Package Search Help

You can use boolean logic (e.g. AND/OR/NOT) for complex search queries. For more help and examples, see the search documentation.

Search by package name:
my-package (implicit)
name:my-package (explicit)

Search by package filename:
my-package.ext (implicit)
filename:my-package.ext (explicit)

Search by package tag:
latest (implicit)
tag:latest (explicit)

Search by package version:
1.0.0 (implicit)
version:1.0.0 (explicit)
prerelease:true (prereleases)
prerelease:false (no prereleases)

Search by package architecture:
architecture:x86_64 

Search by package distribution:
distribution:el 

Search by package license:
license:MIT 

Search by package format:
format:deb 

Search by package status:
status:in_progress 

Search by package file checksum:
checksum:5afba 

Search by package security status:
severity:critical 

Search by package vulnerabilities:
vulnerabilities:>1 
vulnerabilities:<1000 

Search by # of package downloads:
downloads:>8 
downloads:<100 

Search by package type:
type:binary 
type:source 

Search by package size (bytes):
size:>50000 
size:<10000 

Search by dependency name/version:
dependency:log4j 
dependency:log4j=1.0.0 
dependency:log4j>1.0.0 

Search by uploaded date:
uploaded:>"1 day ago" 
uploaded:<"August 14, 2022 EST" 

Search by entitlement token (identifier):
entitlement:3lKPVJPosCsY 

Search by policy violation:
policy_violated:true
deny_policy_violated:true
license_policy_violated:true
vulnerability_policy_violated:true

Search by repository:
repository:repo-name

Search queries for all Debian-specific (and related) package types

Search by component:
deb_component:unstable

Search queries for all Maven-specific (and related) package types

Search by group ID:
maven_group_id:org.apache

Search queries for all Docker-specific (and related) package types

Search by image digest:
docker_image_digest:sha256:7c5..6d4
(full hashref only)

Search by layer digest:
docker_layer_digest:sha256:4c4..ae4
(full hashref only)

Field type modifiers (depending on the type, you can influence behaviour)

For all queries, you can use:
~foo for negation

For string queries, you can use:
^foo to anchor to start of term
foo$ to anchor to end of term
foo*bar for fuzzy matching

For number/date or version queries, you can use:
>foo for values greater than
>=foo for values greater / equal
<foo for values less than
<=foo for values less / equal

Need a secure and centralised artifact repository to deliver Alpine, Cargo, CocoaPods, Composer, Conan, Conda, CRAN, Dart, Debian, Docker, Go, Helm, Hex, LuaRocks, Maven, npm, NuGet, P2, Python, RedHat, Ruby, Swift, Terraform, Vagrant, Raw & More packages?

Cloudsmith is the new standard in Package / Artifact Management and Software Distribution.

With support for all major package formats, you can trust us to manage your software supply chain.

Start My Free Trial
 Public cloudsmith cloudsmith (Cloudsmith) / examples
An example repository filled with awesome examples from the examples GitHub project.

Docker logo example  8feacf9285cf2fbb6abcc649253…

One-liner (summary)

A certifiably-awesome package curated by Ciara Carey, hosted by Cloudsmith.

Description

A certifiably-awesome package curated by Ciara Carey, hosted by Cloudsmith.

License

Unknown

Size

354.1 MB

Downloads

1

Tags

image amd64 linux latest

Status  Completed
GPG Signature
Storage Region  Dublin, Ireland
Type  Binary (contains binaries and binary artifacts)
Uploaded At 1 year, 8 months ago
Uploaded By ciara-carey
Slug Id example-aVK
Unique Id x2I9KbuNHeoX
Version (Raw) 8feacf9285cf2fbb6abcc649253345ed7edff25d0de0c824cdd384a56671b1a3
Version (Parsed)
  • Type: Unknown
  docker-specific metadata
Image Digest sha256:8feacf9285cf2fbb6abcc649253345ed7edff25d0de0c824cdd384a56671b1a3
Config Digest sha256:0d7ac69684ad83d206968fcf388ffa7a32c66dc89e23df9b4855e46194f69cdc
V1 OCI Index Digest sha256:2086619083d7428143da88c783d18feef3c0a50bde9f2dab639c4c008e98a150
V1 Distribution (Signed) Digest sha256:cf38098a029f7595a6f9d9a23152aadf0a484a3a9213ff75cf44fbcc9106fe7e
V1 OCI Digest sha256:1501aa661173008bbe77796343684888a39469fef86c1cb2af5f0cd607932a8f
V2 Distribution List Digest sha256:ac8d04eb0ff24ec6e8dbe1663b48c54659a86e684cc5e91284dd2f6107d3e33b
V1 Distribution Digest sha256:3bdc9e5e21d7850bbadb737e34548b8f80587409ba2834573bfe20a57766da82
V2 Distribution Digest sha256:8feacf9285cf2fbb6abcc649253345ed7edff25d0de0c824cdd384a56671b1a3
  Cosign Manifests
ATT example (sha256:a28e2b0a7abe36b431b56d4123f5b7ad378bf58b6813b27a5231c9271380028a)
ATT example (sha256:5c181e9f9e336a0494185298c79ea24f004f07df5271509d38b4211abccd805a)
SIG example (sha256:d523f4db91f8dcf4653b40c41c9752d4d4d8902824326483d73028cce9db7b31)
  extended metadata
Manifest Type V2 Distribution
Architecture amd64
Config
Container 3d8fa3a2e98a053a4f0e8e0ce1655b3b458c2114c60d149e644c1d5bd30b218f
Container Config
Created 2022-07-18 15:37:02 UTC
Docker Version 20.10.17+azure-1
Os linux

This package was uploaded with the following V2 Distribution manifest:

{
   "schemaVersion": 2,
   "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
   "config": {
      "mediaType": "application/vnd.docker.container.image.v1+json",
      "size": 8477,
      "digest": "sha256:c4714ec1deb97bf1f198adf053fbee645f7f7d0fdff0d2802a0f01f3c998f4e0"
   },
   "layers": [
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 54999406,
         "digest": "sha256:d836772a1c1f9c4b1f280fb2a98ace30a4c4c87370f89aa092b35dfd9556278a"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 5156110,
         "digest": "sha256:66a9e63c657ad881997f5165c0826be395bfc064415876b9fbaae74bcb5dc721"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 10876416,
         "digest": "sha256:d1989b6e74cfdda1591b9dd23be47c5caeb002b7a151379361ec0c3f0e6d0e52"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 54579006,
         "digest": "sha256:c28818711e1ed38df107014a20127b41491b224d7aed8aa7066b55552d9600d2"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 196774352,
         "digest": "sha256:5084fa7ebd744165b15df008a9c14db7fc3d6af34cce64ba85bbaa348af594a3"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 4200,
         "digest": "sha256:3edb14de22dabcf57b4d2102a3e952f3b6a2ede9126a0d5eaad1ee43463993d1"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 45771940,
         "digest": "sha256:9dd3efa30ca7415d18ee1b8ccb7dc19b86db0584cc676252815811450d8bd17f"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 2290258,
         "digest": "sha256:52a5333c4aeb8db1a0b9873f7f8176659ea65dd6c5afff8da8ed2786b9831909"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 450,
         "digest": "sha256:2d09a6fe467be8ecdd436e8834a9adcad13fb9178b1d44239e9f5725e465dc0a"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 92,
         "digest": "sha256:ab854d7a425e040a0d28776e29f633b417ee358c93e360a8f14ee96e7189791a"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 620,
         "digest": "sha256:57328492cdb80c4c14e75600d08009f738f208285dbfb8f8bf7cb11ffcfccbbf"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 891881,
         "digest": "sha256:a17fa93dabe97fdde54f74f694f6753276d9dd0c1f92c021129802a9717d33ba"
      }
   ]
}
Digest: sha256:d836772a1c1f9c4b1f280fb2a98ace30a4c4c87370f89aa092b35dfd9556278a
Command: /bin/sh -c #(nop) ADD file:3451708ab45bc1bcfc1ebb2075d3af16767477cbeb79334959e0d1ff02b0864b in /
52.5 MB
Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) CMD ["bash"]
32 bytes
Digest: sha256:66a9e63c657ad881997f5165c0826be395bfc064415876b9fbaae74bcb5dc721
Command: /bin/sh -c set -eux; apt-get update; apt-get install -y --no-install-recommends ca-certificates curl netbase wget ; rm -rf /var/lib/apt/lists/*
4.9 MB
Digest: sha256:d1989b6e74cfdda1591b9dd23be47c5caeb002b7a151379361ec0c3f0e6d0e52
Command: /bin/sh -c set -ex; if ! command -v gpg > /dev/null; then apt-get update; apt-get install -y --no-install-recommends gnupg dirmngr ; rm -rf /var/lib/apt/lists/*; fi
10.4 MB
Digest: sha256:c28818711e1ed38df107014a20127b41491b224d7aed8aa7066b55552d9600d2
Command: /bin/sh -c apt-get update && apt-get install -y --no-install-recommends git mercurial openssh-client subversion procps && rm -rf /var/lib/apt/lists/*
52.1 MB
Digest: sha256:5084fa7ebd744165b15df008a9c14db7fc3d6af34cce64ba85bbaa348af594a3
Command: /bin/sh -c set -ex; apt-get update; apt-get install -y --no-install-recommends autoconf automake bzip2 dpkg-dev file g++ gcc imagemagick libbz2-dev libc6-dev libcurl4-openssl-dev libdb-dev libevent-dev libffi-dev libgdbm-dev libglib2.0-dev libgmp-dev libjpeg-dev libkrb5-dev liblzma-dev libmagickcore-dev libmagickwand-dev libmaxminddb-dev libncurses5-dev libncursesw5-dev libpng-dev libpq-dev libreadline-dev libsqlite3-dev libssl-dev libtool libwebp-dev libxml2-dev libxslt-dev libyaml-dev make patch unzip xz-utils zlib1g-dev $( if apt-cache show 'default-libmysqlclient-dev' 2>/dev/null | grep -q '^Version:'; then echo 'default-libmysqlclient-dev'; else echo 'libmysqlclient-dev'; fi ) ; rm -rf /var/lib/apt/lists/*
187.7 MB
Digest: sha256:3edb14de22dabcf57b4d2102a3e952f3b6a2ede9126a0d5eaad1ee43463993d1
Command: /bin/sh -c groupadd --gid 1000 node && useradd --uid 1000 --gid node --shell /bin/bash --create-home node
4.1 KB
Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) ENV NODE_VERSION=18.6.0
32 bytes
Digest: sha256:9dd3efa30ca7415d18ee1b8ccb7dc19b86db0584cc676252815811450d8bd17f
Command: /bin/sh -c ARCH= && dpkgArch="$(dpkg --print-architecture)" && case "${dpkgArch##*-}" in amd64) ARCH='x64';; ppc64el) ARCH='ppc64le';; s390x) ARCH='s390x';; arm64) ARCH='arm64';; armhf) ARCH='armv7l';; i386) ARCH='x86';; *) echo "unsupported architecture"; exit 1 ;; esac && set -ex && for key in 4ED778F539E3634C779C87C6D7062848A1AB005C 141F07595B7B3FFE74309A937405533BE57C7D57 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 74F12602B6F1C4E913FAA37AD3A89613643B6201 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 61FC681DFB92A079F1685E77973F295594EC4689 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C DD8F2338BAE7501E3DD5AC78C273792F7D83545D A48C2BEE680E841632CD4E44F07496B3EB3C1762 108F52B48DB57BB0CC439B2997B01419BD92F80A B9E2F5981AA6E0CD28160D9FF13993A75599653C ; do gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" || gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" ; done && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt && ln -s /usr/local/bin/node /usr/local/bin/nodejs && node --version && npm --version
43.7 MB
Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) ENV YARN_VERSION=1.22.19
32 bytes
Digest: sha256:52a5333c4aeb8db1a0b9873f7f8176659ea65dd6c5afff8da8ed2786b9831909
Command: /bin/sh -c set -ex && for key in 6A010C5166006599AA17F08146C2130DFD2497F5 ; do gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" || gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" ; done && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz && mkdir -p /opt && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz && yarn --version
2.2 MB
Digest: sha256:2d09a6fe467be8ecdd436e8834a9adcad13fb9178b1d44239e9f5725e465dc0a
Command: /bin/sh -c #(nop) COPY file:4d192565a7220e135cab6c77fbc1c73211b69f3d9fb37e62857b2c6eb9363d51 in /usr/local/bin/
450 bytes
Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) ENTRYPOINT ["docker-entrypoint.sh"]
32 bytes
Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) CMD ["node"]
32 bytes
Digest: sha256:ab854d7a425e040a0d28776e29f633b417ee358c93e360a8f14ee96e7189791a
Command: /bin/sh -c #(nop) WORKDIR /app
92 bytes
Digest: sha256:57328492cdb80c4c14e75600d08009f738f208285dbfb8f8bf7cb11ffcfccbbf
Command: /bin/sh -c #(nop) COPY multi:2dadb333806e50aa09b0e2ce21aa179830b41d4879ee9660f0977063be9c49a0 in ./
620 bytes
Digest: sha256:a17fa93dabe97fdde54f74f694f6753276d9dd0c1f92c021129802a9717d33ba
Command: /bin/sh -c npm install
871.0 KB
Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) CMD ["/bin/sh" "-c" "bash"]
32 bytes

Last scanned

1 year, 8 months ago

Scan result

Vulnerable

Vulnerability count

1126

Max. severity

Critical
Target: . (debian 11.4)
CRITICAL

CVE-2021-22945: curl: use-after-free and double-free in MQTT sending

When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*.

Package Name: curl
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: seclists.org access.redhat.com cert-portal.siemens.com curl.se cve.mitre.org hackerone.com lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com support.apple.com ubuntu.com www.oracle.com
CRITICAL

CVE-2022-32207: curl: Unpreserved file permissions

When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.

Package Name: curl
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: access.redhat.com curl.se cve.mitre.org hackerone.com lists.fedoraproject.org nvd.nist.gov ubuntu.com
CRITICAL

CVE-2021-30473: aom_image.c in libaom in AOMedia before 2021-04-07 frees memory that i ...

aom_image.c in libaom in AOMedia before 2021-04-07 frees memory that is not located on the heap.

Package Name: libaom0
Installed Version: 1.0.0.errata1-3
Fixed Version:

References: aomedia.googlesource.com bugs.chromium.org lists.fedoraproject.org
CRITICAL

CVE-2021-30474: aom_dsp/grain_table.c in libaom in AOMedia before 2021-03-30 has a use ...

aom_dsp/grain_table.c in libaom in AOMedia before 2021-03-30 has a use-after-free.

Package Name: libaom0
Installed Version: 1.0.0.errata1-3
Fixed Version:

References: aomedia.googlesource.com bugs.chromium.org
CRITICAL

CVE-2021-30475: aom_dsp/noise_model.c in libaom in AOMedia before 2021-03-24 has a buf ...

aom_dsp/noise_model.c in libaom in AOMedia before 2021-03-24 has a buffer overflow.

Package Name: libaom0
Installed Version: 1.0.0.errata1-3
Fixed Version:

References: aomedia.googlesource.com bugs.chromium.org lists.fedoraproject.org
CRITICAL

CVE-2021-22945: curl: use-after-free and double-free in MQTT sending

When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*.

Package Name: libcurl3-gnutls
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: seclists.org access.redhat.com cert-portal.siemens.com curl.se cve.mitre.org hackerone.com lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com support.apple.com ubuntu.com www.oracle.com
CRITICAL

CVE-2022-32207: curl: Unpreserved file permissions

When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.

Package Name: libcurl3-gnutls
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: access.redhat.com curl.se cve.mitre.org hackerone.com lists.fedoraproject.org nvd.nist.gov ubuntu.com
CRITICAL

CVE-2021-22945: curl: use-after-free and double-free in MQTT sending

When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*.

Package Name: libcurl4
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: seclists.org access.redhat.com cert-portal.siemens.com curl.se cve.mitre.org hackerone.com lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com support.apple.com ubuntu.com www.oracle.com
CRITICAL

CVE-2022-32207: curl: Unpreserved file permissions

When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.

Package Name: libcurl4
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: access.redhat.com curl.se cve.mitre.org hackerone.com lists.fedoraproject.org nvd.nist.gov ubuntu.com
CRITICAL

CVE-2021-22945: curl: use-after-free and double-free in MQTT sending

When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*.

Package Name: libcurl4-openssl-dev
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: seclists.org access.redhat.com cert-portal.siemens.com curl.se cve.mitre.org hackerone.com lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com support.apple.com ubuntu.com www.oracle.com
CRITICAL

CVE-2022-32207: curl: Unpreserved file permissions

When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.

Package Name: libcurl4-openssl-dev
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: access.redhat.com curl.se cve.mitre.org hackerone.com lists.fedoraproject.org nvd.nist.gov ubuntu.com
CRITICAL

CVE-2019-8457: sqlite: heap out-of-bound read in function rtreenode()

SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.

Package Name: libdb5.3
Installed Version: 5.3.28+dfsg1-0.8
Fixed Version:

References: lists.opensuse.org access.redhat.com cve.mitre.org kc.mcafee.com linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org security.netapp.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com www.oracle.com www.oracle.com www.oracle.com www.oracle.com www.sqlite.org www.sqlite.org
CRITICAL

CVE-2019-8457: sqlite: heap out-of-bound read in function rtreenode()

SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.

Package Name: libdb5.3-dev
Installed Version: 5.3.28+dfsg1-0.8
Fixed Version:

References: lists.opensuse.org access.redhat.com cve.mitre.org kc.mcafee.com linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org security.netapp.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com www.oracle.com www.oracle.com www.oracle.com www.oracle.com www.sqlite.org www.sqlite.org
CRITICAL

CVE-2022-1253: Heap-based Buffer Overflow in GitHub repository strukturag/libde265 pr ...

Heap-based Buffer Overflow in GitHub repository strukturag/libde265 prior to and including 1.0.8. The fix is established in commit 8e89fe0e175d2870c39486fdd09250b230ec10b8 but does not yet belong to an official release.

Package Name: libde265-0
Installed Version: 1.0.8-1
Fixed Version:

References: github.com huntr.dev
CRITICAL

CVE-2022-32081: mariadb: use-after-poison in prepare_inplace_add_virtual in handler0alter.cc

MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc.

Package Name: libmariadb-dev
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org
CRITICAL

CVE-2022-32091: mariadb: server crash in JOIN_CACHE::free or in copy_fields

MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc.

Package Name: libmariadb-dev
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org
CRITICAL

CVE-2022-32081: mariadb: use-after-poison in prepare_inplace_add_virtual in handler0alter.cc

MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc.

Package Name: libmariadb-dev-compat
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org
CRITICAL

CVE-2022-32091: mariadb: server crash in JOIN_CACHE::free or in copy_fields

MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc.

Package Name: libmariadb-dev-compat
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org
CRITICAL

CVE-2022-32081: mariadb: use-after-poison in prepare_inplace_add_virtual in handler0alter.cc

MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc.

Package Name: libmariadb3
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org
CRITICAL

CVE-2022-32091: mariadb: server crash in JOIN_CACHE::free or in copy_fields

MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc.

Package Name: libmariadb3
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org
CRITICAL

CVE-2022-1586: pcre2: Out-of-bounds read in compile_xclass_matchingpath in pcre2_jit_compile.c

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.

Package Name: libpcre2-16-0
Installed Version: 10.36-2
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com github.com linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov
CRITICAL

CVE-2022-1587: pcre2: Out-of-bounds read in get_recurse_data_length in pcre2_jit_compile.c

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.

Package Name: libpcre2-16-0
Installed Version: 10.36-2
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov
CRITICAL

CVE-2022-1586: pcre2: Out-of-bounds read in compile_xclass_matchingpath in pcre2_jit_compile.c

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.

Package Name: libpcre2-32-0
Installed Version: 10.36-2
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com github.com linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov
CRITICAL

CVE-2022-1587: pcre2: Out-of-bounds read in get_recurse_data_length in pcre2_jit_compile.c

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.

Package Name: libpcre2-32-0
Installed Version: 10.36-2
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov
CRITICAL

CVE-2022-1586: pcre2: Out-of-bounds read in compile_xclass_matchingpath in pcre2_jit_compile.c

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.

