CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-48554 – file: stack-based buffer over-read in file_copystr in funcs.c
https://notcve.org/view.php?id=CVE-2022-48554
File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: "File" is the name of an Open Source project. A flaw was found in file, a program used to identify a particular file according to the type of data contained by the file. This issue occurs when processing a specially crafted file, causing a stack-based buffer over-read, resulting in an application crash. • http://seclists.org/fulldisclosure/2024/Mar/21 http://seclists.org/fulldisclosure/2024/Mar/24 http://seclists.org/fulldisclosure/2024/Mar/25 https://bugs.astron.com/view.php?id=310 https://security.netapp.com/advisory/ntap-20231116-0002 https://support.apple.com/kb/HT214081 https://support.apple.com/kb/HT214084 https://support.apple.com/kb/HT214086 https://support.apple.com/kb/HT214088 https://www.debian.org/security/2023/dsa-5489 https://access.redhat.com/security&# • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2020-19189
https://notcve.org/view.php?id=CVE-2020-19189
Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. Vulnerabilidad de Buffer Overflow en la función "postprocess_terminfo" en tinfo/parse_entry.c:997 en ncurses v6.1 que permite a atacantes remotos causar una denegación de servicios a través de un comando manipulado. • http://seclists.org/fulldisclosure/2023/Dec/10 http://seclists.org/fulldisclosure/2023/Dec/11 http://seclists.org/fulldisclosure/2023/Dec/9 https://github.com/zjuchenyuan/fuzzpoc/blob/master/infotocap_poc5.md https://lists.debian.org/debian-lts-announce/2023/09/msg00033.html https://security.netapp.com/advisory/ntap-20231006-0005 https://support.apple.com/kb/HT214036 https://support.apple.com/kb/HT214037 https://support.apple.com/kb/HT214038 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-37051
https://notcve.org/view.php?id=CVE-2022-37051
An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file. Se ha descubierto un problema en Poppler 22.07.0. Hay un aborto alcanzable que conduce a la denegación de servicio debido a que la función principal en pdfunite.cc carece de una comprobación de flujo antes de guardar un archivo incrustado. • https://gitlab.freedesktop.org/poppler/poppler/-/commit/4631115647c1e4f0482ffe0491c2f38d2231337b https://gitlab.freedesktop.org/poppler/poppler/-/issues/1276 https://lists.debian.org/debian-lts-announce/2023/10/msg00022.html • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-23804
https://notcve.org/view.php?id=CVE-2020-23804
Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input. La recursión incontrolada en pdfinfo y pdftops en poppler 0.89.0 permite a atacantes remotos provocar una denegación de servicio a través de una entrada manipulada. • https://gitlab.freedesktop.org/poppler/poppler/-/issues/936 https://lists.debian.org/debian-lts-announce/2023/10/msg00022.html • CWE-674: Uncontrolled Recursion •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2023-37369 – qtbase: buffer overflow in QXmlStreamReader
https://notcve.org/view.php?id=CVE-2023-37369
In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length. A flaw was found in the qtbase package. When given specifically crafted data, the QXmlStreamReader can end up causing a buffer overflow and, subsequently, a crash. • https://bugreports.qt.io/browse/QTBUG-114829 https://codereview.qt-project.org/c/qt/qtbase/+/455027 https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3JR3N3IF5MUSETGYE46OZFOGGPY3VZT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SZK7EDD4ILPPSQAYO54FANUC4NFYLTHU https://access.redhat.com/secu • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •