Page 51 of 2048 results (0.008 seconds)

CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 1

CVE-2019-1000019 – libarchive: Out of bounds read in archive_read_support_format_7zip.c resulting in a denial of service

https://notcve.org/view.php?id=CVE-2019-1000019

libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to be exploitable via the victim opening a specially crafted 7zip file. libarchive en versiones desde el commit con ID bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 y siguientes (desde la versión v3.0.2) contiene una vulnerabilidad CWE-125: lectura fuera de límites en la descompresión 7zip (header_bytes() en archive_read_support_format_7zip.c) que puede resultar en un cierre inesperado (denegación de servicio). El ataque parece ser explotable si una víctima abre un archivo 7zip especialmente manipulado. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00055.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00015.html https://access.redhat.com/errata/RHSA-2019:2298 https://access.redhat.com/errata/RHSA-2019:3698 https://github.com/libarchive/libarchive/pull/1120 https://github.com/libarchive/libarchive/pull/1120/commits/65a23f5dbee4497064e9bb467f81138a62b0dae1 https://lists.debian.org/debian-lts-anno • CWE-125: Out-of-bounds Read •

CVSS: 5.3EPSS: 0%CPEs: 57EXPL: 1

CVE-2019-7317 – libpng: use-after-free in png_image_free in png.c

https://notcve.org/view.php?id=CVE-2019-7317

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. La función png_image_free en el archivo png.c en libpng versiones 1.6.x anteriores a 1.6.37, presenta un uso de la memoria previamente liberada porque la función png_image_free_function es llamada bajo png_safe_execute. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html http://www.securityfocus.com/bid/108098 https:/ • CWE-400: Uncontrolled Resource Consumption CWE-416: Use After Free •

CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 1

CVE-2019-7310 – poppler: heap-based buffer over-read in XRef::getEntry in XRef.cc

https://notcve.org/view.php?id=CVE-2019-7310

In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo. En la versión 0.73.0 de Poppler, una sobrelectura de búfer (debido a un error en la propiedad signedness de un número entero en la función XRef::getEntry function en XRef.cc) basada en memoria dinámica (heap) permite a los atacantes remotos causar una denegación de servicio (cierre inesperado de la aplicación) o, potencialmente, otro impacto no especificado mediante un documento PDF manipulado, tal y como queda demostrado con pdftocairo. • http://www.securityfocus.com/bid/106829 https://access.redhat.com/errata/RHSA-2019:2022 https://access.redhat.com/errata/RHSA-2019:2713 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12797 https://gitlab.freedesktop.org/poppler/poppler/issues/717 https://lists.debian.org/debian-lts-announce/2019/03/msg00008.html https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BI7NLDN2 • CWE-125: Out-of-bounds Read CWE-681: Incorrect Conversion between Numeric Types •

CVSS: 6.1EPSS: 0%CPEs: 29EXPL: 0

CVE-2018-18506 – Mozilla: Proxy Auto-Configuration file can define localhost access to be proxied

https://notcve.org/view.php?id=CVE-2018-18506

When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is manually configured, but when enabled could allow for attacks on services and tools that bind to the localhost for networked behavior if they are accessed through browsing. This vulnerability affects Firefox < 65. Cuando la autodetección del proxy está habilitada, si un servidor web proporciona un archivo de autoconfiguración de proxy (PAC) o si dicho archivo se carga localmente, este último puede especificar peticiones al host local que están destinadas a enviarse a través del proxy hacia otro servidor. Este comportamiento está prohibido por defecto cuando un proxy se configura manualmente. • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00043.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00043.html http://www.securityfocus.com/bid/106773 https://access.redhat.com/errata/RHSA-2019:0622 https://access.redhat.com/errata/RHSA-2019:0623 https://access.redhat.com/errata/RHSA-2019:0680 https:/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.8EPSS: 28%CPEs: 18EXPL: 1

CVE-2018-18500 – Mozilla: Use-after-free parsing HTML5 stream

https://notcve.org/view.php?id=CVE-2018-18500

A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65. Una vulnerabilidad de memoria previamente liberada puede ocurrir a la hora de analizar una transmisión HTML5 junto con elementos HTML personalizados. Esto resulta en la liberación del objeto de análisis de transmisión mientras está en uso, conduciendo potencialmente a un cierre inesperado explotable. • https://github.com/sophoslabs/CVE-2018-18500 http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html http://www.securityfocus.com/bid/106781 https://access.redhat.com/errata/RHSA-2019:0218 https://access.redhat.com/errata/RHSA-2019:0219 https://access.redhat.com/errata/RHSA-2019:0269 https://access.redhat.com/errata/RHSA-2019:0270 https://lists.debian.org/debian-lts-announce/2019/01/msg00025.html https://lists.debian.org/debian-lts-announce/2019/02/msg00024 • CWE-416: Use After Free •