Page 85 of 422 results (0.006 seconds)

CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 1

LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa. La rama maestra de LibTIFF presenta una lectura fuera de límites en LZWDecode en libtiff/tif_lzw.c:619, permitiendo a atacantes causar una denegación de servicio por medio de un archivo tiff diseñado. Para usuarios que compilan libtiff a partir de las fuentes, la corrección está disponible con el commit b4e79bfa • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/39 http://seclists.org/fulldisclosure/2022/Oct/41 https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1622.json https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a https://gitlab.com/libtiff/libtiff/-/issues/410 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C7IWZTB4J2N4F5OR5QY4VHDSKWKZSWN3 https://lists.fedoraproject.o • CWE-125: Out-of-bounds Read •

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1

A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g., is intentionally allowed to execute commands). This report does NOT imply any problem in the SQLite library. ** EN DISPUTA ** Puede producirse un fallo de segmentación en el componente command-line sqlite3.exe de SQLite versión 3.36.0 por medio de la función idxGetTableInfo cuando hay una consulta SQL manipulada. NOTA: el proveedor disputa la relevancia de este informe porque un usuario de sqlite3.exe ya tiene privilegios completos (por ejemplo, se le permite intencionadamente ejecutar comandos). Este informe NO implica ningún problema en la biblioteca SQLite. • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/39 http://seclists.org/fulldisclosure/2022/Oct/41 http://seclists.org/fulldisclosure/2022/Oct/47 http://seclists.org/fulldisclosure/2022/Oct/49 https://support.apple.com/kb/HT213446 https://support.apple.com/kb/HT213486 https://support.apple.com/kb/HT213487 https://support.apple.com/kb/HT213488 https://www.sqlite.org/forum/forumpost/718c0a8d17 •