CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2019-5057
https://notcve.org/view.php?id=CVE-2019-5057
An exploitable code execution vulnerability exists in the PCX image-rendering functionality of SDL2_image 2.0.4. A specially crafted PCX image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. Se presenta una vulnerabilidad de ejecución de código explotable en la funcionalidad de renderización de imágenes PCX de SDL2_image versión 2.0.4. Una imagen PCX especialmente diseñada puede causar un desbordamiento de la pila, resultando en la ejecución de código. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.html https://talosintelligence.com/vulnerability_reports/TALOS-2019-0841 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 1CVE-2019-5459
https://notcve.org/view.php?id=CVE-2019-5459
An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read. Un desbordamiento de enteros de VLC Media Player versiones anteriores a 3.0.7, conlleva a una lectura fuera de banda. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html https://hackerone.com/reports/502816 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2019-14274
https://notcve.org/view.php?id=CVE-2019-14274
MCPP 2.7.2 has a heap-based buffer overflow in the do_msg() function in support.c. MCPP versión 2.7.2, presenta un desbordamiento de búfer en la región heap de la memoria en la función do_msg() en el archivo support.c. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00038.html https://security.gentoo.org/glsa/202208-04 https://sourceforge.net/p/mcpp/bugs/13 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 1CVE-2019-13962
https://notcve.org/view.php?id=CVE-2019-13962
lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height. lavc_CopyPicture en modules / codec / avcodec / video.c en el reproductor de medios VideoLAN VLC a través de 3.0.7 tiene una lectura en exceso del búfer basado en el montón porque no valida correctamente el ancho y la altura. • http://git.videolan.org/?p=vlc/vlc-3.0.git%3Ba=commit%3Bh=2b4f9d0b0e0861f262c90e9b9b94e7d53b864509 http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html http://lists.opensuse.org/opensuse-sec • CWE-125: Out-of-bounds Read •
CVSS: 8.1EPSS: 0%CPEs: 23EXPL: 1CVE-2019-13616 – SDL: heap-based buffer overflow in SDL blit functions in video/SDL_blit*.c
https://notcve.org/view.php?id=CVE-2019-13616
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c. hasta 2.0.9, presenta una lectura excesiva del búfer en la región heap de la memoria en BlitNtoN en el archivo video/SDL_blit_N.c cuando es llamado desde SDL_SoftBlit en el archivo video/SDL_blit.c. A heap-based buffer overflow was discovered in SDL in the SDL_BlitCopy() function, that was called while copying an existing surface into a new optimized one, due to lack of validation while loading a BMP image in the SDL_LoadBMP_RW() function. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the application crash or possibly execute code. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00093.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00094.html https://access.redhat.com/errata/RHSA-2019:3950 https:/ • CWE-125: Out-of-bounds Read •