Package Name: libpcre2-8-0
Installed Version: 10.36-2
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com github.com linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov
CRITICAL

CVE-2022-1587: pcre2: Out-of-bounds read in get_recurse_data_length in pcre2_jit_compile.c

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.

Package Name: libpcre2-8-0
Installed Version: 10.36-2
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov
CRITICAL

CVE-2022-1586: pcre2: Out-of-bounds read in compile_xclass_matchingpath in pcre2_jit_compile.c

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.

Package Name: libpcre2-dev
Installed Version: 10.36-2
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com github.com linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov
CRITICAL

CVE-2022-1587: pcre2: Out-of-bounds read in get_recurse_data_length in pcre2_jit_compile.c

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.

Package Name: libpcre2-dev
Installed Version: 10.36-2
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov
CRITICAL

CVE-2022-1586: pcre2: Out-of-bounds read in compile_xclass_matchingpath in pcre2_jit_compile.c

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.

Package Name: libpcre2-posix2
Installed Version: 10.36-2
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com github.com linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov
CRITICAL

CVE-2022-1587: pcre2: Out-of-bounds read in get_recurse_data_length in pcre2_jit_compile.c

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.

Package Name: libpcre2-posix2
Installed Version: 10.36-2
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov
CRITICAL

CVE-2015-20107: python(mailcap): findmatch() function does not sanitise the second argument

In Python (aka CPython) through 3.10.4, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments).

Package Name: libpython3.9-minimal
Installed Version: 3.9.2-1
Fixed Version:

References: access.redhat.com bugs.python.org cve.mitre.org github.com github.com github.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org mail.python.org nvd.nist.gov security.netapp.com ubuntu.com
CRITICAL

CVE-2021-29921: python-ipaddress: Improper input validation of octal strings

In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses.

Package Name: libpython3.9-minimal
Installed Version: 3.9.2-1
Fixed Version:

References: access.redhat.com bugs.python.org cve.mitre.org docs.python.org errata.almalinux.org github.com github.com github.com github.com github.com linux.oracle.com linux.oracle.com python-security.readthedocs.io security.netapp.com sick.codes ubuntu.com ubuntu.com www.oracle.com www.oracle.com www.oracle.com www.oracle.com
CRITICAL

CVE-2015-20107: python(mailcap): findmatch() function does not sanitise the second argument

In Python (aka CPython) through 3.10.4, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments).

Package Name: libpython3.9-stdlib
Installed Version: 3.9.2-1
Fixed Version:

References: access.redhat.com bugs.python.org cve.mitre.org github.com github.com github.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org mail.python.org nvd.nist.gov security.netapp.com ubuntu.com
CRITICAL

CVE-2021-29921: python-ipaddress: Improper input validation of octal strings

In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses.

Package Name: libpython3.9-stdlib
Installed Version: 3.9.2-1
Fixed Version:

References: access.redhat.com bugs.python.org cve.mitre.org docs.python.org errata.almalinux.org github.com github.com github.com github.com github.com linux.oracle.com linux.oracle.com python-security.readthedocs.io security.netapp.com sick.codes ubuntu.com ubuntu.com www.oracle.com www.oracle.com www.oracle.com www.oracle.com
CRITICAL

CVE-2022-32081: mariadb: use-after-poison in prepare_inplace_add_virtual in handler0alter.cc

MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc.

Package Name: mariadb-common
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org
CRITICAL

CVE-2022-32091: mariadb: server crash in JOIN_CACHE::free or in copy_fields

MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc.

Package Name: mariadb-common
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org
CRITICAL

CVE-2015-20107: python(mailcap): findmatch() function does not sanitise the second argument

In Python (aka CPython) through 3.10.4, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments).

Package Name: python3.9
Installed Version: 3.9.2-1
Fixed Version:

References: access.redhat.com bugs.python.org cve.mitre.org github.com github.com github.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org mail.python.org nvd.nist.gov security.netapp.com ubuntu.com
CRITICAL

CVE-2021-29921: python-ipaddress: Improper input validation of octal strings

In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses.

Package Name: python3.9
Installed Version: 3.9.2-1
Fixed Version:

References: access.redhat.com bugs.python.org cve.mitre.org docs.python.org errata.almalinux.org github.com github.com github.com github.com github.com linux.oracle.com linux.oracle.com python-security.readthedocs.io security.netapp.com sick.codes ubuntu.com ubuntu.com www.oracle.com www.oracle.com www.oracle.com www.oracle.com
CRITICAL

CVE-2015-20107: python(mailcap): findmatch() function does not sanitise the second argument

In Python (aka CPython) through 3.10.4, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments).

Package Name: python3.9-minimal
Installed Version: 3.9.2-1
Fixed Version:

References: access.redhat.com bugs.python.org cve.mitre.org github.com github.com github.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org mail.python.org nvd.nist.gov security.netapp.com ubuntu.com
CRITICAL

CVE-2021-29921: python-ipaddress: Improper input validation of octal strings

In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses.

Package Name: python3.9-minimal
Installed Version: 3.9.2-1
Fixed Version:

References: access.redhat.com bugs.python.org cve.mitre.org docs.python.org errata.almalinux.org github.com github.com github.com github.com github.com linux.oracle.com linux.oracle.com python-security.readthedocs.io security.netapp.com sick.codes ubuntu.com ubuntu.com www.oracle.com www.oracle.com www.oracle.com www.oracle.com
HIGH

CVE-2022-1304: e2fsprogs: out-of-bounds read/write via crafted filesystem

An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.

Package Name: comerr-dev
Installed Version: 1.46.2-2
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org marc.info nvd.nist.gov ubuntu.com
HIGH

CVE-2021-22946: curl: Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocols

A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network.

Package Name: curl
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: seclists.org access.redhat.com access.redhat.com access.redhat.com cert-portal.siemens.com curl.se cve.mitre.org hackerone.com linux.oracle.com linux.oracle.com lists.debian.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com security.netapp.com support.apple.com ubuntu.com ubuntu.com www.oracle.com www.oracle.com www.oracle.com
HIGH

CVE-2022-22576: curl: OAUTH2 bearer bypass in connection re-use

An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).

Package Name: curl
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com curl.se cve.mitre.org hackerone.com linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com ubuntu.com
HIGH

CVE-2022-27775: curl: bad local IPv6 connection reuse

An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.

Package Name: curl
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: access.redhat.com curl.se cve.mitre.org hackerone.com nvd.nist.gov security.netapp.com ubuntu.com
HIGH

CVE-2022-27781: curl: CERTINFO never-ending busy-loop

libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.

Package Name: curl
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: access.redhat.com curl.se cve.mitre.org github.com hackerone.com nvd.nist.gov security.netapp.com ubuntu.com ubuntu.com
HIGH

CVE-2022-27782: curl: TLS and SSH connection too eager reuse

libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.

Package Name: curl
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com curl.se cve.mitre.org hackerone.com linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com ubuntu.com
HIGH

CVE-2022-1304: e2fsprogs: out-of-bounds read/write via crafted filesystem

An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.

Package Name: e2fsprogs
Installed Version: 1.46.2-2
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org marc.info nvd.nist.gov ubuntu.com
HIGH

CVE-2021-44648: gdk-pixbuf: heap-buffer overflow when decoding the lzw compressed stream of image data

GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12.

Package Name: gir1.2-gdkpixbuf-2.0
Installed Version: 2.42.2+dfsg-1
Fixed Version:

References: access.redhat.com cve.mitre.org gitlab.gnome.org lists.fedoraproject.org lists.fedoraproject.org sahildhar.github.io
HIGH

CVE-2022-24765: git: On multi-user machines Git users might find themselves unexpectedly in a Git worktree

Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\.git\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run, and remove read/write access from those folders as a workaround. Alternatively, define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile, e.g. `C:\Users` if the user profile is located in `C:\Users\my-user-name`.

Package Name: git
Installed Version: 1:2.30.2-1
Fixed Version:

References: seclists.org www.openwall.com access.redhat.com cve.mitre.org git-scm.com git-scm.com github.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org support.apple.com ubuntu.com ubuntu.com ubuntu.com
HIGH

CVE-2022-29187: git: Bypass of safe.directory protections

Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a patch for this issue. The simplest way to avoid being affected by the exploit described in the example is to avoid running git as root (or an Administrator in Windows), and if needed to reduce its use to a minimum. While a generic workaround is not possible, a system could be hardened from the exploit described in the example by removing any such repository if it exists already and creating one as root to block any future attacks.

Package Name: git
Installed Version: 1:2.30.2-1
Fixed Version:

References: www.openwall.com access.redhat.com cve.mitre.org github.blog github.com lore.kernel.org ubuntu.com
HIGH

CVE-2022-24765: git: On multi-user machines Git users might find themselves unexpectedly in a Git worktree

Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\.git\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run, and remove read/write access from those folders as a workaround. Alternatively, define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile, e.g. `C:\Users` if the user profile is located in `C:\Users\my-user-name`.

Package Name: git-man
Installed Version: 1:2.30.2-1
Fixed Version:

References: seclists.org www.openwall.com access.redhat.com cve.mitre.org git-scm.com git-scm.com github.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org support.apple.com ubuntu.com ubuntu.com ubuntu.com
HIGH

CVE-2022-29187: git: Bypass of safe.directory protections

Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a patch for this issue. The simplest way to avoid being affected by the exploit described in the example is to avoid running git as root (or an Administrator in Windows), and if needed to reduce its use to a minimum. While a generic workaround is not possible, a system could be hardened from the exploit described in the example by removing any such repository if it exists already and creating one as root to block any future attacks.

Package Name: git-man
Installed Version: 1:2.30.2-1
Fixed Version:

References: www.openwall.com access.redhat.com cve.mitre.org github.blog github.com lore.kernel.org ubuntu.com
HIGH

CVE-2021-20309: ImagemMagick: Division by zero in WaveImage() of MagickCore/visual-effects.c

A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability.

Package Name: imagemagick
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com
HIGH

CVE-2021-20312: ImageMagick: Integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c

A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.

Package Name: imagemagick
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com
HIGH

CVE-2021-20313: ImageMagick: Cipher leak when the calculating signatures in TransformSignatureof MagickCore/signature.c

A flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible. The highest threat from this vulnerability is to data confidentiality.

Package Name: imagemagick
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com
HIGH

CVE-2022-1114: ImageMagick: heap-use-after-free in RelinquishDCMInfo of dcm.c

A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service.

Package Name: imagemagick
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org
HIGH

CVE-2022-28463: ImageMagick: heap-buffer-overflow in PushLongPixel() of quantum-private.h

ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.

Package Name: imagemagick
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com cve.mitre.org github.com github.com github.com lists.debian.org ubuntu.com
HIGH

CVE-2022-32545: ImageMagick: outside the range of representable values of type 'unsigned char' at coders/psd.c

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.

Package Name: imagemagick
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com github.com github.com
HIGH

CVE-2022-32546: ImageMagick: outside the range of representable values of type 'unsigned long' at coders/pcl.c

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.

Package Name: imagemagick
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com github.com github.com
HIGH

CVE-2022-32547: ImageMagick: load of misaligned address at MagickCore/property.c

In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior.

Package Name: imagemagick
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com github.com github.com
HIGH

CVE-2021-20309: ImagemMagick: Division by zero in WaveImage() of MagickCore/visual-effects.c

A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability.

Package Name: imagemagick-6-common
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com
HIGH

CVE-2021-20312: ImageMagick: Integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c

A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.

Package Name: imagemagick-6-common
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com
HIGH

CVE-2021-20313: ImageMagick: Cipher leak when the calculating signatures in TransformSignatureof MagickCore/signature.c

A flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible. The highest threat from this vulnerability is to data confidentiality.

Package Name: imagemagick-6-common
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com
HIGH

CVE-2022-1114: ImageMagick: heap-use-after-free in RelinquishDCMInfo of dcm.c

A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service.

Package Name: imagemagick-6-common
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org
HIGH

CVE-2022-28463: ImageMagick: heap-buffer-overflow in PushLongPixel() of quantum-private.h

ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.

Package Name: imagemagick-6-common
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com cve.mitre.org github.com github.com github.com lists.debian.org ubuntu.com
HIGH

CVE-2022-32545: ImageMagick: outside the range of representable values of type 'unsigned char' at coders/psd.c

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.

Package Name: imagemagick-6-common
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com github.com github.com
HIGH

CVE-2022-32546: ImageMagick: outside the range of representable values of type 'unsigned long' at coders/pcl.c

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.

Package Name: imagemagick-6-common
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com github.com github.com
HIGH

CVE-2022-32547: ImageMagick: load of misaligned address at MagickCore/property.c

In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior.

Package Name: imagemagick-6-common
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com github.com github.com
HIGH

CVE-2021-20309: ImagemMagick: Division by zero in WaveImage() of MagickCore/visual-effects.c

A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability.

Package Name: imagemagick-6.q16
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com
HIGH

CVE-2021-20312: ImageMagick: Integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c

A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.

Package Name: imagemagick-6.q16
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com
HIGH

CVE-2021-20313: ImageMagick: Cipher leak when the calculating signatures in TransformSignatureof MagickCore/signature.c

A flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible. The highest threat from this vulnerability is to data confidentiality.

Package Name: imagemagick-6.q16
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com
HIGH

CVE-2022-1114: ImageMagick: heap-use-after-free in RelinquishDCMInfo of dcm.c

A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service.

Package Name: imagemagick-6.q16
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org
HIGH

CVE-2022-28463: ImageMagick: heap-buffer-overflow in PushLongPixel() of quantum-private.h

ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.

Package Name: imagemagick-6.q16
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com cve.mitre.org github.com github.com github.com lists.debian.org ubuntu.com
HIGH

CVE-2022-32545: ImageMagick: outside the range of representable values of type 'unsigned char' at coders/psd.c

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.

Package Name: imagemagick-6.q16
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com github.com github.com
HIGH

CVE-2022-32546: ImageMagick: outside the range of representable values of type 'unsigned long' at coders/pcl.c

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.

Package Name: imagemagick-6.q16
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com github.com github.com
HIGH

CVE-2022-32547: ImageMagick: load of misaligned address at MagickCore/property.c

In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior.

Package Name: imagemagick-6.q16
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com github.com github.com
HIGH

CVE-2020-0478: In extend_frame_lowbd of restoration.c, there is a possible out of bou ...

In extend_frame_lowbd of restoration.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150780418

Package Name: libaom0
Installed Version: 1.0.0.errata1-3
Fixed Version:

References: source.android.com
HIGH

CVE-2020-36131: AOM v2.0.1 was discovered to contain a stack buffer overflow via the c ...

AOM v2.0.1 was discovered to contain a stack buffer overflow via the component stats/rate_hist.c.

Package Name: libaom0
Installed Version: 1.0.0.errata1-3
Fixed Version:

References: aomedia.googlesource.com bugs.chromium.org cve.mitre.org
HIGH

CVE-2020-36133: AOM v2.0.1 was discovered to contain a global buffer overflow via the ...

AOM v2.0.1 was discovered to contain a global buffer overflow via the component av1/encoder/partition_search.h.

Package Name: libaom0
Installed Version: 1.0.0.errata1-3
Fixed Version:

References: aomedia.googlesource.com bugs.chromium.org cve.mitre.org
HIGH

CVE-2021-3999: glibc: Off-by-one buffer overflow/underflow in getcwd()

A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.

Package Name: libc-bin
Installed Version: 2.31-13+deb11u3
Fixed Version:

References: access.redhat.com access.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com ubuntu.com ubuntu.com www.openwall.com
HIGH

CVE-2021-3999: glibc: Off-by-one buffer overflow/underflow in getcwd()

A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.

Package Name: libc-dev-bin
Installed Version: 2.31-13+deb11u3
Fixed Version:

References: access.redhat.com access.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com ubuntu.com ubuntu.com www.openwall.com
HIGH

CVE-2021-3999: glibc: Off-by-one buffer overflow/underflow in getcwd()

A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.

Package Name: libc6
Installed Version: 2.31-13+deb11u3
Fixed Version:

References: access.redhat.com access.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com ubuntu.com ubuntu.com www.openwall.com
HIGH

CVE-2021-3999: glibc: Off-by-one buffer overflow/underflow in getcwd()

A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.

Package Name: libc6-dev
Installed Version: 2.31-13+deb11u3
Fixed Version:

References: access.redhat.com access.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com ubuntu.com ubuntu.com www.openwall.com
HIGH

CVE-2022-1304: e2fsprogs: out-of-bounds read/write via crafted filesystem

An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.

Package Name: libcom-err2
Installed Version: 1.46.2-2
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org marc.info nvd.nist.gov ubuntu.com
HIGH

CVE-2021-22946: curl: Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocols

A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network.

Package Name: libcurl3-gnutls
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: seclists.org access.redhat.com access.redhat.com access.redhat.com cert-portal.siemens.com curl.se cve.mitre.org hackerone.com linux.oracle.com linux.oracle.com lists.debian.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com security.netapp.com support.apple.com ubuntu.com ubuntu.com www.oracle.com www.oracle.com www.oracle.com
HIGH

CVE-2022-22576: curl: OAUTH2 bearer bypass in connection re-use

An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).

Package Name: libcurl3-gnutls
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com curl.se cve.mitre.org hackerone.com linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com ubuntu.com
HIGH

CVE-2022-27775: curl: bad local IPv6 connection reuse

An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.

Package Name: libcurl3-gnutls
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: access.redhat.com curl.se cve.mitre.org hackerone.com nvd.nist.gov security.netapp.com ubuntu.com
HIGH

CVE-2022-27781: curl: CERTINFO never-ending busy-loop

libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.

Package Name: libcurl3-gnutls
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: access.redhat.com curl.se cve.mitre.org github.com hackerone.com nvd.nist.gov security.netapp.com ubuntu.com ubuntu.com
HIGH

CVE-2022-27782: curl: TLS and SSH connection too eager reuse

libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.

Package Name: libcurl3-gnutls
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com curl.se cve.mitre.org hackerone.com linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com ubuntu.com
HIGH

CVE-2021-22946: curl: Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocols

A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network.

Package Name: libcurl4
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: seclists.org access.redhat.com access.redhat.com access.redhat.com cert-portal.siemens.com curl.se cve.mitre.org hackerone.com linux.oracle.com linux.oracle.com lists.debian.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com security.netapp.com support.apple.com ubuntu.com ubuntu.com www.oracle.com www.oracle.com www.oracle.com
HIGH

CVE-2022-22576: curl: OAUTH2 bearer bypass in connection re-use

An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).

Package Name: libcurl4
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com curl.se cve.mitre.org hackerone.com linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com ubuntu.com
HIGH

CVE-2022-27775: curl: bad local IPv6 connection reuse

An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.

Package Name: libcurl4
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: access.redhat.com curl.se cve.mitre.org hackerone.com nvd.nist.gov security.netapp.com ubuntu.com
HIGH

CVE-2022-27781: curl: CERTINFO never-ending busy-loop

libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.

Package Name: libcurl4
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: access.redhat.com curl.se cve.mitre.org github.com hackerone.com nvd.nist.gov security.netapp.com ubuntu.com ubuntu.com
HIGH

CVE-2022-27782: curl: TLS and SSH connection too eager reuse

libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.

Package Name: libcurl4
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com curl.se cve.mitre.org hackerone.com linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com ubuntu.com
HIGH

CVE-2021-22946: curl: Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocols

A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network.

Package Name: libcurl4-openssl-dev
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: seclists.org access.redhat.com access.redhat.com access.redhat.com cert-portal.siemens.com curl.se cve.mitre.org hackerone.com linux.oracle.com linux.oracle.com lists.debian.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com security.netapp.com support.apple.com ubuntu.com ubuntu.com www.oracle.com www.oracle.com www.oracle.com
HIGH

CVE-2022-22576: curl: OAUTH2 bearer bypass in connection re-use

An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).

Package Name: libcurl4-openssl-dev
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com curl.se cve.mitre.org hackerone.com linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com ubuntu.com
HIGH

CVE-2022-27775: curl: bad local IPv6 connection reuse

An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.

Package Name: libcurl4-openssl-dev
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: access.redhat.com curl.se cve.mitre.org hackerone.com nvd.nist.gov security.netapp.com ubuntu.com
HIGH

CVE-2022-27781: curl: CERTINFO never-ending busy-loop

libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.

Package Name: libcurl4-openssl-dev
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: access.redhat.com curl.se cve.mitre.org github.com hackerone.com nvd.nist.gov security.netapp.com ubuntu.com ubuntu.com
HIGH

CVE-2022-27782: curl: TLS and SSH connection too eager reuse

libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.

Package Name: libcurl4-openssl-dev
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com curl.se cve.mitre.org hackerone.com linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com ubuntu.com
HIGH

CVE-2020-21598: libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unw ...

libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unweighted_pred_8_sse function, which can be exploited via a crafted a file.

Package Name: libde265-0
Installed Version: 1.0.8-1
Fixed Version:

References: cwe.mitre.org github.com
HIGH

CVE-2021-36409: There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at ...

There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at sps.cc:925 in libde265 v1.0.8 when decoding file, which allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file or possibly have unspecified other impact.

Package Name: libde265-0
Installed Version: 1.0.8-1
Fixed Version:

References: github.com
HIGH

CVE-2022-1304: e2fsprogs: out-of-bounds read/write via crafted filesystem

An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.

Package Name: libext2fs2
Installed Version: 1.46.2-2
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org marc.info nvd.nist.gov ubuntu.com
HIGH

CVE-2021-33560: libgcrypt: mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm

Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP.

Package Name: libgcrypt20
Installed Version: 1.8.7-6
Fixed Version:

References: access.redhat.com access.redhat.com cve.mitre.org dev.gnupg.org dev.gnupg.org dev.gnupg.org dev.gnupg.org eprint.iacr.org errata.almalinux.org linux.oracle.com linux.oracle.com lists.debian.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov ubuntu.com ubuntu.com www.oracle.com www.oracle.com www.oracle.com
HIGH

CVE-2021-44648: gdk-pixbuf: heap-buffer overflow when decoding the lzw compressed stream of image data

GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12.

Package Name: libgdk-pixbuf-2.0-0
Installed Version: 2.42.2+dfsg-1
Fixed Version:

References: access.redhat.com cve.mitre.org gitlab.gnome.org lists.fedoraproject.org lists.fedoraproject.org sahildhar.github.io
HIGH

CVE-2021-44648: gdk-pixbuf: heap-buffer overflow when decoding the lzw compressed stream of image data

GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12.

Package Name: libgdk-pixbuf-2.0-dev
Installed Version: 2.42.2+dfsg-1
Fixed Version:

References: access.redhat.com cve.mitre.org gitlab.gnome.org lists.fedoraproject.org lists.fedoraproject.org sahildhar.github.io
HIGH

CVE-2021-44648: gdk-pixbuf: heap-buffer overflow when decoding the lzw compressed stream of image data

GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12.

Package Name: libgdk-pixbuf2.0-bin
Installed Version: 2.42.2+dfsg-1
Fixed Version:

References: access.redhat.com cve.mitre.org gitlab.gnome.org lists.fedoraproject.org lists.fedoraproject.org sahildhar.github.io
HIGH

CVE-2021-44648: gdk-pixbuf: heap-buffer overflow when decoding the lzw compressed stream of image data

GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12.

Package Name: libgdk-pixbuf2.0-common
Installed Version: 2.42.2+dfsg-1
Fixed Version:

References: access.redhat.com cve.mitre.org gitlab.gnome.org lists.fedoraproject.org lists.fedoraproject.org sahildhar.github.io
HIGH

CVE-2020-23109: Buffer overflow vulnerability in function convert_colorspace in heif_c ...

Buffer overflow vulnerability in function convert_colorspace in heif_colorconversion.cc in libheif v1.6.2, allows attackers to cause a denial of service and disclose sensitive information, via a crafted HEIF file.

Package Name: libheif1
Installed Version: 1.11.0-1
Fixed Version:

References: github.com
HIGH

CVE-2021-20309: ImagemMagick: Division by zero in WaveImage() of MagickCore/visual-effects.c

A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability.

Package Name: libmagickcore-6-arch-config
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com
HIGH

CVE-2021-20312: ImageMagick: Integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c

A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.

Package Name: libmagickcore-6-arch-config
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com
HIGH

CVE-2021-20313: ImageMagick: Cipher leak when the calculating signatures in TransformSignatureof MagickCore/signature.c

A flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible. The highest threat from this vulnerability is to data confidentiality.

Package Name: libmagickcore-6-arch-config
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com
HIGH

CVE-2022-1114: ImageMagick: heap-use-after-free in RelinquishDCMInfo of dcm.c

A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service.

Package Name: libmagickcore-6-arch-config
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org
HIGH

CVE-2022-28463: ImageMagick: heap-buffer-overflow in PushLongPixel() of quantum-private.h

ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.

Package Name: libmagickcore-6-arch-config
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com cve.mitre.org github.com github.com github.com lists.debian.org ubuntu.com
HIGH

CVE-2022-32545: ImageMagick: outside the range of representable values of type 'unsigned char' at coders/psd.c

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.

Package Name: libmagickcore-6-arch-config
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com github.com github.com
HIGH

CVE-2022-32546: ImageMagick: outside the range of representable values of type 'unsigned long' at coders/pcl.c

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.

Package Name: libmagickcore-6-arch-config
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com github.com github.com
HIGH

CVE-2022-32547: ImageMagick: load of misaligned address at MagickCore/property.c

In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior.

Package Name: libmagickcore-6-arch-config
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com github.com github.com
HIGH

CVE-2021-20309: ImagemMagick: Division by zero in WaveImage() of MagickCore/visual-effects.c

A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability.

Package Name: libmagickcore-6-headers
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com
HIGH

CVE-2021-20312: ImageMagick: Integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c

A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.

Package Name: libmagickcore-6-headers
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com
HIGH

CVE-2021-20313: ImageMagick: Cipher leak when the calculating signatures in TransformSignatureof MagickCore/signature.c

A flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible. The highest threat from this vulnerability is to data confidentiality.

Package Name: libmagickcore-6-headers
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com
HIGH

CVE-2022-1114: ImageMagick: heap-use-after-free in RelinquishDCMInfo of dcm.c

A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service.

Package Name: libmagickcore-6-headers
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org
HIGH

CVE-2022-28463: ImageMagick: heap-buffer-overflow in PushLongPixel() of quantum-private.h

ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.

Package Name: libmagickcore-6-headers
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com cve.mitre.org github.com github.com github.com lists.debian.org ubuntu.com
HIGH

CVE-2022-32545: ImageMagick: outside the range of representable values of type 'unsigned char' at coders/psd.c

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.

Package Name: libmagickcore-6-headers
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com github.com github.com
HIGH

CVE-2022-32546: ImageMagick: outside the range of representable values of type 'unsigned long' at coders/pcl.c

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.

Package Name: libmagickcore-6-headers
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com github.com github.com
HIGH

CVE-2022-32547: ImageMagick: load of misaligned address at MagickCore/property.c

In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior.

Package Name: libmagickcore-6-headers
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com github.com github.com
HIGH

CVE-2021-20309: ImagemMagick: Division by zero in WaveImage() of MagickCore/visual-effects.c

A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability.

Package Name: libmagickcore-6.q16-6
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com
HIGH

CVE-2021-20312: ImageMagick: Integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c

A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.

Package Name: libmagickcore-6.q16-6
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com
HIGH

CVE-2021-20313: ImageMagick: Cipher leak when the calculating signatures in TransformSignatureof MagickCore/signature.c

A flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible. The highest threat from this vulnerability is to data confidentiality.

Package Name: libmagickcore-6.q16-6
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com
HIGH

CVE-2022-1114: ImageMagick: heap-use-after-free in RelinquishDCMInfo of dcm.c

A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service.

Package Name: libmagickcore-6.q16-6
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org
HIGH

CVE-2022-28463: ImageMagick: heap-buffer-overflow in PushLongPixel() of quantum-private.h

ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.

Package Name: libmagickcore-6.q16-6
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com cve.mitre.org github.com github.com github.com lists.debian.org ubuntu.com
HIGH

CVE-2022-32545: ImageMagick: outside the range of representable values of type 'unsigned char' at coders/psd.c

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.

Package Name: libmagickcore-6.q16-6
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com github.com github.com
HIGH

CVE-2022-32546: ImageMagick: outside the range of representable values of type 'unsigned long' at coders/pcl.c

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.

Package Name: libmagickcore-6.q16-6
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com github.com github.com
HIGH

CVE-2022-32547: ImageMagick: load of misaligned address at MagickCore/property.c

In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior.

Package Name: libmagickcore-6.q16-6
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com github.com github.com
HIGH

CVE-2021-20309: ImagemMagick: Division by zero in WaveImage() of MagickCore/visual-effects.c

A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability.

Package Name: libmagickcore-6.q16-6-extra
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com
HIGH

CVE-2021-20312: ImageMagick: Integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c

A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.

Package Name: libmagickcore-6.q16-6-extra
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com
HIGH

CVE-2021-20313: ImageMagick: Cipher leak when the calculating signatures in TransformSignatureof MagickCore/signature.c

A flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible. The highest threat from this vulnerability is to data confidentiality.

Package Name: libmagickcore-6.q16-6-extra
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com
HIGH

CVE-2022-1114: ImageMagick: heap-use-after-free in RelinquishDCMInfo of dcm.c

A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service.

Package Name: libmagickcore-6.q16-6-extra
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org
HIGH

CVE-2022-28463: ImageMagick: heap-buffer-overflow in PushLongPixel() of quantum-private.h

ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.

Package Name: libmagickcore-6.q16-6-extra
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com cve.mitre.org github.com github.com github.com lists.debian.org ubuntu.com
HIGH

CVE-2022-32545: ImageMagick: outside the range of representable values of type 'unsigned char' at coders/psd.c

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.

