CVSS: 8.8EPSS: 6%CPEs: 9EXPL: 1CVE-2020-6422 – chromium-browser: Use after free in WebGL
https://notcve.org/view.php?id=CVE-2020-6422
20 Mar 2020 — Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de la memoria previamente liberada en WebGL en Google Chrome versiones anteriores a 80.0.3987.149, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada. Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could allow remote attackers to execute ar... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 2%CPEs: 9EXPL: 2CVE-2020-6449 – chromium-browser: Use after free in audio
https://notcve.org/view.php?id=CVE-2020-6449
20 Mar 2020 — Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de la memoria previamente liberada en audio en Google Chrome versiones anteriores a 80.0.3987.149, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada. Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could allow remote attackers to execute ar... • https://packetstorm.news/files/id/172843 • CWE-416: Use After Free •
CVSS: 5.3EPSS: 10%CPEs: 25EXPL: 5CVE-2019-11038 – Uninitialized read in gdImageCreateFromXbm
https://notcve.org/view.php?id=CVE-2019-11038
18 Jun 2019 — When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code. Cuando se usa la función gdImageCreateFromXbm () en la Biblioteca de gráficos GD (también conocida como LibGD) 2.... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00020.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-457: Use of Uninitialized Variable CWE-908: Use of Uninitialized Resource •
CVSS: 7.5EPSS: 2%CPEs: 10EXPL: 0CVE-2017-16232 – LibTIFF 4.0.8 Memory Leak
https://notcve.org/view.php?id=CVE-2017-16232
21 Dec 2018 — LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue ** EN DISPUTA ** LibTIFF 4.0.8 tiene múltiples vulnerabilidades de fuga de memoria, lo que permite que los atacantes provoquen una denegación de servicio (consumo de memoria), tal y como queda demostrado con tif_open.c, tif_lzw.c y tif_aux.c. NOTA: los terceros eran inca... • http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00036.html • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 2CVE-2018-19655
https://notcve.org/view.php?id=CVE-2018-19655
29 Nov 2018 — A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted raw photo file. Un desbordamiento de búfer basado en pila en la función find_green() de dcraw hasta la versión 9.28, tal y como se emplea en ufraw-batch y muchos otros productos, podría permitir que un atacante remoto provoque el secuestro de un flu... • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890086 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 1%CPEs: 9EXPL: 1CVE-2018-19539
https://notcve.org/view.php?id=CVE-2018-19539
26 Nov 2018 — An issue was discovered in JasPer 2.0.14. There is an access violation in the function jas_image_readcmpt in libjasper/base/jas_image.c, leading to a denial of service. Se ha descubierto un problema en JasPer 2.0.14. Hay una violación de acceso en la función jas_image_readcmpt en libjasper/base/jas_image.c, provocando una denegación de servicio (DoS). • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00004.html • CWE-617: Reachable Assertion •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 1CVE-2018-19540
https://notcve.org/view.php?id=CVE-2018-19540
26 Nov 2018 — An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16. There is a heap-based buffer overflow of size 1 in the function jas_icctxtdesc_input in libjasper/base/jas_icc.c. ... • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00023.html • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 1CVE-2018-19541
https://notcve.org/view.php?id=CVE-2018-19541
26 Nov 2018 — An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16. There is a heap-based buffer over-read of size 8 in the function jas_image_depalettize in libjasper/base/jas_image... • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00023.html • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 1%CPEs: 10EXPL: 1CVE-2018-19542 – Ubuntu Security Notice USN-4688-1
https://notcve.org/view.php?id=CVE-2018-19542
26 Nov 2018 — An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function jp2_decode in libjasper/jp2/jp2_dec.c, leading to a denial of service. Se ha descubierto un problema en JasPer 2.0.14. Hay una desreferencia de puntero NULL en la función jp2_decode en libjasper/jp2/jp2_dec.c, provocando una denegación de servicio (DoS). It was discovered that Jasper incorrectly certain files. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00004.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 1CVE-2018-19543
https://notcve.org/view.php?id=CVE-2018-19543
26 Nov 2018 — An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jp2_decode in libjasper/jp2/jp2_dec.c. Se ha descubierto un problema en JasPer 2.0.14. Existe un desbordamiento de búfer basado en memoria dinámica (heap) del tamaño 8 en la función jp2_decode in libjasper/jp2/jp2_dec.c. • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html • CWE-125: Out-of-bounds Read •