CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-29573 – glibc: stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern
https://notcve.org/view.php?id=CVE-2020-29573
05 Dec 2020 — sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \x00\x04\x00\x00\x00\x00\x00\x00\x00\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In ot... • https://security.gentoo.org/glsa/202101-20 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.2EPSS: 0%CPEs: 11EXPL: 2CVE-2020-27777 – kernel: powerpc: RTAS calls can be used to compromise kernel integrity
https://notcve.org/view.php?id=CVE-2020-27777
05 Dec 2020 — A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel. Se encontró un fallo en la manera en que RTAS manejaba los accesos a la memoria en el espacio de usuario para la comunicación del kernel. En un sistema invitado bloqueado (generalm... • https://bugzilla.redhat.com/show_bug.cgi?id=1900844 • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 1CVE-2020-27765 – openSUSE Security Advisory - openSUSE-SU-2021:0148-1
https://notcve.org/view.php?id=CVE-2020-27765
04 Dec 2020 — A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. Se encontró un fallo en ImageMagick en el archivo MagickCore/segment.c. • https://bugzilla.redhat.com/show_bug.cgi?id=1894684 • CWE-369: Divide By Zero •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 1CVE-2020-27767 – openSUSE Security Advisory - openSUSE-SU-2021:0148-1
https://notcve.org/view.php?id=CVE-2020-27767
04 Dec 2020 — A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of types `float` and `unsigned char`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. Se encontró un fallo en ImageMagick en el archivo MagickCore/quantum.h. • https://bugzilla.redhat.com/show_bug.cgi?id=1894687 • CWE-190: Integer Overflow or Wraparound •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 1CVE-2020-27771 – openSUSE Security Advisory - openSUSE-SU-2021:0148-1
https://notcve.org/view.php?id=CVE-2020-27771
04 Dec 2020 — In RestoreMSCWarning() of /coders/pdf.c there are several areas where calls to GetPixelIndex() could result in values outside the range of representable for the unsigned char type. The patch casts the return value of GetPixelIndex() to ssize_t type to avoid this bug. This undefined behavior could be triggered when ImageMagick processes a crafted pdf file. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impa... • https://bugzilla.redhat.com/show_bug.cgi?id=1898290 • CWE-190: Integer Overflow or Wraparound •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 1CVE-2020-27772 – Ubuntu Security Notice USN-7068-1
https://notcve.org/view.php?id=CVE-2020-27772
04 Dec 2020 — A flaw was found in ImageMagick in coders/bmp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned int`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. Se encontró un fallo en ImageMagick en el archivo coders/bmp.c. • https://bugzilla.redhat.com/show_bug.cgi?id=1898291 • CWE-190: Integer Overflow or Wraparound •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 1CVE-2020-27773 – openSUSE Security Advisory - openSUSE-SU-2021:0148-1
https://notcve.org/view.php?id=CVE-2020-27773
04 Dec 2020 — A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` or division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. Se encontró un fallo en ImageMagick en el archivo MagickCore... • https://bugzilla.redhat.com/show_bug.cgi?id=1898295 • CWE-369: Divide By Zero •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 1CVE-2020-27774 – openSUSE Security Advisory - openSUSE-SU-2021:0148-1
https://notcve.org/view.php?id=CVE-2020-27774
04 Dec 2020 — A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of a too large shift for 64-bit type `ssize_t`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. Se encontró un fallo en ImageMagick en el archivo MagickCore/statistic.c. • https://bugzilla.redhat.com/show_bug.cgi?id=1898296 • CWE-190: Integer Overflow or Wraparound •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 1CVE-2020-27775 – openSUSE Security Advisory - openSUSE-SU-2021:0148-1
https://notcve.org/view.php?id=CVE-2020-27775
04 Dec 2020 — A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned char. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. Se encontró un fallo en ImageMagick en el archivo MagickCore/quantum.h. • https://bugzilla.redhat.com/show_bug.cgi?id=1898300 • CWE-190: Integer Overflow or Wraparound •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 1CVE-2020-27776 – Ubuntu Security Notice USN-7068-1
https://notcve.org/view.php?id=CVE-2020-27776
04 Dec 2020 — A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned long. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. Se encontró un fallo en ImageMagick en el archivo MagickCore/statistic.c. • https://bugzilla.redhat.com/show_bug.cgi?id=1898304 • CWE-190: Integer Overflow or Wraparound •