Package Name: libmagickcore-6.q16-6-extra
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com github.com github.com
HIGH

CVE-2022-32546: ImageMagick: outside the range of representable values of type 'unsigned long' at coders/pcl.c

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.

Package Name: libmagickcore-6.q16-6-extra
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com github.com github.com
HIGH

CVE-2022-32547: ImageMagick: load of misaligned address at MagickCore/property.c

In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior.

Package Name: libmagickcore-6.q16-6-extra
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com github.com github.com
HIGH

CVE-2021-20309: ImagemMagick: Division by zero in WaveImage() of MagickCore/visual-effects.c

A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability.

Package Name: libmagickcore-6.q16-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com
HIGH

CVE-2021-20312: ImageMagick: Integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c

A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.

Package Name: libmagickcore-6.q16-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com
HIGH

CVE-2021-20313: ImageMagick: Cipher leak when the calculating signatures in TransformSignatureof MagickCore/signature.c

A flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible. The highest threat from this vulnerability is to data confidentiality.

Package Name: libmagickcore-6.q16-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com
HIGH

CVE-2022-1114: ImageMagick: heap-use-after-free in RelinquishDCMInfo of dcm.c

A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service.

Package Name: libmagickcore-6.q16-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org
HIGH

CVE-2022-28463: ImageMagick: heap-buffer-overflow in PushLongPixel() of quantum-private.h

ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.

Package Name: libmagickcore-6.q16-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com cve.mitre.org github.com github.com github.com lists.debian.org ubuntu.com
HIGH

CVE-2022-32545: ImageMagick: outside the range of representable values of type 'unsigned char' at coders/psd.c

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.

Package Name: libmagickcore-6.q16-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com github.com github.com
HIGH

CVE-2022-32546: ImageMagick: outside the range of representable values of type 'unsigned long' at coders/pcl.c

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.

Package Name: libmagickcore-6.q16-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com github.com github.com
HIGH

CVE-2022-32547: ImageMagick: load of misaligned address at MagickCore/property.c

In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior.

Package Name: libmagickcore-6.q16-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com github.com github.com
HIGH

CVE-2021-20309: ImagemMagick: Division by zero in WaveImage() of MagickCore/visual-effects.c

A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability.

Package Name: libmagickcore-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com
HIGH

CVE-2021-20312: ImageMagick: Integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c

A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.

Package Name: libmagickcore-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com
HIGH

CVE-2021-20313: ImageMagick: Cipher leak when the calculating signatures in TransformSignatureof MagickCore/signature.c

A flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible. The highest threat from this vulnerability is to data confidentiality.

Package Name: libmagickcore-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com
HIGH

CVE-2022-1114: ImageMagick: heap-use-after-free in RelinquishDCMInfo of dcm.c

A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service.

Package Name: libmagickcore-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org
HIGH

CVE-2022-28463: ImageMagick: heap-buffer-overflow in PushLongPixel() of quantum-private.h

ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.

Package Name: libmagickcore-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com cve.mitre.org github.com github.com github.com lists.debian.org ubuntu.com
HIGH

CVE-2022-32545: ImageMagick: outside the range of representable values of type 'unsigned char' at coders/psd.c

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.

Package Name: libmagickcore-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com github.com github.com
HIGH

CVE-2022-32546: ImageMagick: outside the range of representable values of type 'unsigned long' at coders/pcl.c

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.

Package Name: libmagickcore-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com github.com github.com
HIGH

CVE-2022-32547: ImageMagick: load of misaligned address at MagickCore/property.c

In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior.

Package Name: libmagickcore-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com github.com github.com
HIGH

CVE-2021-20309: ImagemMagick: Division by zero in WaveImage() of MagickCore/visual-effects.c

A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability.

Package Name: libmagickwand-6-headers
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com
HIGH

CVE-2021-20312: ImageMagick: Integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c

A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.

Package Name: libmagickwand-6-headers
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com
HIGH

CVE-2021-20313: ImageMagick: Cipher leak when the calculating signatures in TransformSignatureof MagickCore/signature.c

A flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible. The highest threat from this vulnerability is to data confidentiality.

Package Name: libmagickwand-6-headers
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com
HIGH

CVE-2022-1114: ImageMagick: heap-use-after-free in RelinquishDCMInfo of dcm.c

A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service.

Package Name: libmagickwand-6-headers
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org
HIGH

CVE-2022-28463: ImageMagick: heap-buffer-overflow in PushLongPixel() of quantum-private.h

ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.

Package Name: libmagickwand-6-headers
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com cve.mitre.org github.com github.com github.com lists.debian.org ubuntu.com
HIGH

CVE-2022-32545: ImageMagick: outside the range of representable values of type 'unsigned char' at coders/psd.c

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.

Package Name: libmagickwand-6-headers
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com github.com github.com
HIGH

CVE-2022-32546: ImageMagick: outside the range of representable values of type 'unsigned long' at coders/pcl.c

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.

Package Name: libmagickwand-6-headers
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com github.com github.com
HIGH

CVE-2022-32547: ImageMagick: load of misaligned address at MagickCore/property.c

In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior.

Package Name: libmagickwand-6-headers
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com github.com github.com
HIGH

CVE-2021-20309: ImagemMagick: Division by zero in WaveImage() of MagickCore/visual-effects.c

A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability.

Package Name: libmagickwand-6.q16-6
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com
HIGH

CVE-2021-20312: ImageMagick: Integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c

A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.

Package Name: libmagickwand-6.q16-6
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com
HIGH

CVE-2021-20313: ImageMagick: Cipher leak when the calculating signatures in TransformSignatureof MagickCore/signature.c

A flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible. The highest threat from this vulnerability is to data confidentiality.

Package Name: libmagickwand-6.q16-6
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com
HIGH

CVE-2022-1114: ImageMagick: heap-use-after-free in RelinquishDCMInfo of dcm.c

A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service.

Package Name: libmagickwand-6.q16-6
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org
HIGH

CVE-2022-28463: ImageMagick: heap-buffer-overflow in PushLongPixel() of quantum-private.h

ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.

Package Name: libmagickwand-6.q16-6
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com cve.mitre.org github.com github.com github.com lists.debian.org ubuntu.com
HIGH

CVE-2022-32545: ImageMagick: outside the range of representable values of type 'unsigned char' at coders/psd.c

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.

Package Name: libmagickwand-6.q16-6
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com github.com github.com
HIGH

CVE-2022-32546: ImageMagick: outside the range of representable values of type 'unsigned long' at coders/pcl.c

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.

Package Name: libmagickwand-6.q16-6
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com github.com github.com
HIGH

CVE-2022-32547: ImageMagick: load of misaligned address at MagickCore/property.c

In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior.

Package Name: libmagickwand-6.q16-6
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com github.com github.com
HIGH

CVE-2021-20309: ImagemMagick: Division by zero in WaveImage() of MagickCore/visual-effects.c

A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability.

Package Name: libmagickwand-6.q16-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com
HIGH

CVE-2021-20312: ImageMagick: Integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c

A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.

Package Name: libmagickwand-6.q16-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com
HIGH

CVE-2021-20313: ImageMagick: Cipher leak when the calculating signatures in TransformSignatureof MagickCore/signature.c

A flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible. The highest threat from this vulnerability is to data confidentiality.

Package Name: libmagickwand-6.q16-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com
HIGH

CVE-2022-1114: ImageMagick: heap-use-after-free in RelinquishDCMInfo of dcm.c

A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service.

Package Name: libmagickwand-6.q16-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org
HIGH

CVE-2022-28463: ImageMagick: heap-buffer-overflow in PushLongPixel() of quantum-private.h

ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.

Package Name: libmagickwand-6.q16-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com cve.mitre.org github.com github.com github.com lists.debian.org ubuntu.com
HIGH

CVE-2022-32545: ImageMagick: outside the range of representable values of type 'unsigned char' at coders/psd.c

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.

Package Name: libmagickwand-6.q16-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com github.com github.com
HIGH

CVE-2022-32546: ImageMagick: outside the range of representable values of type 'unsigned long' at coders/pcl.c

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.

Package Name: libmagickwand-6.q16-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com github.com github.com
HIGH

CVE-2022-32547: ImageMagick: load of misaligned address at MagickCore/property.c

In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior.

Package Name: libmagickwand-6.q16-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com github.com github.com
HIGH

CVE-2021-20309: ImagemMagick: Division by zero in WaveImage() of MagickCore/visual-effects.c

A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability.

Package Name: libmagickwand-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com
HIGH

CVE-2021-20312: ImageMagick: Integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c

A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.

Package Name: libmagickwand-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com
HIGH

CVE-2021-20313: ImageMagick: Cipher leak when the calculating signatures in TransformSignatureof MagickCore/signature.c

A flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible. The highest threat from this vulnerability is to data confidentiality.

Package Name: libmagickwand-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com
HIGH

CVE-2022-1114: ImageMagick: heap-use-after-free in RelinquishDCMInfo of dcm.c

A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service.

Package Name: libmagickwand-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org
HIGH

CVE-2022-28463: ImageMagick: heap-buffer-overflow in PushLongPixel() of quantum-private.h

ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.

Package Name: libmagickwand-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com cve.mitre.org github.com github.com github.com lists.debian.org ubuntu.com
HIGH

CVE-2022-32545: ImageMagick: outside the range of representable values of type 'unsigned char' at coders/psd.c

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.

Package Name: libmagickwand-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com github.com github.com
HIGH

CVE-2022-32546: ImageMagick: outside the range of representable values of type 'unsigned long' at coders/pcl.c

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.

Package Name: libmagickwand-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com github.com github.com
HIGH

CVE-2022-32547: ImageMagick: load of misaligned address at MagickCore/property.c

In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior.

Package Name: libmagickwand-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com github.com github.com
HIGH

CVE-2021-46669: mariadb: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used

MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used.

Package Name: libmariadb-dev
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com cve.mitre.org jira.mariadb.org lists.fedoraproject.org lists.fedoraproject.org mariadb.com nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27376: mariadb: assertion failure in Item_args::walk_arg

MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements.

Package Name: libmariadb-dev
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27377: mariadb: use-after-poison when complex conversion is involved in blob

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements.

