CVE-2019-13012 – glib2: insecure permissions for files and directories
https://notcve.org/view.php?id=CVE-2019-13012
The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL). Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories, 0777 permissions are used; for files, default file permissions are used. This is similar to CVE-2019-12450. La back-end de configuración de keyfile en GLib (también se conoce como glib2.0) anterior a versión 2.60.0 de GNOME, crea directorios usando g_file_make_directory_with_parents (kfsb-)dir, NULL, NULL) y archivos utilizando g_file_replace_contents (kfsb-)file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL). • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00022.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931234#12 https://gitlab.gnome.org/GNOME/glib/commit/5e4da714f00f6bfb2ccd6d73d61329c6f3a08429 https://gitlab.gnome.org/GNOME/glib/issues/1658 https://gitlab.gnome.org/GNOME/glib/merge_requests/450 https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a45089365 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2013-1978 – gimp: XWD plugin color map heap-based buffer overflow
https://notcve.org/view.php?id=CVE-2013-1978
Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an X Window System (XWD) image dump with more colors than color map entries. Desbordamiento de búfer en la función read_xwd_cols en file-xwd.c en el plugin X Window Dump (XWD) de GIMP 2.6.9 y anteriores versiones permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de un volcado de imagen X Window System (XWD) con más colores que las entradas del mapa de color. • http://rhn.redhat.com/errata/RHSA-2013-1778.html http://www.debian.org/security/2013/dsa-2813 http://www.securityfocus.com/bid/64098 http://www.ubuntu.com/usn/USN-2051-1 https://bugzilla.redhat.com/show_bug.cgi?id=953902 https://security.gentoo.org/glsa/201603-01 https://access.redhat.com/security/cve/CVE-2013-1978 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2013-1913 – gimp: xwd plugin g_new() integer overflow
https://notcve.org/view.php?id=CVE-2013-1913
Integer overflow in the load_image function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier, when used with glib before 2.24, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large color entries value in an X Window System (XWD) image dump. Desbordamiento de enteros en la función load_image en file-xwd.c del plugin X Window Dump (XWD) de GIMP 2.6.9 y anteriores versiones, cuando se usa en glib anterior a la versión 2.24, permite a atacantes remotos provocar una denegación de servicio (caída) o posiblemente ejecutar código arbitrario a través de valores de grandes entradas de color en un volcado de imagen X Window System (XWD). • http://rhn.redhat.com/errata/RHSA-2013-1778.html http://www.debian.org/security/2013/dsa-2813 http://www.securityfocus.com/bid/64105 http://www.ubuntu.com/usn/USN-2051-1 https://bugzilla.redhat.com/show_bug.cgi?id=947868 https://security.gentoo.org/glsa/201603-01 https://access.redhat.com/security/cve/CVE-2013-1913 • CWE-190: Integer Overflow or Wraparound •
CVE-2012-0039
https://notcve.org/view.php?id=CVE-2012-0039
GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this issue may be disputed by the vendor; the existence of the g_str_hash function is not a vulnerability in the library, because callers of g_hash_table_new and g_hash_table_new_full can specify an arbitrary hash function that is appropriate for the application. ** DISPUTADA ** GLib 2.31.8 y anteriores, cuando la función g_str_hash está utilizada, calcula los valores hash sin restringir la capacidad de provocar colisiones previsibles, lo que permite a atacantes dependientes de contexto causar una denegación de servicio (consumo de CPU) a través de entradas manipuladas en una aplicación que mantiene una tabla hash. NOTA: este problema lo puede disputar el proveedor, la existencia de la función g_str_hash no se tarta de una vulnerabilidad en la librería, porque llamadores de g_hash_table_new y g_hash_table_new_full pueden especificar una función hash arbitraria que sea apropiada para la aplicación. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655044 http://mail.gnome.org/archives/gtk-devel-list/2003-May/msg00111.html http://openwall.com/lists/oss-security/2012/01/10/12 https://bugzilla.redhat.com/show_bug.cgi?id=772720 • CWE-310: Cryptographic Issues •
CVE-2008-4316 – glib2: integer overflows in the base64 handling functions (oCERT-2008-015)
https://notcve.org/view.php?id=CVE-2008-4316
Multiple integer overflows in glib/gbase64.c in GLib before 2.20 allow context-dependent attackers to execute arbitrary code via a long string that is converted either (1) from or (2) to a base64 representation. Múltiples desbordamientos en glib/gbase64.c en GLib antes de la versión 2.20 permiten ejecutar, a atacantes dependientes del contexto, código arbitrario a través de una cadena demasiado larga que es convertida o bien (1) en o bien (2) desde una representación base64. • http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00014.html http://lists.vmware.com/pipermail/security-announce/2010/000082.html http://ocert.org/patches/2008-015/glib-CVE-2008-4316.diff http://openwall.com/lists/oss-security/2009/03/12/2 http://secunia.com/advisories/34267 http://secunia.com/advisories/34317 http://secunia.com/advisories/34404 http://secunia.com/advisories/34416 http://secunia.com/advisories/34560 http://secunia.com/advisories/34854 http:/ • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •