CVSS: 6.6EPSS: 0%CPEs: 10EXPL: 2CVE-2022-1355 – libtiff: stack-buffer-overflow in tiffcp.c in main()
https://notcve.org/view.php?id=CVE-2022-1355
A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, possibly corrupting the memory, and causing a crash that leads to a denial of service. Se ha encontrado un fallo de desbordamiento del búfer de la pila en la función main() del archivo tiffcp.c de Libtiffs. Este defecto permite a un atacante pasar un archivo TIFF diseñado a la herramienta tiffcp, desencadenando un problema de desbordamiento del búfer de la pila, posiblemente corrompiendo la memoria, y causando un fallo que conlleva a una denegación de servicio • https://access.redhat.com/security/cve/CVE-2022-1355 https://bugzilla.redhat.com/show_bug.cgi?id=2074415 https://gitlab.com/libtiff/libtiff/-/issues/400 https://gitlab.com/libtiff/libtiff/-/merge_requests/323 https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html https://security.gentoo.org/glsa/202210-10 https://security.netapp.com/advisory/ntap-20221014-0007 https://www.debian.org/security/2023/dsa-5333 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 2CVE-2022-2519 – libtiff: Double free or corruption in rotateImage() function at tiffcrop.c
https://notcve.org/view.php?id=CVE-2022-2519
There is a double free or corruption in rotateImage() at tiffcrop.c:8839 found in libtiff 4.4.0rc1 Se presenta una doble liberación o corrupción en la función rotateImage() en el archivo tiffcrop.c:8839 encontrado en libtiff versión 4.4.0rc1 A double-free flaw was found in the tiffcrop tool distributed with the libtiff tools package. The double-free issue leads to a denial of service, impacting the availability. • https://gitlab.com/libtiff/libtiff/-/issues/423 https://gitlab.com/libtiff/libtiff/-/merge_requests/378 https://www.debian.org/security/2023/dsa-5333 https://access.redhat.com/security/cve/CVE-2022-2519 https://bugzilla.redhat.com/show_bug.cgi?id=2122789 • CWE-415: Double Free •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2022-25857 – Denial of Service (DoS)
https://notcve.org/view.php?id=CVE-2022-25857
The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections. El paquete org.yaml:snakeyaml versiones desde 0 y anteriores a 1.31, son vulnerables a una Denegación de Servicio (DoS) debido a una falta de limitación de profundidad anidada para las colecciones A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections. • https://bitbucket.org/snakeyaml/snakeyaml/commits/fc300780da21f4bb92c148bc90257201220cf174 https://bitbucket.org/snakeyaml/snakeyaml/issues/525 https://github.com/snakeyaml/snakeyaml/commit/fc300780da21f4bb92c148bc90257201220cf174 https://lists.debian.org/debian-lts-announce/2022/10/msg00001.html https://security.netapp.com/advisory/ntap-20240315-0010 https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-2806360 https://access.redhat.com/security/cve/CVE-2022-25857 https://bugzilla.redhat.com/show_bug.cgi?id=2126789 • CWE-400: Uncontrolled Resource Consumption CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2022-38784 – poppler: integer overflow in JBIG2 decoder using malformed files
https://notcve.org/view.php?id=CVE-2022-38784
Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf. Poppler versiones anteriores a 22.08.0 incluyéndola, contiene un desbordamiento de enteros en el descodificador JBIG2 (la función JBIG2Stream::readTextRegionSeg() en el archivo JBIGStream.cc). El procesamiento de un archivo PDF o una imagen JBIG2 especialmente diseñados podría conllevar a un bloqueo o una ejecución de código arbitrario. • http://www.openwall.com/lists/oss-security/2022/09/02/11 https://github.com/jeffssh/CVE-2021-30860 https://github.com/zmanion/Vulnerabilities/blob/main/CVE-2022-38171.md https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1261/diffs?commit_id=27354e9d9696ee2bc063910a6c9a6b27c5184a52 https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BGY72LBJMFAKQWC2XH4MRPIGPQLXTFL6 https://lists.fedoraproject&# • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 0CVE-2021-46837
https://notcve.org/view.php?id=CVE-2021-46837
res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrence of the CVE-2019-15297 symptoms but not for exactly the same reason. The crash occurs because there is an append operation relative to the active topology, but this should instead be a replace operation. La función res_pjsip_t38 en Sangoma Asterisk versiones 16.x anteriores a 16.16.2, 17.x anteriores a 17.9.3, y 18.x anteriores a 18.2.2, y Certified Asterisk anteriores a 16.8-cert7, permite a un atacante desencadenar un fallo mediante el envío de una línea m=image y un puerto cero en una respuesta a una Re invitación T.38 iniciada por Asterisk. Se trata de una reaparición de los síntomas de la CVE-2019-15297 pero no exactamente por el mismo motivo. • https://downloads.asterisk.org/pub/security/AST-2021-006.html https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html https://www.debian.org/security/2022/dsa-5285 • CWE-476: NULL Pointer Dereference •