CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 1CVE-2021-3561
https://notcve.org/view.php?id=CVE-2021-3561
An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could allow an attacker to provide a crafted malicious input causing the application to either crash or in some cases cause memory corruption. The highest threat from this vulnerability is to integrity as well as system availability. Se encontró un fallo Fuera de Límites en fig2dev versión 3.2.8a. Una comprobación de límites fallida en la función read_objects() podría permitir a un atacante proporcionar una entrada maliciosa diseñada que haga a la aplicación bloquearse o, en algunos casos, causar una corrupción en la memoria. • https://bugzilla.redhat.com/show_bug.cgi?id=1955675 https://lists.debian.org/debian-lts-announce/2021/10/msg00002.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C44WSY5KAQXC3Y2NMSVXXZS3M5U5U2E6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JKMOIQX6GULVSYXLYW5JQY6KJNTWV3E4 https://sourceforge.net/p/mcj/fig2dev/ci/6827c09d2d6491cb2ae3ac7196439ff3aa791fd9 https://sourceforge.net/p/mcj/tickets/116 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2021-20196 – QEMU: block: fdc: null pointer dereference may lead to guest crash
https://notcve.org/view.php?id=CVE-2021-20196
A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while processing read/write ioport commands if the selected floppy drive is not initialized with a block device. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. Se encontró un fallo de desreferencia de puntero NULL en el emulador floppy disk de QEMU. • https://bugs.launchpad.net/qemu/+bug/1912780 https://lists.debian.org/debian-lts-announce/2022/04/msg00002.html https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://security.netapp.com/advisory/ntap-20210708-0004 https://www.openwall.com/lists/oss-security/2021/01/28/1 https://access.redhat.com/security/cve/CVE-2021-20196 https://bugzilla.redhat.com/show_bug.cgi?id=1919210 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-3527
https://notcve.org/view.php?id=CVE-2021-3527
A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array (VLA) on the stack without proper validation. Since the total size is not bounded, a malicious guest could use this flaw to influence the array length and cause the QEMU process to perform an excessive allocation on the stack, resulting in a denial of service. Se encontró un fallo en el dispositivo redirector USB (usb-redir) de QEMU. • https://bugzilla.redhat.com/show_bug.cgi?id=1955695 https://gitlab.com/qemu-project/qemu/-/commit/05a40b172e4d691371534828078be47e7fff524c https://gitlab.com/qemu-project/qemu/-/commit/7ec54f9eb62b5d177e30eb8b1cad795a5f8d8986 https://lists.debian.org/debian-lts-announce/2021/09/msg00000.html https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://security.gentoo.org/glsa/202208-27 https://security.netapp.com/advisory/ntap-20210708-0008 https://www.openwall.com/lists/oss-security/ • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2020-22028
https://notcve.org/view.php?id=CVE-2020-22028
Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_vertically_8 at libavfilter/vf_avgblur.c, which could cause a remote Denial of Service. Se presenta una vulnerabilidad de Desbordamiento del Búfer en FFmpeg versión 4.2 en la función filter_vertically_8 en el archivo libavfilter/vf_avgblur.c, que podría causar una Denegación de Servicio remota • https://lists.debian.org/debian-lts-announce/2021/08/msg00018.html https://trac.ffmpeg.org/ticket/8274 https://www.debian.org/security/2021/dsa-4990 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2020-22026
https://notcve.org/view.php?id=CVE-2020-22026
Buffer Overflow vulnerability exists in FFmpeg 4.2 in the config_input function at libavfilter/af_tremolo.c, which could let a remote malicious user cause a Denial of Service. Se presenta una vulnerabilidad de Desbordamiento del Búfer en FFmpeg versión 4.2, en la función config_input en el archivo libavfilter/af_tremolo.c, que podría permitir a un usuario malicioso remoto causar una Denegación de Servicio • https://lists.debian.org/debian-lts-announce/2021/08/msg00018.html https://trac.ffmpeg.org/ticket/8317 https://www.debian.org/security/2021/dsa-4990 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •