CVSS: 6.5EPSS: 0%CPEs: 20EXPL: 2CVE-2019-9903 – poppler: stack consumption in function Dict::find() in Dict.cc
https://notcve.org/view.php?id=CVE-2019-9903
PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary. PDFDoc::markObject en PDFDoc.cc en Poppler 0.74.0 gestiona de manera incorrecta el marcado de diccionarios, que conduce al consumo de pila en la función Dict::find() en Dict.cc, que puede (por ejemplo) desencadenarse pasando un archivo pdf manipulado al binario pdfunite. • http://www.securityfocus.com/bid/107560 https://access.redhat.com/errata/RHSA-2019:2713 https://gitlab.freedesktop.org/poppler/poppler/issues/741 https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQ6RABASMSIMMWMDZTP6ZWUWZPTBSVB5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XGYLZZ4DZUDBQEGCNDWSZPSFNNZJF4S6 https://lists.fedoraproject.org/archives/list/package-announce%4 • CWE-400: Uncontrolled Resource Consumption CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 22%CPEs: 11EXPL: 3CVE-2019-9791 – Spidermonkey - IonMonkey Type Inference is Incorrect for Constructors Entered via OSR
https://notcve.org/view.php?id=CVE-2019-9791
The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacement (OSR). This allows for possible arbitrary reading and writing of objects during an exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. El sistema de inferencia de tipos permite la recopilación de funciones que pueden generar confusiones de tipo entre objetos arbitrarios cuando se compilan por medio del compilador IonMonkey just-in-time (JIT) y cuando se ingresa a la función constructor mediante el reemplazo en la pila (OSR). Esto permite una posible lectura y escritura arbitrarias de objetos durante un bloqueo explotable. • https://www.exploit-db.com/exploits/46613 https://github.com/Sp0pielar/CVE-2019-9791 https://access.redhat.com/errata/RHSA-2019:0966 https://access.redhat.com/errata/RHSA-2019:1144 https://bugzilla.mozilla.org/show_bug.cgi?id=1530958 https://www.mozilla.org/security/advisories/mfsa2019-07 https://www.mozilla.org/security/advisories/mfsa2019-08 https://www.mozilla.org/security/advisories/mfsa2019-11 https://access.redhat.com/security/cve/CVE-2019-9791 https://bugzilla.redhat. • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.8EPSS: 17%CPEs: 11EXPL: 3CVE-2019-9792 – Spidermonkey - IonMonkey Leaks JS_OPTIMIZED_OUT Magic Value to Script
https://notcve.org/view.php?id=CVE-2019-9792
The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTIMIZED_OUT magic value to the running script during a bailout. This magic value can then be used by JavaScript to achieve memory corruption, which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. El compilador IonMonkey just-in-time (JIT) puede filtrar un valor mágico interno JS_OPTIMIZED_OUT para la ejecución script durante un rescate. JavaScript puede utilizar este valor mágico para lograr daños en la memoria, lo que lleva a un fallo potencialmente explotable. • https://www.exploit-db.com/exploits/46939 http://packetstormsecurity.com/files/153106/Spidermonkey-IonMonkey-JS_OPTIMIZED_OUT-Value-Leak.html https://access.redhat.com/errata/RHSA-2019:0966 https://access.redhat.com/errata/RHSA-2019:1144 https://bugzilla.mozilla.org/show_bug.cgi?id=1532599 https://www.mozilla.org/security/advisories/mfsa2019-07 https://www.mozilla.org/security/advisories/mfsa2019-08 https://www.mozilla.org/security/advisories/mfsa2019-11 https://access.redhat.com/security/ • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 11EXPL: 0CVE-2019-9788 – Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6
https://notcve.org/view.php?id=CVE-2019-9788
Mozilla developers and community members reported memory safety bugs present in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. Desarrolladores de Mozilla y miembros de la comunidad reportaron bugs en seguridad de memoria presentes en Firefox 65, Firefox ESR 60.5, y Thunderbird 60.5. Algunos de los bugs mostraron evidencias de corrupción de memoria y asumimos que con el suficiente esfuerzo esto podría ser explotado para ejecutar código arbitrario. • https://access.redhat.com/errata/RHSA-2019:0966 https://access.redhat.com/errata/RHSA-2019:1144 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1518001%2C1521304%2C1521214%2C1506665%2C1516834%2C1518774%2C1524755%2C1523362%2C1524214%2C1529203 https://www.mozilla.org/security/advisories/mfsa2019-07 https://www.mozilla.org/security/advisories/mfsa2019-08 https://www.mozilla.org/security/advisories/mfsa2019-11 https://access.redhat.com/security/cve/CVE-2019-9788 https://bugzilla.redhat.com/show_bug.cgi?id • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 16EXPL: 0CVE-2019-3856 – libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write
https://notcve.org/view.php?id=CVE-2019-3856
An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. Se ha descubierto un error de desbordamiento de enteros que podría conducir a una escritura fuera de límites en libssh2, en versiones anteriores a la 1.8.1, en la forma en la que se analizan las peticiones de comandos de teclado. Un atacante remoto que comprometa un servidor SSH podría ser capaz de ejecutar código en el sistema del cliente cuando un usuario se conecta al servidor. An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 in the way keyboard prompt requests are parsed. • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html https://access.redhat.com/errata/RHSA-2019:0679 https://access.redhat.com/errata/RHSA-2019:1175 https://access.redhat.com/errata/RHSA-2019:1652 https://access.redhat.com/errata/RHSA-2019:1791 https://access.redhat.com/errata/RHSA-2019:1943 https://access.redhat.com/errata/RHSA-2019:2399 https://bugzilla.redhat.com/show_bug.cgi?id&# • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •