CVE-2015-8863 – jq: heap-buffer-overflow in tokenadd() function
https://notcve.org/view.php?id=CVE-2015-8863
Off-by-one error in the tokenadd function in jv_parse.c in jq allows remote attackers to cause a denial of service (crash) via a long JSON-encoded number, which triggers a heap-based buffer overflow. Error por un paso en la función tokenadd en jv_parse.c en jq permite a atacantes remotos provocar una denegación de servicio (caída) a través de un número largo codificado en JSON, lo que desencadena un desbordamiento de buffer basado en memoria dinámica. A heap-based buffer overflow flaw was found in jq's tokenadd() function. By tricking a victim into processing a specially crafted JSON file, an attacker could use this flaw to crash jq or, potentially, execute arbitrary code on the victim's system. • http://lists.opensuse.org/opensuse-updates/2016-05/msg00012.html http://lists.opensuse.org/opensuse-updates/2016-05/msg00014.html http://rhn.redhat.com/errata/RHSA-2016-1098.html http://rhn.redhat.com/errata/RHSA-2016-1099.html http://rhn.redhat.com/errata/RHSA-2016-1106.html http://www.openwall.com/lists/oss-security/2016/04/23/1 http://www.openwall.com/lists/oss-security/2016/04/23/2 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802231 https://github. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVE-2016-3977
https://notcve.org/view.php?id=CVE-2016-3977
Heap-based buffer overflow in util/gif2rgb.c in gif2rgb in giflib 5.1.2 allows remote attackers to cause a denial of service (application crash) via the background color index in a GIF file. Desbordamiento de buffer basado en memoria dinámica en util/gif2rgb.c en gif2rgb en giflib 5.1.2 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través del índice del color de fondo en un archivo GIF. • http://bugs.fi/fuzzing/index.html http://lists.opensuse.org/opensuse-updates/2016-04/msg00079.html http://lists.opensuse.org/opensuse-updates/2016-04/msg00084.html http://lists.opensuse.org/opensuse-updates/2016-05/msg00019.html http://www.securityfocus.com/bid/88103 https://bugzilla.redhat.com/show_bug.cgi?id=1325771 https://sourceforge.net/p/giflib/bugs/87 https://sourceforge.net/p/giflib/code/ci/ea8dbc5786862a3e16a5acfa3d24e2c2f608cd88 https://usn.ubuntu.com/4107-1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-3982
https://notcve.org/view.php?id=CVE-2016-3982
Off-by-one error in the bmp_rle4_fread function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file, which triggers a heap-based buffer overflow. Error por un paso en la función bmp_rle4_fread en pngxrbmp.c en OptiPNG en versiones anteriores a 0.7.6 permite a atacantes remotos provocar una denegación de servicio (acceso a lectura o escritura fuera de rango y caída) o posiblemente ejecutar código arbitrario a través de un archivo de imagen manipulado, lo que desencadena un desbordamiento de buffer basado en memoria dinámica. • http://bugs.fi/media/afl/optipng/2 http://lists.opensuse.org/opensuse-updates/2016-04/msg00061.html http://lists.opensuse.org/opensuse-updates/2016-04/msg00065.html http://www.debian.org/security/2016/dsa-3546 http://www.ubuntu.com/usn/USN-2951-1 https://security.gentoo.org/glsa/201608-01 https://sourceforge.net/p/optipng/bugs/57 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-2347
https://notcve.org/view.php?id=CVE-2016-2347
Integer underflow in the decode_level3_header function in lib/lha_file_header.c in Lhasa before 0.3.1 allows remote attackers to execute arbitrary code via a crafted archive. Desbordamiento de enteros en la función decode_level3_header en lib/lha_file_header.c in Lhasa en versiones anteriores a 0.3.1 permite a los atacantes remotos ejecuta el código arbitrario a través de un archivo manipulado. • http://lists.opensuse.org/opensuse-updates/2016-04/msg00038.html http://lists.opensuse.org/opensuse-updates/2016-04/msg00039.html http://www.debian.org/security/2016/dsa-3540 http://www.talosintelligence.com/reports/TALOS-2016-0095 https://github.com/fragglet/lhasa/commit/6fcdb8f1f538b9d63e63a5fa199c5514a15d4564 https://github.com/fragglet/lhasa/releases/tag/v0.3.1 • CWE-190: Integer Overflow or Wraparound •
CVE-2015-8803 – nettle: secp256 calculation bug
https://notcve.org/view.php?id=CVE-2015-8803
The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805. La función ecc_256_modp en ecc-256.c en Nettle en versiones anteriores a 3.2 no maneja correctamente la propagación del acarreo y produce una salida incorrecta en su implementación de la curva elíptica P-256 NIST, lo que permite a atacantes tener un impacto no especificado a través de vectores desconocidos, una vulnerabilidad diferente a CVE-2015-8805. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176807.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177229.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177473.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00091.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00093.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00100.html http://rhn.redhat.com/errata/RHSA-2016-2582.html http://ww • CWE-254: 7PK - Security Features CWE-310: Cryptographic Issues CWE-358: Improperly Implemented Security Check for Standard •