CVSS: 8.1EPSS: 0%CPEs: 23EXPL: 1CVE-2019-13616 – SDL: heap-based buffer overflow in SDL blit functions in video/SDL_blit*.c
https://notcve.org/view.php?id=CVE-2019-13616
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c. hasta 2.0.9, presenta una lectura excesiva del búfer en la región heap de la memoria en BlitNtoN en el archivo video/SDL_blit_N.c cuando es llamado desde SDL_SoftBlit en el archivo video/SDL_blit.c. A heap-based buffer overflow was discovered in SDL in the SDL_BlitCopy() function, that was called while copying an existing surface into a new optimized one, due to lack of validation while loading a BMP image in the SDL_LoadBMP_RW() function. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the application crash or possibly execute code. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00093.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00094.html https://access.redhat.com/errata/RHSA-2019:3950 https:/ • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 2CVE-2019-1010006
https://notcve.org/view.php?id=CVE-2019-1010006
Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attack vector is: Victim must open a crafted PDF file. The issue occurs because of an incorrect integer overflow protection mechanism in tiff_document_render and tiff_document_get_thumbnail. • http://bugzilla.maptools.org/show_bug.cgi?id=2745 http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00046.html https://bugzilla.gnome.org/show_bug.cgi?id=788980 https://lists.debian.org/debian-lts-announce/2019/08/msg00013.html https://lists.debian.org/debian-lts-announce/2019/08/msg00014.html https://seclists.org/bugtraq/2020/Feb/18 https://usn.ubuntu.com/4067-1 https://www.debian.org/security/2020/dsa-4624 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2019-13602
https://notcve.org/view.php?id=CVE-2019-13602
An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file. Un desbordamiento inferior de enteros en MP4_EIA608_Convert() en modules/demux/mp4/mp4.c en VideoLAN VLC media player hasta la versión 3.0.7.1 permitiría un atacante remoto causar una denegación de servicio (desbordamiento de buffer basado en memoria dinámica y caída) o posiblemente tener otro impacto no especificado mediante un archivo .mp4 especialmente diseñado. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html http://www.securityfocus.com/bid/109158 https://git.vi • CWE-191: Integer Underflow (Wrap or Wraparound) CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 1CVE-2019-11724
https://notcve.org/view.php?id=CVE-2019-11724
Application permissions give additional remote troubleshooting permission to the site input.mozilla.org, which has been retired and now redirects to another site. This additional permission is unnecessary and is a potential vector for malicious attacks. This vulnerability affects Firefox < 68. Los permisos de la aplicación otorgan un permiso de solución de problemas remoto adicional al sitio input.mozilla.org, que ha sido retirado y ahora redirecciona a otro sitio. Este permiso adicional es innecesario y es un vector potencial para ataques maliciosos. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html https://bugzilla.mozilla.org/show_bug.cgi?id=1512511 https://security.gentoo.org/glsa/201908-12 https://www.mozilla.org/security/advisories/mfsa2019-21 • CWE-863: Incorrect Authorization •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2019-11720
https://notcve.org/view.php?id=CVE-2019-11720
Some unicode characters are incorrectly treated as whitespace during the parsing of web content instead of triggering parsing errors. This allows malicious code to then be processed, evading cross-site scripting (XSS) filtering. This vulnerability affects Firefox < 68. Algunos caracteres unicode son tratados incorrectamente como espacios en blanco durante el análisis de contenido web en lugar de desencadenar errores de análisis. Esto permite que sea procesado el código malicioso, evadiendo el filtrado de cross-site scripting (XSS). • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html https://bugzilla.mozilla.org/show_bug.cgi?id=1556230 https://security.gentoo.org/glsa/201908-12 https://www.mozilla.org/security/advisories/mfsa2019-21 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •