CVE-2024-24258 – freeglut: memory leak via glutAddSubMenu() function
https://notcve.org/view.php?id=CVE-2024-24258
freeglut 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddSubMenu function. Se descubrió que mupdf v1.23.9 contenía una pérdida de memoria a través de la variable menuEntry en la función glutAddSubMenu. A memory leak flaw was found in the glutAddSubMenu function of freeglut, an open-source alternative to the OpenGL Utility Toolkit. This flaw allows an attacker to launch a denial of service attack by crashing or hanging the program or taking advantage of other unexpected program behavior resulting from a low memory condition. • https://github.com/freeglut/freeglut/pull/155 https://github.com/yinluming13579/mupdf_defects/blob/main/mupdf_detect_1.md https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IBAWX3HMMZVAWJZ3U6VOAYYOYJCN3IS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T43DAHPIWMGN54E4I6ABLHNYHZSTX7H5 https://access.redhat.com/security/cve/CVE-2024-24258 https://bugzilla.redhat.com/show_bug.cgi?id=2263939 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2024-24259 – freeglut: memory leak via glutAddMenuEntry() function
https://notcve.org/view.php?id=CVE-2024-24259
freeglut through 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddMenuEntry function. Se descubrió que mupdf v1.23.9 contenía una pérdida de memoria a través de la variable menuEntry en la función glutAddMenuEntry. A memory leak flaw was found in the glutAddMenuEntry function of freeglut, an open-source alternative to the OpenGL Utility Toolkit. This issue may allow an attacker to launch a denial of service attack by crashing or hanging the program or take advantage of other unexpected program behavior resulting from a low memory condition. • https://github.com/freeglut/freeglut/pull/155 https://github.com/yinluming13579/mupdf_defects/blob/main/mupdf_detect_2.md https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IBAWX3HMMZVAWJZ3U6VOAYYOYJCN3IS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T43DAHPIWMGN54E4I6ABLHNYHZSTX7H5 https://access.redhat.com/security/cve/CVE-2024-24259 https://bugzilla.redhat.com/show_bug.cgi?id=2263943 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2020-36773
https://notcve.org/view.php?id=CVE-2020-36773
Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a single character code in a PDF document can map to more than one Unicode code point (e.g., for a ligature). Artifex Ghostscript anterior a 9.53.0 tiene una escritura y un use-after-free fuera de los límites en devices/vector/gdevtxtw.c (para txtwrite) porque un código de un solo carácter en un documento PDF se puede asignar a más de un punto de código Unicode. (por ejemplo, para una ligadura). • https://bugs.ghostscript.com/show_bug.cgi?id=702229 https://bugzilla.opensuse.org/show_bug.cgi?id=1177922 https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=8c7bd787defa071c96289b7da9397f673fddb874 https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/tag/gs9530 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVE-2023-51103
https://notcve.org/view.php?id=CVE-2023-51103
A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in the function fz_new_pixmap_from_float_data() of pixmap.c. Se descubrió una vulnerabilidad de excepción de punto flotante (división por cero) en mupdf 1.23.4 en la función fz_new_pixmap_from_float_data() de pixmap.c. • http://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=f1b5f87edd2675d5c79301e4ef2e1139f67f904b https://bugs.ghostscript.com/show_bug.cgi?id=707620 https://github.com/dongyuma/sox-defects/blob/main/mupdf-defects.md • CWE-369: Divide By Zero •
CVE-2023-51106
https://notcve.org/view.php?id=CVE-2023-51106
A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in function pnm_binary_read_image() of load-pnm.c when fz_colorspace_n returns zero. Se descubrió una vulnerabilidad de excepción de punto flotante (división por cero) en mupdf 1.23.4 en la función pnm_binary_read_image() de load-pnm.c. • https://github.com/dongyuma/sox-defects/blob/main/mupdf-defects.md • CWE-369: Divide By Zero •