CVE-2018-16435 – lcms2: Integer overflow in AllocateDataSet() in cmscgats.c leading to heap-based buffer overflow
https://notcve.org/view.php?id=CVE-2018-16435
Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile. Little CMS (también conocido como Little Color Management System) 2.9 tiene un desbordamiento de enteros en la función AllocateDataSet en cmscgats.c que conduce a un desbordamiento de búfer basado en memoria dinámica (heap) en la función SetData mediante un archivo manipulado en el segundo argumento en cmsIT8LoadFromFile. • https://access.redhat.com/errata/RHSA-2018:3004 https://github.com/mm2/Little-CMS/commit/768f70ca405cd3159d990e962d54456773bb8cf8 https://github.com/mm2/Little-CMS/issues/171 https://lists.debian.org/debian-lts-announce/2018/09/msg00005.html https://security.gentoo.org/glsa/202105-18 https://usn.ubuntu.com/3770-1 https://usn.ubuntu.com/3770-2 https://www.debian.org/security/2018/dsa-4284 https://access.redhat.com/security/cve/CVE-2018-16435 https://bugzilla.redhat.com/sh • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVE-2018-14622
https://notcve.org/view.php?id=CVE-2018-14622
A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available file descriptors. A remote attacker could cause an rpc-based application to crash by flooding it with new connections. Se ha encontrado una vulnerabilidad de desreferencia de puntero NULL en libtirpc en versiones anteriores a la 0.3.3-rc3. El valor de retorno de makefd_xprt() no se comprobó en todas las instancias, lo que podría conducir a un cierre inesperado cuando el servidor agotó el número máximo de descriptores de archivo disponibles. • http://git.linux-nfs.org/?p=steved/libtirpc.git%3Ba=commit%3Bh=1c77f7a869bdea2a34799d774460d1f9983d45f0 https://access.redhat.com/errata/RHBA-2017:1991 https://bugzilla.novell.com/show_bug.cgi?id=968175 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14622 https://lists.debian.org/debian-lts-announce/2018/08/msg00034.html https://usn.ubuntu.com/3759-1 https://usn.ubuntu.com/3759-2 • CWE-252: Unchecked Return Value •
CVE-2018-16062 – elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file
https://notcve.org/view.php?id=CVE-2018-16062
dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file. dwarf_getaranges en dwarf_getaranges.c en libdw en elfutils en versiones anteriores al 18/08/2018 permite que atacantes remotos provoquen una denegación de servicio (sobrelectura de búfer basada en memoria dinámica o heap) mediante un archivo manipulado. An out-of-bounds read was discovered in elfutils in the way it reads DWARF address ranges information. Function dwarf_getaranges() in dwarf_getaranges.c does not properly check whether it reads beyond the limits of the ELF section. An attacker could use this flaw to cause a denial of service via a crafted file. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html https://access.redhat.com/errata/RHSA-2019:2197 https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html https://lists.debian.org/debian-lts-announce/2021/10/msg00030.html https://sourceware.org/bugzilla/show_bug.cgi?id=23541 https://sourceware.org/git/?p=elfutils.git%3Ba=commit%3Bh=29e31978ba51c1051743a503ee325b5ebc03d7e9 https://usn.ubuntu.com/4012-1 https://access.redhat.com/security/cve/CVE-2018-16062 • CWE-125: Out-of-bounds Read •
CVE-2018-5740 – A flaw in the "deny-answer-aliases" feature can cause an assertion failure in named
https://notcve.org/view.php?id=CVE-2018-5740
"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Affects BIND 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2. "deny-answer-aliases" es una característica poco utilizada que pretende ayudar a los operadores recursivos del servidor a proteger a los usuarios finales contra ataques de reenlace DNS, un método para poder eludir el modelo de seguridad empleado por los navegadores del cliente. Sin embargo, un defecto en esta característica hace que sea sencillo experimentar un fallo de aserción en name.c. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00027.html http://www.securityfocus.com/bid/105055 http://www.securitytracker.com/id/1041436 https://access.redhat.com/errata/RHSA-2018:2570 https://access.redhat.com/errata/RHSA-2018:2571 https://kb.isc.org/docs/aa-01639 https://lists.debian.org/debian-lts-announce/2018/08/msg00033.html https://lists.debian.org/debian-lts-announce/2021/11 • CWE-617: Reachable Assertion •
CVE-2018-15911 – ghostscript: Uninitialized memory access in the aesdecode operator (699665)
https://notcve.org/view.php?id=CVE-2018-15911
In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code. En Artifex Ghostscript 9.23 antes del 24/08/2018, los atacantes que puedan proporcionar archivos PostScript manipulados podrían emplear un acceso a la memoria no inicializada en el operador aesdecode para provocar el cierre inesperado del intérprete o ejecutar código. It was discovered that ghostscript did not properly verify the key used in aesdecode. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript document. • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=8e9ce5016db968b40e4ec255a3005f2786cce45f http://www.securityfocus.com/bid/105122 https://access.redhat.com/errata/RHSA-2018:3834 https://bugs.ghostscript.com/show_bug.cgi?id=699665 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101 https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html https://security.gentoo.org/glsa/201811-12 https://support.f5.com/csp/article/K22141757?utm_source=f5support&%3Butm_medium= • CWE-456: Missing Initialization of a Variable CWE-908: Use of Uninitialized Resource •