CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2016-8692 – jasper: missing SIZ marker segment XRsiz and YRsiz fields range check
https://notcve.org/view.php?id=CVE-2016-8692
The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted YRsiz value in a BMP image to the imginfo command. La función jpc_dec_process_siz en libjasper/jpc/jpc_dec.c en JasPer en versiones anteriores a 1.900.4 permite a atacantes remotos provocar una denegación de servicio (error de división por cero y bloqueo de la aplicación) a través de un valor YRsiz manipulado en una imagen BMP al comando imginfo. • http://www.debian.org/security/2017/dsa-3785 http://www.openwall.com/lists/oss-security/2016/08/23/6 http://www.openwall.com/lists/oss-security/2016/10/16/14 http://www.securityfocus.com/bid/93588 https://access.redhat.com/errata/RHSA-2017:1208 https://blogs.gentoo.org/ago/2016/10/16/jasper-two-divide-by-zero-in-jpc_dec_process_siz-jpc_dec-c https://bugzilla.redhat.com/show_bug.cgi?id=1385502 https://github.com/mdadams/jasper/commit/d8c2604cd438c41ec72aff52c16ebd8183 • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2016-8691 – jasper: missing SIZ marker segment XRsiz and YRsiz fields range check
https://notcve.org/view.php?id=CVE-2016-8691
The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted XRsiz value in a BMP image to the imginfo command. La función jpc_dec_process_siz en libjasper/jpc/jpc_dec.c en JasPer en versiones anteriores a 1.900.4 permite a atacantes remotos provocar una denegación de servicio (error de división por cero y bloqueo de la aplicación) a través de un valor XRsiz manipulado en una imagen BMP al comando imginfo. • http://www.debian.org/security/2017/dsa-3785 http://www.openwall.com/lists/oss-security/2016/08/23/6 http://www.openwall.com/lists/oss-security/2016/10/16/14 http://www.securityfocus.com/bid/93593 https://access.redhat.com/errata/RHSA-2017:1208 https://blogs.gentoo.org/ago/2016/10/16/jasper-two-divide-by-zero-in-jpc_dec_process_siz-jpc_dec-c https://bugzilla.redhat.com/show_bug.cgi?id=1385502 https://github.com/mdadams/jasper/commit/d8c2604cd438c41ec72aff52c16ebd8183 • CWE-369: Divide By Zero •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-6866
https://notcve.org/view.php?id=CVE-2016-6866
slock allows attackers to bypass the screen lock via vectors involving an invalid password hash, which triggers a NULL pointer dereference and crash. slock permite a atacantes eludir el bloqueo de pantalla a través de vectores que involucran un hash de contraseña inválido, lo que desencadena una referencia a puntero NULL y caída. • http://git.suckless.org/slock/commit/?id=d8bec0f6fdc8a246d78cb488a0068954b46fcb29 http://s1m0n.dft-labs.eu/files/slock/slock.txt http://www.openwall.com/lists/oss-security/2016/08/18/22 http://www.openwall.com/lists/oss-security/2016/08/18/24 http://www.securityfocus.com/bid/92546 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2FYPV6QQPPYBL3Z2BYNYEJB67FSC55OR https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RZPEJQN • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 1CVE-2013-7459
https://notcve.org/view.php?id=CVE-2013-7459
Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py. Desbordamiento de búfer basado en memoria dinámica en la función ALGnew en block_templace.c en Python Cryptography Toolkit (también conocido como pycrypto) permite a atacantes remotos ejecutar código arbitrario como se demuestra por un parámetro iv manipulado para cryptmsg.py. • http://www.openwall.com/lists/oss-security/2016/12/27/8 http://www.securityfocus.com/bid/95122 https://bugzilla.redhat.com/show_bug.cgi?id=1409754 https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4 https://github.com/dlitz/pycrypto/issues/176 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C6BWNADPLKDBBQBUT3P75W7HAJCE7M3B https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RJ37R2YLX56YZABFNAOWV4VTHTGYREAE https • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2016-8568
https://notcve.org/view.php?id=CVE-2016-8568
The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file. La función git_commit_message en oid.c en libgit2 en versiones anteriores a 0.24.3 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de un comando cat-file con un archivo de objeto manipulado. • http://lists.opensuse.org/opensuse-updates/2016-12/msg00075.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00103.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00110.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00114.html http://www.openwall.com/lists/oss-security/2016/10/08/7 http://www.securityfocus.com/bid/93466 https://bugzilla.redhat.com/show_bug.cgi?id=1383211 https://github.com/libgit2/libgit2/issues/3936 https://github.com/libgit2 • CWE-125: Out-of-bounds Read •