CVE-2017-18267 – poppler: Infinite recursion in fofi/FoFiType1C.cc:FoFiType1C::cvtGlyph() function allows denial of service
https://notcve.org/view.php?id=CVE-2017-18267
The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops. La función FoFiType1C::cvtGlyph en fofi/FoFiType1C.cc en Poppler 0.64.0 permite que atacantes remotos provoquen una denegación de servicio (recursión infinita) mediante un archivo PDF manipulado, tal y como demuestra pdftops. • https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2018:3140 https://access.redhat.com/errata/RHSA-2018:3505 https://bugzilla.freedesktop.org/show_bug.cgi?id=103238 https://lists.debian.org/debian-lts-announce/2018/10/msg00024.html https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html https://usn.ubuntu.com/3647-1 https://access.redhat.com/security/cve/CVE-2017-18267 https://bugzilla.redhat.com/show_bug.cgi?id=1578777 • CWE-674: Uncontrolled Recursion CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2018-1130 – kernel: a null pointer dereference in net/dccp/output.c:dccp_write_xmit() leads to a system crash
https://notcve.org/view.php?id=CVE-2018-1130
Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls. El kernel de Linux en versiones anteriores a la 4.16-rc7 es vulnerable a una desreferencia de puntero NULL en la función dccp_write_xmit() en net/dccp/output.c en la que un usuario local puede provocar una denegación de servicio mediante un número de llamadas del sistema manipuladas. A null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in the Linux kernel allows a local user to cause a denial of service by a number of certain crafted system calls. • https://access.redhat.com/errata/RHSA-2018:1854 https://access.redhat.com/errata/RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3096 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1130 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=67f93df79aeefc3add4e4b31a752600f834236e2 https://lists.debian.org/debian-lts-announce/2018/06/msg00000.html https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html https://lists.debian.org/debian& • CWE-476: NULL Pointer Dereference •
CVE-2018-1089 – 389-ds-base: ns-slapd crash via large filter value in ldapsearch
https://notcve.org/view.php?id=CVE-2018-1089
389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service. 389-ds-base en versiones anteriores a la 1.4.0.9, 1.3.8.1 y 1.3.6.15 no gestionó correctamente los filtros de búsqueda largos con caracteres que necesitan escapado. Esto podría conducir a desbordamientos de búfer. Un atacante remoto no autenticado podría emplear este error para hacer que ns-slapd se cierre inesperadamente mediante una petición LDAP especialmente manipulada que resulta en una denegación de servicio (DoS). It was found that 389-ds-base did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. • http://www.securityfocus.com/bid/104137 https://access.redhat.com/errata/RHSA-2018:1364 https://access.redhat.com/errata/RHSA-2018:1380 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1089 https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html https://access.redhat.com/security/cve/CVE-2018-1089 https://bugzilla.redhat.com/show_bug.cgi?id=1559802 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVE-2018-1087 – Kernel: KVM: error in exception handling leads to wrong debug stack value
https://notcve.org/view.php?id=CVE-2018-1087
kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest. kernel KVM en versiones anteriores al kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 y kernel 4.17-rc3 es vulnerable a un error en la forma en la que el hipervisor KVM del kernel de Linux gestiona las excepciones lanzadas tras una operación de cambio de pila mediante instrucciones Mov SS o Pop SS. Durante la operación de cambio de pila, el procesador no lanzó interrupciones y excepciones, sino que las lanza una vez se ha ejecutado la primera instrucción tras el cambio de pila. Un usuario invitado sin privilegios de KVM podría usar este error para provocar el cierre inesperado del guest o escalar sus privilegios en el guest. • http://www.openwall.com/lists/oss-security/2018/05/08/5 http://www.securityfocus.com/bid/104127 http://www.securitytracker.com/id/1040862 https://access.redhat.com/errata/RHSA-2018:1318 https://access.redhat.com/errata/RHSA-2018:1345 https://access.redhat.com/errata/RHSA-2018:1347 https://access.redhat.com/errata/RHSA-2018:1348 https://access.redhat.com/errata/RHSA-2018:1355 https://access.redhat.com/errata/RHSA-2018:1524 https://access.redhat.com/security/vulnerabili • CWE-250: Execution with Unnecessary Privileges •
CVE-2018-10767 – libgxps: Stack-based buffer overflow in calling glib in gxps_images_guess_content_type of gcontenttype.c
https://notcve.org/view.php?id=CVE-2018-10767
There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_type of gxps-images.c in libgxps through 0.3.0 because it does not reject negative return values from a g_input_stream_read call. A crafted input will lead to a remote denial of service attack. Hay una sobrelectura de búfer basada en pila en la llamada a GLib en la función gxps_images_guess_content_type de gxps-images.c en libgxps hasta la versión 0.3.0 debido a que no rechaza los valores de retorno de una llamada g_input_stream_read. Se podría realizar un ataque de denegación de servicio remoto con una entrada especialmente manipulada. • https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2018:3140 https://access.redhat.com/errata/RHSA-2018:3505 https://bugzilla.redhat.com/show_bug.cgi?id=1575188 https://access.redhat.com/security/cve/CVE-2018-10767 https://bugzilla.redhat.com/show_bug.cgi?id=1576175 • CWE-121: Stack-based Buffer Overflow CWE-125: Out-of-bounds Read •