Page 25 of 123 results (0.023 seconds)

CVSS: 7.5EPSS: 0%CPEs: 38EXPL: 0

The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data. La función asn1_get_bit_der en GNU Libtasn1 anterior a 3.6 no informa debidamente de un error cuando una longitud de bit negativa está identificada, lo que permite a atacantes dependientes de contexto causar acceso fuera de rango a través de datos ASN.1 manipulados. • http://advisories.mageia.org/MGASA-2014-0247.html http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=1c3ccb3e040bf13e342ee60bc23b21b97b11923f http://linux.oracle.com/errata/ELSA-2014-0594.html http://linux.oracle.com/errata/ELSA-2014-0596.html http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html http://rhn.redhat.com/err • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-131: Incorrect Calculation of Buffer Size •

CVSS: 5.0EPSS: 0%CPEs: 35EXPL: 0

The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument. Las funciones (1) asn1_read_value_type y (2) asn1_read_value en GNU Libtasn1 anterior a 3.6 permite a atacantes dependientes de contexto causar una denegación de servicio (referencia de puntero nulo y caída) a través de un valor nulo en un argumento ivalue. • http://advisories.mageia.org/MGASA-2014-0247.html http://linux.oracle.com/errata/ELSA-2014-0594.html http://linux.oracle.com/errata/ELSA-2014-0596.html http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html http://rhn.redhat.com/errata/RHSA-2014-0594.html http://rhn.redhat.com/errata/RHSA-2014-0596.html http:/&#x • CWE-476: NULL Pointer Dereference •

CVSS: 4.3EPSS: 1%CPEs: 32EXPL: 1

The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file. La función gdImageCreateFromXpm en gdxpm.c en libgd, utilizado en PHP 5.4.26 y anteriores, permite a atacantes remotos causar una denegación de servicio (referencia a puntero cero y caída de aplicación) a través de una tabla de color manipulada en un archivo XPM. A NULL pointer dereference flaw was found in the gdImageCreateFromXpm() function of PHP's gd extension. A remote attacker could use this flaw to crash a PHP application using gd via a specially crafted X PixMap (XPM) file. • http://advisories.mageia.org/MGASA-2014-0288.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00002.html http://rhn.redhat.com/errata/RHSA-2014-1326.html http://rhn.redhat.com/errata/RHSA-2014-1327.html http://rhn.redhat.com/errata/RHSA-2014-1765.html http://rhn.redhat.com/errata/RHSA-2014-1766.html http://se • CWE-476: NULL Pointer Dereference •