Page 80 of 1100 results (0.015 seconds)

CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1

CVE-2022-28048

https://notcve.org/view.php?id=CVE-2022-28048

STB v2.27 was discovered to contain an integer shift of invalid size in the component stbi__jpeg_decode_block_prog_ac. Se ha detectado que STB versión v2.27, contiene un desplazamiento de enteros de tamaño no válido en el componente stbi__jpeg_decode_block_prog_ac • https://github.com/nothings/stb/issues/1293 https://github.com/nothings/stb/pull/1297 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5FXLM5XL77SNH4IPTSXOQD7XL4E2EMIN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I4HXIWU5HBOADXZVMREHT4YTO5WVYXEQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MMBCMJGAZRQS55SNECUWZSC5URVLEZ5R • CWE-682: Incorrect Calculation •

CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 1

CVE-2022-28042

https://notcve.org/view.php?id=CVE-2022-28042

stb_image.h v2.27 was discovered to contain an heap-based use-after-free via the function stbi__jpeg_huff_decode. Se ha detectado que stb_image.h versión v2.27, contenía un uso de memoria previamente liberada en la región heap de la memoria por medio de la función stbi__jpeg_huff_decode • https://github.com/nothings/stb/issues/1289 https://github.com/nothings/stb/pull/1297 https://lists.debian.org/debian-lts-announce/2023/01/msg00045.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5FXLM5XL77SNH4IPTSXOQD7XL4E2EMIN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I4HXIWU5HBOADXZVMREHT4YTO5WVYXEQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MMBCMJGAZRQS55SNECUWZSC5URVLEZ5R • CWE-416: Use After Free •

CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1

CVE-2022-28041

https://notcve.org/view.php?id=CVE-2022-28041

stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors. Se ha detectado que stb_image.h versión v2.27, contiene un desbordamiento de enteros por medio de la función stbi__jpeg_decode_block_prog_dc. Esta vulnerabilidad permite a atacantes causar una Denegación de Servicio (DoS) por medio de vectores no especificados • https://github.com/nothings/stb/issues/1292 https://github.com/nothings/stb/pull/1297 https://lists.debian.org/debian-lts-announce/2023/01/msg00045.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2G6JJJQ5JABTPF5H2L5FQGLILYLIGPW6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/52ZIQAFEG7A6TO526OJ7OA4GSEZQ2WEG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5FXLM5XL77SNH4IPTSXOQD7XL4E2EMIN https: • CWE-190: Integer Overflow or Wraparound •

CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0

CVE-2022-1304 – e2fsprogs: out-of-bounds read/write via crafted filesystem

https://notcve.org/view.php?id=CVE-2022-1304

An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem. Se ha encontrado una vulnerabilidad de lectura/escritura fuera de límites en e2fsprogs versión 1.46.5. Este problema conlleva a un fallo de segmentación y posiblemente una ejecución de código arbitrario por medio de un sistema de archivos especialmente diseñado An out-of-bounds read/write vulnerability was found in e2fsprogs. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem. • https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://access.redhat.com/security/cve/CVE-2022-1304 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •

CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0

CVE-2022-24828 – Missing input validation can lead to command execution in composer

https://notcve.org/view.php?id=CVE-2022-24828

Composer is a dependency manager for the PHP programming language. Integrators using Composer code to call `VcsDriver::getFileContent` can have a code injection vulnerability if the user can control the `$file` or `$identifier` argument. This leads to a vulnerability on packagist.org for example where the composer.json's `readme` field can be used as a vector for injecting parameters into hg/Mercurial via the `$file` argument, or git via the `$identifier` argument if you allow arbitrary data there (Packagist does not, but maybe other integrators do). Composer itself should not be affected by the vulnerability as it does not call `getFileContent` with arbitrary data into `$file`/`$identifier`. To the best of our knowledge this was not abused, and the vulnerability has been patched on packagist.org and Private Packagist within a day of the vulnerability report. • https://github.com/composer/composer/commit/2c40c53637c5c7e43fff7c09d3d324d632734709 https://github.com/composer/composer/security/advisories/GHSA-x7cr-6qr6-2hh6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/625MT3IKWKFVIWLSYZFSXHVUA2LES7YQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GWT6LDSRY7SFMTDZWJ4MS2ZBXHL7VQEF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QD7JQWL6C4GVROO25DTXWYWM6BPOPPCG https://www.tenable.com& • CWE-20: Improper Input Validation CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •