CVSS: 8.1EPSS: 0%CPEs: 11EXPL: 1CVE-2018-20546
https://notcve.org/view.php?id=CVE-2018-20546
There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for the default bpp case. Hay un acceso de LECTURA ilegal en la memoria en caca/dither.c (función get_rgba_default) en libcaca 0.99.beta19 para el caso bpp por defecto. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00033.html https://bugzilla.redhat.com/show_bug.cgi?id=1652622 https://github.com/cacalabs/libcaca/commit/1022d97496c7899e8641515af363381b31ae2f05 https://github.com/cacalabs/libcaca/issues/38 https://lists.debian.org/debian-lts-announce/2019/01/msg00007.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WFGYICNTMNDNMDDUV4G2RYFB5HNJCOV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 2CVE-2018-20545
https://notcve.org/view.php?id=CVE-2018-20545
There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 4bpp data. Hay un acceso de ESCRITURA de memoria ilegal en common-image.c (en la función load_image) en los datos 4bpp de la versión 0.99.beta19 de libcaca. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00033.html https://bugzilla.redhat.com/show_bug.cgi?id=1652621 https://github.com/cacalabs/libcaca/commit/3e52dabe3e64dc50f4422effe364a1457a8a8592 https://github.com/cacalabs/libcaca/issues/37 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WFGYICNTMNDNMDDUV4G2RYFB5HNJCOV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PC7EGOEQ5C4OD66ZUJJIIYEXBTZOCMZX https://lists.fedoraproject.org/ar • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1CVE-2018-20481 – poppler: NULL pointer dereference in the XRef::getEntry in XRef.cc
https://notcve.org/view.php?id=CVE-2018-20481
XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc. XRef::getEntry en XRef.cc en Poppler 0.72.0 gestiona de manera incorrecta las entradas XRef no asignadas, lo que permite que los atacantes remotos provoquen una denegación de servicio (desreferencia de puntero NULL) mediante un documento PDF manipulado, cuando se llama a XRefEntry::setFlag, en XRef.h, desde Parser::makeStream en Parser.cc. • http://www.securityfocus.com/bid/106321 https://access.redhat.com/errata/RHSA-2019:2022 https://access.redhat.com/errata/RHSA-2019:2713 https://gitlab.freedesktop.org/poppler/poppler/issues/692 https://gitlab.freedesktop.org/poppler/poppler/merge_requests/143 https://lists.debian.org/debian-lts-announce/2019/03/msg00008.html https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html https://usn.ubuntu.com/3865-1 https://access.redhat.com/security/cve/CVE-2018-20481 ht • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-20124
https://notcve.org/view.php?id=CVE-2018-20124
hw/rdma/rdma_backend.c in QEMU allows guest OS users to trigger out-of-bounds access via a PvrdmaSqWqe ring element with a large num_sge value. hw/rdma/rdma_backend.c en QEMU permite que los usuarios invitados del sistema operativo desencadenen un acceso fuera de límites mediante un elemento de anillo PvrdmaSqWqe con un valor num_sge grande. • http://www.openwall.com/lists/oss-security/2018/12/18/2 http://www.securityfocus.com/bid/106290 https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg02822.html https://usn.ubuntu.com/3923-1 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2018-20191
https://notcve.org/view.php?id=CVE-2018-20191
hw/rdma/vmw/pvrdma_main.c in QEMU does not implement a read operation (such as uar_read by analogy to uar_write), which allows attackers to cause a denial of service (NULL pointer dereference). hw/rdma/vmw/pvrdma_main.c en QEMU no implementa una operación de lectura (como uar_read por analogía con uar_write), lo que permite que los atacantes provoquen una denegación de servicio (desreferencia de puntero NULL). • http://www.openwall.com/lists/oss-security/2018/12/18/1 http://www.securityfocus.com/bid/106276 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJMTVGDLA654HNCDGLCUEIP36SNJEKK7 https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg03066.html https://usn.ubuntu.com/3923-1 • CWE-476: NULL Pointer Dereference •