Page 138 of 1100 results (0.007 seconds)

CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 2

CVE-2021-45942

https://notcve.org/view.php?id=CVE-2021-45942

OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute (called from IlmThread_3_1::NullThreadPoolProvider::addTask and IlmThread_3_1::ThreadPool::addGlobalTask). NOTE: db217f2 may be inapplicable. OpenEXR versión 3.1.x anterior a la versión 3.1.4 tiene un desbordamiento de búfer basado en la pila en Imf_3_1::LineCompositeTask::execute (llamado desde IlmThread_3_1::NullThreadPoolProvider::addTask e IlmThread_3_1::ThreadPool::addGlobalTask). NOTA: db217f2 puede ser inaplicable • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41416 https://github.com/AcademySoftwareFoundation/openexr/blob/v3.1.4/CHANGES.md#version-314-january-26-2022 https://github.com/AcademySoftwareFoundation/openexr/commit/11cad77da87c4fa2aab7d58dd5339e254db7937e https://github.com/AcademySoftwareFoundation/openexr/commit/db217f29dfb24f6b4b5100c24ac5e7490e1c57d0 https://github.com/AcademySoftwareFoundation/openexr/pull/1209 https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.1.4 https://github.com/google/oss-fuzz-vulns • CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 3

CVE-2021-45930 – qt: out-of-bounds write may lead to DoS

https://notcve.org/view.php?id=CVE-2021-45930

Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-of-bounds write in QtPrivate::QCommonArrayOps<QPainterPath::Element>::growAppend (called from QPainterPath::addPath and QPathClipper::intersect). Qt SVG en Qt versiones 5.0.0 hasta 6.2.1, presenta una escritura fuera de límites en la función QtPrivate::QCommonArrayOps(QPainterPath::Element)::growAppend (llamada desde QPainterPath::addPath y QPathClipper::intersect). A flaw was found in qtsvg's qsvghandler.cpp module. An attacker who is able to submit a crafted image file to an application that uses qsvghandler could cause an out-of-bounds write and potential denial of service to occur, depending on the application. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37025 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37306 https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qt/OSV-2021-1121.yaml https://github.com/qt/qtsvg/commit/36cfd9efb9b22b891adee9c48d30202289cfa620 https://github.com/qt/qtsvg/commit/79bb9f51fa374106a612d17c9d98d35d807be670 https://github.com/qt/qtsvg/commit/a3b753c2d077313fc9eb93af547051b956e383fc https://lists.debian.org/debian-lts-announce/2022/01/msg00020.html https://lists&# • CWE-787: Out-of-bounds Write •

CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1

CVE-2021-4183

https://notcve.org/view.php?id=CVE-2021-4183

Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of service via crafted capture file Un bloqueo en pcapng file parser en Wireshark versión 3.6.0 permite una denegación de servicio por medio de un archivo de captura diseñado. • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-4183.json https://gitlab.com/wireshark/wireshark/-/issues/17755 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q6XGBKWSQFCVYUN4ZK3O3NJIFP3OAFVT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5AEK3XTOIOGCGUILUFISMGX54YJXWGJ https://security.gentoo.org/glsa/202210-04 https://www.oracle.com/security-alerts/cpuapr2022.html https://www.wireshark.org/security/wn • CWE-125: Out-of-bounds Read •

CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1

CVE-2021-4182

https://notcve.org/view.php?id=CVE-2021-4182

Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file Un bloqueo en RFC 7468 dissector en Wireshark versiones 3.6.0 y 3.4.0 a 3.4.10, permite una denegación de servicio por inyección de paquetes o por un archivo de captura diseñado. • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-4182.json https://gitlab.com/wireshark/wireshark/-/issues/17801 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q6XGBKWSQFCVYUN4ZK3O3NJIFP3OAFVT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5AEK3XTOIOGCGUILUFISMGX54YJXWGJ https://security.gentoo.org/glsa/202210-04 https://www.oracle.com/security-alerts/cpuapr2022.html https://www.wireshark.org/security/wn • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1

CVE-2021-4186

https://notcve.org/view.php?id=CVE-2021-4186

Crash in the Gryphon dissector in Wireshark 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file Un bloqueo en Gryphon dissector en Wireshark versiones 3.4.0 a 3.4.10, permite una denegación de servicio por inyección de paquetes o archivo de captura diseñado. • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-4186.json https://gitlab.com/wireshark/wireshark/-/issues/17737 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q6XGBKWSQFCVYUN4ZK3O3NJIFP3OAFVT https://lists.fedoraproject.org& • CWE-476: NULL Pointer Dereference •