Package Name: libmariadb-dev
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27378: mariadb: server crash in create_tmp_table::finalize

An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

Package Name: libmariadb-dev
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27379: mariadb: server crash in component arg_comparator::compare_real_fixed

An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

Package Name: libmariadb-dev
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27380: mariadb: server crash at my_decimal::operator=

An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

Package Name: libmariadb-dev
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27381: mariadb: server crash at Field::set_default via specially crafted SQL statements

An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

Package Name: libmariadb-dev
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27382: mariadb: assertion failure via component Item_field::used_tables/update_depend_map_for_order

MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order.

Package Name: libmariadb-dev
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27383: mariadb: use-after-poison in my_strcasecmp_8bit() of ctype-simple.c

MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements.

Package Name: libmariadb-dev
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27384: mariadb: crash via component Item_subselect::init_expr_cache_tracker

An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

Package Name: libmariadb-dev
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27385: mariadb: crash in Used_tables_and_const_cache::used_tables_and_const_cache_join

An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

Package Name: libmariadb-dev
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27386: mariadb: server crashes in query_arena::set_query_arena upon SELECT from view

MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc.

Package Name: libmariadb-dev
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27387: mariadb: assertion failures in decimal_bin_size

MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements.

Package Name: libmariadb-dev
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27444: mariadb: crash when using HAVING with NOT EXIST predicate in an equality

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc.

Package Name: libmariadb-dev
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27445: mariadb: assertion failure in compare_order_elements

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc.

Package Name: libmariadb-dev
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27446: mariadb: crash when using HAVING with IS NULL predicate in an equality

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h.

Package Name: libmariadb-dev
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27447: mariadb: use-after-poison in Binary_string::free_buffer

MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h.

Package Name: libmariadb-dev
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27448: mariadb: crash in multi-update and implicit grouping

There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc.

Package Name: libmariadb-dev
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27449: mariadb: assertion failure in sql/item_func.cc

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148.

Package Name: libmariadb-dev
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27451: mariadb: crash via window function in expression in ORDER BY

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc.

Package Name: libmariadb-dev
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27452: mariadb: assertion failure in sql/item_cmpfunc.cc

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc.

Package Name: libmariadb-dev
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27455: mariadb: use-after-free when WHERE has subquery with an outer reference in HAVING

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c.

Package Name: libmariadb-dev
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org security.netapp.com
HIGH

CVE-2022-27456: mariadb: assertion failure in VDec::VDec at /sql/sql_type.cc

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc.

Package Name: libmariadb-dev
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27457: mariadb: incorrect key in "dup value" error after long unique

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c.

Package Name: libmariadb-dev
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27458: mariadb: use-after-poison in Binary_string::free_buffer

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h.

Package Name: libmariadb-dev
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-32082: mariadb: assertion failure at table->get_ref_count() == 0 in dict0dict.cc

MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc.

Package Name: libmariadb-dev
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org
HIGH

CVE-2022-32083: mariadb: server crash at Item_subselect::init_expr_cache_tracker

MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker.

Package Name: libmariadb-dev
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org
HIGH

CVE-2022-32084: mariadb: segmentation fault via the component sub_select

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select.

Package Name: libmariadb-dev
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org
HIGH

CVE-2022-32085: mariadb: server crash in Item_func_in::cleanup/Item::cleanup_processor

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor.

Package Name: libmariadb-dev
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org
HIGH

CVE-2022-32086: mariadb: server crash in Item_field::fix_outer_field for INSERT SELECT

MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Item_field::fix_outer_field.

Package Name: libmariadb-dev
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org
HIGH

CVE-2022-32087: mariadb: server crash in Item_args::walk_args

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args.

Package Name: libmariadb-dev
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org
HIGH

CVE-2022-32088: mariadb: segmentation fault in Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort.

Package Name: libmariadb-dev
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org
HIGH

CVE-2022-32089: mariadb: server crash in st_select_lex_unit::exclude_level

MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level.

Package Name: libmariadb-dev
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org
HIGH

CVE-2021-46669: mariadb: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used

MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used.

Package Name: libmariadb-dev-compat
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com cve.mitre.org jira.mariadb.org lists.fedoraproject.org lists.fedoraproject.org mariadb.com nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27376: mariadb: assertion failure in Item_args::walk_arg

MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements.

Package Name: libmariadb-dev-compat
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27377: mariadb: use-after-poison when complex conversion is involved in blob

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements.

Package Name: libmariadb-dev-compat
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27378: mariadb: server crash in create_tmp_table::finalize

An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

Package Name: libmariadb-dev-compat
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27379: mariadb: server crash in component arg_comparator::compare_real_fixed

An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

Package Name: libmariadb-dev-compat
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27380: mariadb: server crash at my_decimal::operator=

An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

Package Name: libmariadb-dev-compat
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27381: mariadb: server crash at Field::set_default via specially crafted SQL statements

An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

Package Name: libmariadb-dev-compat
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27382: mariadb: assertion failure via component Item_field::used_tables/update_depend_map_for_order

MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order.

Package Name: libmariadb-dev-compat
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27383: mariadb: use-after-poison in my_strcasecmp_8bit() of ctype-simple.c

MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements.

Package Name: libmariadb-dev-compat
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27384: mariadb: crash via component Item_subselect::init_expr_cache_tracker

An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

Package Name: libmariadb-dev-compat
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27385: mariadb: crash in Used_tables_and_const_cache::used_tables_and_const_cache_join

An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

Package Name: libmariadb-dev-compat
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27386: mariadb: server crashes in query_arena::set_query_arena upon SELECT from view

MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc.

Package Name: libmariadb-dev-compat
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27387: mariadb: assertion failures in decimal_bin_size

MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements.

Package Name: libmariadb-dev-compat
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27444: mariadb: crash when using HAVING with NOT EXIST predicate in an equality

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc.

Package Name: libmariadb-dev-compat
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27445: mariadb: assertion failure in compare_order_elements

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc.

Package Name: libmariadb-dev-compat
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27446: mariadb: crash when using HAVING with IS NULL predicate in an equality

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h.

Package Name: libmariadb-dev-compat
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27447: mariadb: use-after-poison in Binary_string::free_buffer

MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h.

Package Name: libmariadb-dev-compat
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27448: mariadb: crash in multi-update and implicit grouping

There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc.

Package Name: libmariadb-dev-compat
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27449: mariadb: assertion failure in sql/item_func.cc

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148.

Package Name: libmariadb-dev-compat
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27451: mariadb: crash via window function in expression in ORDER BY

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc.

Package Name: libmariadb-dev-compat
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27452: mariadb: assertion failure in sql/item_cmpfunc.cc

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc.

Package Name: libmariadb-dev-compat
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27455: mariadb: use-after-free when WHERE has subquery with an outer reference in HAVING

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c.

Package Name: libmariadb-dev-compat
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org security.netapp.com
HIGH

CVE-2022-27456: mariadb: assertion failure in VDec::VDec at /sql/sql_type.cc

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc.

Package Name: libmariadb-dev-compat
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27457: mariadb: incorrect key in "dup value" error after long unique

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c.

Package Name: libmariadb-dev-compat
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27458: mariadb: use-after-poison in Binary_string::free_buffer

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h.

Package Name: libmariadb-dev-compat
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-32082: mariadb: assertion failure at table->get_ref_count() == 0 in dict0dict.cc

MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc.

Package Name: libmariadb-dev-compat
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org
HIGH

CVE-2022-32083: mariadb: server crash at Item_subselect::init_expr_cache_tracker

MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker.

Package Name: libmariadb-dev-compat
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org
HIGH

CVE-2022-32084: mariadb: segmentation fault via the component sub_select

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select.

Package Name: libmariadb-dev-compat
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org
HIGH

CVE-2022-32085: mariadb: server crash in Item_func_in::cleanup/Item::cleanup_processor

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor.

Package Name: libmariadb-dev-compat
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org
HIGH

CVE-2022-32086: mariadb: server crash in Item_field::fix_outer_field for INSERT SELECT

MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Item_field::fix_outer_field.

Package Name: libmariadb-dev-compat
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org
HIGH

CVE-2022-32087: mariadb: server crash in Item_args::walk_args

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args.

Package Name: libmariadb-dev-compat
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org
HIGH

CVE-2022-32088: mariadb: segmentation fault in Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort.

Package Name: libmariadb-dev-compat
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org
HIGH

CVE-2022-32089: mariadb: server crash in st_select_lex_unit::exclude_level

MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level.

Package Name: libmariadb-dev-compat
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org
HIGH

CVE-2021-46669: mariadb: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used

MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used.

Package Name: libmariadb3
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com cve.mitre.org jira.mariadb.org lists.fedoraproject.org lists.fedoraproject.org mariadb.com nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27376: mariadb: assertion failure in Item_args::walk_arg

MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements.

Package Name: libmariadb3
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27377: mariadb: use-after-poison when complex conversion is involved in blob

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements.

Package Name: libmariadb3
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27378: mariadb: server crash in create_tmp_table::finalize

An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

Package Name: libmariadb3
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27379: mariadb: server crash in component arg_comparator::compare_real_fixed

An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

Package Name: libmariadb3
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27380: mariadb: server crash at my_decimal::operator=

An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

Package Name: libmariadb3
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27381: mariadb: server crash at Field::set_default via specially crafted SQL statements

An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

Package Name: libmariadb3
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27382: mariadb: assertion failure via component Item_field::used_tables/update_depend_map_for_order

MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order.

Package Name: libmariadb3
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27383: mariadb: use-after-poison in my_strcasecmp_8bit() of ctype-simple.c

MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements.

Package Name: libmariadb3
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27384: mariadb: crash via component Item_subselect::init_expr_cache_tracker

An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

Package Name: libmariadb3
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27385: mariadb: crash in Used_tables_and_const_cache::used_tables_and_const_cache_join

An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

Package Name: libmariadb3
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27386: mariadb: server crashes in query_arena::set_query_arena upon SELECT from view

MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc.

Package Name: libmariadb3
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27387: mariadb: assertion failures in decimal_bin_size

MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements.

Package Name: libmariadb3
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27444: mariadb: crash when using HAVING with NOT EXIST predicate in an equality

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc.

Package Name: libmariadb3
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27445: mariadb: assertion failure in compare_order_elements

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc.

