURA ilegal en la memoria en caca/dither.c (función get_rgba_default) en libcaca 0.99.beta19 para los datos 24bpp. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00033.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 1CVE-2018-20548 – Ubuntu Security Notice USN-3860-1
https://notcve.org/view.php?id=CVE-2018-20548
28 Dec 2018 — There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 1bpp data. Hay un acceso de ESCRITURA ilegal en la memoria en common-image.c (función load_image) en libcaca 0.99.beta19 para los datos 1bpp. It was discovered that libcaca incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service. It was discovered that libcaca incorrectly handled certain images. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00033.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 1CVE-2018-20549
https://notcve.org/view.php?id=CVE-2018-20549
28 Dec 2018 — There is an illegal WRITE memory access at caca/file.c (function caca_file_read) in libcaca 0.99.beta19. Hay un acceso de ESCRITURA ilegal en la memoria en caca/file.c (función caca_file_read) en libcaca 0.99.beta19. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00033.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 1%CPEs: 9EXPL: 1CVE-2018-19539
https://notcve.org/view.php?id=CVE-2018-19539
26 Nov 2018 — An issue was discovered in JasPer 2.0.14. There is an access violation in the function jas_image_readcmpt in libjasper/base/jas_image.c, leading to a denial of service. Se ha descubierto un problema en JasPer 2.0.14. Hay una violación de acceso en la función jas_image_readcmpt en libjasper/base/jas_image.c, provocando una denegación de servicio (DoS). • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00004.html • CWE-617: Reachable Assertion •
CVSS: 6.5EPSS: 1%CPEs: 10EXPL: 1CVE-2018-19542 – Ubuntu Security Notice USN-4688-1
https://notcve.org/view.php?id=CVE-2018-19542
26 Nov 2018 — An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function jp2_decode in libjasper/jp2/jp2_dec.c, leading to a denial of service. Se ha descubierto un problema en JasPer 2.0.14. Hay una desreferencia de puntero NULL en la función jp2_decode en libjasper/jp2/jp2_dec.c, provocando una denegación de servicio (DoS). It was discovered that Jasper incorrectly certain files. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00004.html • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 1CVE-2018-18521 – elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c
https://notcve.org/view.php?id=CVE-2018-18521
19 Oct 2018 — Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled. Vulnerabilidades de división entre cero en la función arlib_add_symbols() en arlib.c en elfutils 0.174 permiten que los atacantes remotos provoquen una denegación de servicio (cierre inesperado de la aplicación) con un archivo ELF manipulado, tal y... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html • CWE-369: Divide By Zero •
CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 1CVE-2018-18520 – elfutils: eu-size cannot handle recursive ar files
https://notcve.org/view.php?id=CVE-2018-18520
19 Oct 2018 — An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file. Existe una desreferencia de dirección de memoria inválida en la función elf_end en elfutils hasta la versión v0.174. Aunque se supone que eu-size sopo... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 1CVE-2018-18310 – elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl
https://notcve.org/view.php?id=CVE-2018-18310
15 Oct 2018 — An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes. Se ha descubierto una desreferencia de dirección de memoria inválida en dwfl_segment_report_module.c en libdwfl en elfutils 0.4.8 hasta la versión v0.174. La vulnerabilidad permite que los atacantes provoquen una denegación de servicio (cierre ... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 1%CPEs: 10EXPL: 1CVE-2018-16402 – elfutils: Double-free due to double decompression of sections in crafted ELF causes crash
https://notcve.org/view.php?id=CVE-2018-16402
03 Sep 2018 — libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice. libelf/elf_end.c en elfutils 0.173 permite que atacantes remotos provoquen una denegación de servicio (doble liberación y cierre inesperado de la aplicación) o, probablemente, cualquier otro tipo de problema debido a que trata de descomprimir dos veces. The elfutils packages contain a number of utility prog... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2018-16062 – elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file
https://notcve.org/view.php?id=CVE-2018-16062
29 Aug 2018 — dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file. dwarf_getaranges en dwarf_getaranges.c en libdw en elfutils en versiones anteriores al 18/08/2018 permite que atacantes remotos provoquen una denegación de servicio (sobrelectura de búfer basada en memoria dinámica o heap) mediante un archivo manipulado. An out-of-bounds read was discovered in elfutils in the way it reads DWARF a... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html • CWE-125: Out-of-bounds Read •