CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20298
https://notcve.org/view.php?id=CVE-2021-20298
A flaw was found in OpenEXR's B44Compressor. This flaw allows an attacker who can submit a crafted file to be processed by OpenEXR, to exhaust all memory accessible to the application. The highest threat from this vulnerability is to system availability. Se ha encontrado un fallo en B44Compressor de OpenEXR. Este fallo permite a un atacante que puede enviar un archivo diseñado para ser procesado por OpenEXR, agotar toda la memoria accesible a la aplicación. • https://access.redhat.com/security/cve/CVE-2021-20298 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25913 https://bugzilla.redhat.com/show_bug.cgi?id=1939156 https://github.com/AcademySoftwareFoundation/openexr/commit/85fd638ae0d5fa132434f4cbf32590261c1dba97 https://github.com/AcademySoftwareFoundation/openexr/pull/843 https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html • CWE-400: Uncontrolled Resource Consumption CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-35511
https://notcve.org/view.php?id=CVE-2020-35511
A global buffer overflow was discovered in pngcheck function in pngcheck-2.4.0(5 patches applied) via a crafted png file. Se ha detectado un desbordamiento de búfer global en la función pngcheck en pngcheck versión 2.4.0 (5 parches aplicados) por medio de un archivo png diseñado. • http://www.libpng.org/pub/png/apps/pngcheck.html https://lists.debian.org/debian-lts-announce/2022/12/msg00024.html https://www.debian.org/security/2022/dsa-5300 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-126: Buffer Over-read •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-2946 – Use After Free in vim/vim
https://notcve.org/view.php?id=CVE-2022-2946
Use After Free in GitHub repository vim/vim prior to 9.0.0246. Un Uso de Memoria Previamente Liberada en el repositorio GitHub vim/vim versiones anteriores a 9.0.0246. • https://github.com/vim/vim/commit/adce965162dd89bf29ee0e5baf53652e7515762c https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C72HDIMR3KTTAO7QGTXWUMPBNFUFIBRD https://security.gentoo.org/glsa/202305-16 • CWE-416: Use After Free •
CVSS: 6.2EPSS: 0%CPEs: 24EXPL: 0CVE-2022-2873 – kernel: an out-of-bounds vulnerability in i2c-ismt driver
https://notcve.org/view.php?id=CVE-2022-2873
An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data. This flaw allows a local user to crash the system. Se ha encontrado un fallo de acceso a memoria fuera de límites en el controlador de host iSMT SMBus del kernel de Linux, en la forma en que un usuario desencadena I2C_SMBUS_BLOCK_DATA (con el ioctl I2C_SMBUS) con datos de entrada maliciosos. Este fallo permite a un usuario local bloquear el sistema. • https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html https://lore.kernel.org/lkml/20220729093451.551672-1-zheyuma97%40gmail.com/T https://security.netapp.com/advisory/ntap-20230120-0001 https://www.debian.org/security/2023/dsa-5324 https://access.redhat.com/security/cve/CVE-2022-2873 https://bugzilla.redhat.com/show_bug.cgi?id=2119048 • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 1CVE-2020-27792 – Ghostscript: heap buffer over write vulnerability in ghostscript's lp8000_print_page() in gdevlp8k.c
https://notcve.org/view.php?id=CVE-2020-27792
A heap-based buffer overwrite vulnerability was found in GhostScript's lp8000_print_page() function in the gdevlp8k.c file. This flaw allows an attacker to trick a user into opening a crafted PDF file, triggering the heap buffer overflow that could lead to memory corruption or a denial of service. Se encontró una vulnerabilidad de escritura excesiva en el búfer en la región heap de la memoria en la función lp8000_print_page() de GhostScript en el archivo gdevlp8k.c. Un atacante podría engañar a un usuario para que abriera un archivo PDF diseñado, desencadenando el desbordamiento del búfer de la pila que podría conllevar la corrupción de la memoria o una denegación de servicio. • https://access.redhat.com/security/cve/CVE-2020-27792 https://bugs.ghostscript.com/show_bug.cgi?id=701844 https://bugzilla.redhat.com/show_bug.cgi?id=2247179 https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=4f6bc662909ab79e8fbe9822afb36e8a0eafc2b7 https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4f6bc662909ab79e8fbe9822afb36e8a0eafc2b7 https://lists.debian.org/debian-lts-announce/2022/09/msg00005.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •