Page 31 of 1154 results (0.023 seconds)

CVSS: 6.5EPSS: 0%CPEs: 22EXPL: 0

CVE-2018-20650 – poppler: reachable Object::dictLookup assertion in FileSpec class in FileSpec.cc

https://notcve.org/view.php?id=CVE-2018-20650

A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach. Una aserción alcanzable en Object::dictLookup en Poppler 0.72.0 permite a los atacantes provocar una denegación de servicio (DoS) debido a la falta de comprobación del tipo de datos del directorio, tal y como queda demostrado con el uso de la clase FileSpec (en FileSpec.cc) en pdfdetach. • http://www.securityfocus.com/bid/106459 https://access.redhat.com/errata/RHSA-2019:2022 https://access.redhat.com/errata/RHSA-2019:2713 https://gitlab.freedesktop.org/poppler/poppler/commit/de0c0b8324e776f0b851485e0fc9622fc35695b7 https://gitlab.freedesktop.org/poppler/poppler/issues/704 https://lists.debian.org/debian-lts-announce/2019/09/msg00033.html https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html https:/ • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •

CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1

CVE-2018-1000876 – binutils: integer overflow leads to heap-based buffer overflow in objdump

https://notcve.org/view.php?id=CVE-2018-1000876

binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f. binutils, en versiones 2.32 y anteriores, contiene una vulnerabilidad de desbordamiento de enteros en objdump, bfd_get_dynamic_reloc_upper_bound y bfd_canonicalize_dynamic_reloc que puede resultar en un desbordamiento de enteros que desencadena un desbordamiento de memoria dinámica (heap). Si se explota con éxito, podría conducir a la ejecución de código arbitrario. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html http://www.securityfocus.com/bid/106304 https://access.redhat.com/errata/RHSA-2019:2075 https://sourceware.org/bugzilla/show_bug.cgi?id=23994 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=3a551c7a1b80fca579461774860574eabfd7f18f https://usn.ubuntu.com/4336-1 https://access.redhat.com/security/cve/CVE-2018-1000876 https://bugzilla. • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •

CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 0

CVE-2018-1000877 – libarchive: Double free in RAR decoder resulting in a denial of service

https://notcve.org/view.php?id=CVE-2018-1000877

libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c, parse_codes(), realloc(rar->lzss.window, new_size) with new_size = 0 that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted RAR archive. libarchive, con el commit con ID 416694915449219d505531b1096384f3237dd6cc y siguientes (desde la v3.1.0) contiene una vulnerabilidad CWE-415: doble liberación (double free) en el descodificador RAR; libarchive/archive_read_support_format_rar.c, parse_codes(), realloc(rar->lzss.window, new_size) con new_size = 0, lo que puede resultar en un cierre inesperado/denegación de servicio (DoS). El ataque parece ser explotable si una víctima abre un archivo RAR especialmente manipulado. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00055.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00015.html http://www.securityfocus.com/bid/106324 https://access.redhat.com/errata/RHSA-2019:2298 https://access.redhat.com/errata/RHSA-2019:3698 https://bugs.launchpad.net/ubuntu/+source/libarchive/+bug/1794909 https://github.com/libarchive/libarchive/pull/1105 https://gith • CWE-415: Double Free CWE-416: Use After Free •

CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 0

CVE-2018-1000878 – libarchive: Use after free in RAR decoder resulting in a denial of service

https://notcve.org/view.php?id=CVE-2018-1000878

libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c that can result in Crash/DoS - it is unknown if RCE is possible. This attack appear to be exploitable via the victim must open a specially crafted RAR archive. libarchive, con el commit con ID 416694915449219d505531b1096384f3237dd6cc y siguientes (desde la v3.1.0) contiene una vulnerabilidad CWE-416: uso de memoria previamente liberada en el descodificador RAR (libarchive/archive_read_support_format_rar.c) que puede resultar en un cierre inesperado/denegación de servicio. Se desconoce si se puede ejecutar código de forma remota. El ataque parece ser explotable si una víctima abre un archivo RAR especialmente manipulado. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00055.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00015.html http://www.securityfocus.com/bid/106324 https://access.redhat.com/errata/RHSA-2019:2298 https://access.redhat.com/errata/RHSA-2019:3698 https://bugs.launchpad.net/ubuntu/+source/libarchive/+bug/1794909 https://github.com/libarchive/libarchive/pull/1105 https://gith • CWE-416: Use After Free •

CVSS: 9.8EPSS: 61%CPEs: 13EXPL: 0

CVE-2018-15127 – libvncserver: Heap out-of-bounds write in rfbserver.c in rfbProcessFileTransferReadBuffer() allows for potential code execution

https://notcve.org/view.php?id=CVE-2018-15127

LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server code of file transfer extension that can result remote code execution LibVNC antes del commit con ID 502821828ed00b4a2c4bef90683d0fd88ce495de contiene una vulnerabilidad de escritura de memoria dinámica (heap) fuera de límites en el código del servidor de la extensión de transferencia de archivos que puede resultar en la ejecución remota de código. • https://access.redhat.com/errata/RHSA-2019:0059 https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-028-libvnc-heap-out-of-bound-write https://lists.debian.org/debian-lts-announce/2018/12/msg00017.html https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html https://usn.ubuntu.com/3877-1 https://usn.ubuntu.com/4547-1 https://usn.ubuntu.com/4587-1 https://www.debian.org/security/2019/dsa-4383 https://access.redhat.com/securit • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •