CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 1CVE-2019-7664 – elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h
https://notcve.org/view.php?id=CVE-2019-7664
In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash). En elfutils 0.175, se intenta realizar un memcpy de tamaño negativo en elf_cvt_note en libelf/note_xlate.h debido a una comprobación de desbordamiento incorrecta. Las entradas elf manipuladas provocan un fallo de segmentación, que conduce a una denegación de servicio (cierre inesperado del programa). • https://access.redhat.com/errata/RHSA-2019:2197 https://access.redhat.com/errata/RHSA-2019:3575 https://sourceware.org/bugzilla/show_bug.cgi?id=24084 https://access.redhat.com/security/cve/CVE-2019-7664 https://bugzilla.redhat.com/show_bug.cgi?id=1677536 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 19EXPL: 2CVE-2019-7665 – elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c
https://notcve.org/view.php?id=CVE-2019-7665
In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes. En elfutils 0.175, existe una sobrelectura de búfer basada en memoria dinámica (heap) en la función elf32_xlatetom en elf32_xlatetom.c. Una entrada ELF manipulada puede provocar un fallo de segmentación que conduce a una denegación de servicio (cierre inesperado del programa) debido a que ebl_core_note no rechaza las notas de archivo core mal formadas. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html https://access.redhat.com/errata/RHSA-2019:2197 https://access.redhat.com/errata/RHSA-2019:3575 https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html https://lists.debian.org/debian-lts-announce/2021/10/msg00030.html https://sourceware.org/bugzilla/show_bug.cgi?id=24089 https://sourceware.org/ml/elfutils-devel/2019-q1/msg00049.html https://usn.ubuntu.com/4012-1 https://access.redhat.com&#x • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 1CVE-2019-1000019 – libarchive: Out of bounds read in archive_read_support_format_7zip.c resulting in a denial of service
https://notcve.org/view.php?id=CVE-2019-1000019
libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to be exploitable via the victim opening a specially crafted 7zip file. libarchive en versiones desde el commit con ID bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 y siguientes (desde la versión v3.0.2) contiene una vulnerabilidad CWE-125: lectura fuera de límites en la descompresión 7zip (header_bytes() en archive_read_support_format_7zip.c) que puede resultar en un cierre inesperado (denegación de servicio). El ataque parece ser explotable si una víctima abre un archivo 7zip especialmente manipulado. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00055.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00015.html https://access.redhat.com/errata/RHSA-2019:2298 https://access.redhat.com/errata/RHSA-2019:3698 https://github.com/libarchive/libarchive/pull/1120 https://github.com/libarchive/libarchive/pull/1120/commits/65a23f5dbee4497064e9bb467f81138a62b0dae1 https://lists.debian.org/debian-lts-anno • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 1%CPEs: 11EXPL: 0CVE-2019-1000020 – libarchive: Infinite recursion in archive_read_support_format_iso9660.c resulting in denial of service
https://notcve.org/view.php?id=CVE-2019-1000020
libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS by infinite loop. This attack appears to be exploitable via the victim opening a specially crafted ISO9660 file. libarchive, en versiones desde el commit con ID 5a98dcf8a86364b3c2c469c85b93647dfb139961 (desde la versión v2.8.0) contiene una vulnerabilidad CWE-835: bucle con condición de salida inalcanzable (bucle infinito) en el analizador ISO9660, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() que puede resultar en una denegación de servicio (DoS) por bucle infinito. El ataque parece ser explotable si una víctima abre un archivo ISO9660 especialmente manipulado. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00055.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00015.html https://access.redhat.com/errata/RHSA-2019:2298 https://access.redhat.com/errata/RHSA-2019:3698 https://github.com/libarchive/libarchive/pull/1120 https://github.com/libarchive/libarchive/pull/1120/commits/8312eaa576014cd9b965012af51bc1f967b12423 https://lists.debian.org/debian-lts-anno • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 1CVE-2019-7310 – poppler: heap-based buffer over-read in XRef::getEntry in XRef.cc
https://notcve.org/view.php?id=CVE-2019-7310
In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo. En la versión 0.73.0 de Poppler, una sobrelectura de búfer (debido a un error en la propiedad signedness de un número entero en la función XRef::getEntry function en XRef.cc) basada en memoria dinámica (heap) permite a los atacantes remotos causar una denegación de servicio (cierre inesperado de la aplicación) o, potencialmente, otro impacto no especificado mediante un documento PDF manipulado, tal y como queda demostrado con pdftocairo. • http://www.securityfocus.com/bid/106829 https://access.redhat.com/errata/RHSA-2019:2022 https://access.redhat.com/errata/RHSA-2019:2713 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12797 https://gitlab.freedesktop.org/poppler/poppler/issues/717 https://lists.debian.org/debian-lts-announce/2019/03/msg00008.html https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BI7NLDN2 • CWE-125: Out-of-bounds Read CWE-681: Incorrect Conversion between Numeric Types •