Package Name: libmariadb3
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27446: mariadb: crash when using HAVING with IS NULL predicate in an equality

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h.

Package Name: libmariadb3
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27447: mariadb: use-after-poison in Binary_string::free_buffer

MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h.

Package Name: libmariadb3
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27448: mariadb: crash in multi-update and implicit grouping

There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc.

Package Name: libmariadb3
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27449: mariadb: assertion failure in sql/item_func.cc

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148.

Package Name: libmariadb3
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27451: mariadb: crash via window function in expression in ORDER BY

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc.

Package Name: libmariadb3
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27452: mariadb: assertion failure in sql/item_cmpfunc.cc

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc.

Package Name: libmariadb3
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27455: mariadb: use-after-free when WHERE has subquery with an outer reference in HAVING

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c.

Package Name: libmariadb3
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org security.netapp.com
HIGH

CVE-2022-27456: mariadb: assertion failure in VDec::VDec at /sql/sql_type.cc

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc.

Package Name: libmariadb3
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27457: mariadb: incorrect key in "dup value" error after long unique

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c.

Package Name: libmariadb3
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27458: mariadb: use-after-poison in Binary_string::free_buffer

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h.

Package Name: libmariadb3
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-32082: mariadb: assertion failure at table->get_ref_count() == 0 in dict0dict.cc

MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc.

Package Name: libmariadb3
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org
HIGH

CVE-2022-32083: mariadb: server crash at Item_subselect::init_expr_cache_tracker

MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker.

Package Name: libmariadb3
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org
HIGH

CVE-2022-32084: mariadb: segmentation fault via the component sub_select

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select.

Package Name: libmariadb3
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org
HIGH

CVE-2022-32085: mariadb: server crash in Item_func_in::cleanup/Item::cleanup_processor

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor.

Package Name: libmariadb3
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org
HIGH

CVE-2022-32086: mariadb: server crash in Item_field::fix_outer_field for INSERT SELECT

MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Item_field::fix_outer_field.

Package Name: libmariadb3
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org
HIGH

CVE-2022-32087: mariadb: server crash in Item_args::walk_args

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args.

Package Name: libmariadb3
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org
HIGH

CVE-2022-32088: mariadb: segmentation fault in Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort.

Package Name: libmariadb3
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org
HIGH

CVE-2022-32089: mariadb: server crash in st_select_lex_unit::exclude_level

MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level.

Package Name: libmariadb3
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org
HIGH

CVE-2022-29458: ncurses: segfaulting OOB read

ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.

Package Name: libncurses-dev
Installed Version: 6.2+20201114-2
Fixed Version:

References: access.redhat.com cve.mitre.org invisible-island.net lists.gnu.org lists.gnu.org nvd.nist.gov ubuntu.com
HIGH

CVE-2022-29458: ncurses: segfaulting OOB read

ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.

Package Name: libncurses5-dev
Installed Version: 6.2+20201114-2
Fixed Version:

References: access.redhat.com cve.mitre.org invisible-island.net lists.gnu.org lists.gnu.org nvd.nist.gov ubuntu.com
HIGH

CVE-2022-29458: ncurses: segfaulting OOB read

ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.

Package Name: libncurses6
Installed Version: 6.2+20201114-2
Fixed Version:

References: access.redhat.com cve.mitre.org invisible-island.net lists.gnu.org lists.gnu.org nvd.nist.gov ubuntu.com
HIGH

CVE-2022-29458: ncurses: segfaulting OOB read

ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.

Package Name: libncursesw5-dev
Installed Version: 6.2+20201114-2
Fixed Version:

References: access.redhat.com cve.mitre.org invisible-island.net lists.gnu.org lists.gnu.org nvd.nist.gov ubuntu.com
HIGH

CVE-2022-29458: ncurses: segfaulting OOB read

ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.

Package Name: libncursesw6
Installed Version: 6.2+20201114-2
Fixed Version:

References: access.redhat.com cve.mitre.org invisible-island.net lists.gnu.org lists.gnu.org nvd.nist.gov ubuntu.com
HIGH

CVE-2021-3575: openjpeg: heap-buffer-overflow in color.c may lead to DoS or arbitrary code execution

A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg.

Package Name: libopenjp2-7
Installed Version: 2.4.0-3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org ubuntu.com
HIGH

CVE-2021-3575: openjpeg: heap-buffer-overflow in color.c may lead to DoS or arbitrary code execution

A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg.

Package Name: libopenjp2-7-dev
Installed Version: 2.4.0-3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org ubuntu.com
HIGH

CVE-2020-16156: perl-CPAN: Bypass of verification of signatures in CHECKSUMS files

CPAN 2.28 allows Signature Verification Bypass.

Package Name: libperl5.32
Installed Version: 5.32.1-4+deb11u2
Fixed Version:

References: blogs.perl.org access.redhat.com blog.hackeriet.no cve.mitre.org lists.fedoraproject.org lists.fedoraproject.org metacpan.org
HIGH

CVE-2021-3737: python: urllib: HTTP client possible infinite loop on a 100 Continue response

A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.

Package Name: libpython3.9-minimal
Installed Version: 3.9.2-1
Fixed Version:

References: access.redhat.com bugs.python.org bugzilla.redhat.com cve.mitre.org errata.almalinux.org github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com linux.oracle.com linux.oracle.com nvd.nist.gov python-security.readthedocs.io security.netapp.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com
HIGH

CVE-2022-0391: python: urllib.parse does not sanitize URLs containing ASCII newline and tabs

A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14.

Package Name: libpython3.9-minimal
Installed Version: 3.9.2-1
Fixed Version:

References: access.redhat.com bugs.python.org cve.mitre.org errata.almalinux.org linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com ubuntu.com www.oracle.com
HIGH

CVE-2021-3737: python: urllib: HTTP client possible infinite loop on a 100 Continue response

A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.

Package Name: libpython3.9-stdlib
Installed Version: 3.9.2-1
Fixed Version:

References: access.redhat.com bugs.python.org bugzilla.redhat.com cve.mitre.org errata.almalinux.org github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com linux.oracle.com linux.oracle.com nvd.nist.gov python-security.readthedocs.io security.netapp.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com
HIGH

CVE-2022-0391: python: urllib.parse does not sanitize URLs containing ASCII newline and tabs

A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14.

Package Name: libpython3.9-stdlib
Installed Version: 3.9.2-1
Fixed Version:

References: access.redhat.com bugs.python.org cve.mitre.org errata.almalinux.org linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com ubuntu.com www.oracle.com
HIGH

CVE-2022-1304: e2fsprogs: out-of-bounds read/write via crafted filesystem

An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.

Package Name: libss2
Installed Version: 1.46.2-2
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org marc.info nvd.nist.gov ubuntu.com
HIGH

CVE-2022-2097: openssl: AES OCB fails to encrypt some bytes

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).

Package Name: libssl-dev
Installed Version: 1.1.1n-0+deb11u3
Fixed Version:

References: access.redhat.com crates.io cve.mitre.org git.openssl.org git.openssl.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov rustsec.org security.netapp.com ubuntu.com www.openssl.org
HIGH

CVE-2022-2097: openssl: AES OCB fails to encrypt some bytes

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).

Package Name: libssl1.1
Installed Version: 1.1.1n-0+deb11u3
Fixed Version:

References: access.redhat.com crates.io cve.mitre.org git.openssl.org git.openssl.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov rustsec.org security.netapp.com ubuntu.com www.openssl.org
HIGH

CVE-2022-29458: ncurses: segfaulting OOB read

ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.

Package Name: libtinfo6
Installed Version: 6.2+20201114-2
Fixed Version:

References: access.redhat.com cve.mitre.org invisible-island.net lists.gnu.org lists.gnu.org nvd.nist.gov ubuntu.com
HIGH

CVE-2013-7445: kernel: memory exhaustion via crafted Graphics Execution Manager (GEM) objects

The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: access.redhat.com bugzilla.kernel.org cve.mitre.org lists.freedesktop.org
HIGH

CVE-2019-19378: kernel: out-of-bounds write in index_rbio_pages in fs/btrfs/raid56.c

In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image can lead to slab-out-of-bounds write access in index_rbio_pages in fs/btrfs/raid56.c.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: access.redhat.com cve.mitre.org github.com security.netapp.com
HIGH

CVE-2019-19449: kernel: mounting a crafted f2fs filesystem image can lead to slab-out-of-bounds read access in f2fs_build_segment_manager in fs/f2fs/segment.c

In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can lead to slab-out-of-bounds read access in f2fs_build_segment_manager in fs/f2fs/segment.c, related to init_min_max_mtime in fs/f2fs/segment.c (because the second argument to get_seg_entry is not validated).

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: access.redhat.com cve.mitre.org github.com security.netapp.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com
HIGH

CVE-2019-19814: kernel: out-of-bounds write in __remove_dirty_segment in fs/f2fs/segment.c

In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause __remove_dirty_segment slab-out-of-bounds write access because an array is bounded by the number of dirty types (8) but the array index can exceed this.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: access.redhat.com cve.mitre.org github.com security.netapp.com
HIGH

CVE-2020-12362: kernel: Integer overflow in Intel(R) Graphics Drivers

Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: access.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com www.intel.com
HIGH

CVE-2021-3847: kernel: low-privileged user privileges escalation

An unauthorized access to the execution of the setuid file with capabilities flaw in the Linux kernel OverlayFS subsystem was found in the way user copying a capable file from a nosuid mount into another mount. A local user could use this flaw to escalate their privileges on the system.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: access.redhat.com bugzilla.redhat.com nvd.nist.gov www.openwall.com
HIGH

CVE-2021-3864: kernel: descendant's dumpable setting with certain SUID binaries

A flaw was found in the way the dumpable flag setting was handled when certain SUID binaries executed its descendants. The prerequisite is a SUID binary that sets real UID equal to effective UID, and real GID equal to effective GID. The descendant will then have a dumpable value set to 1. As a result, if the descendant process crashes and core_pattern is set to a relative value, its core dump is stored in the current directory with uid:gid permissions. An unprivileged local user with eligible root SUID binary could use this flaw to place core dumps into root-owned directories, potentially resulting in escalation of privileges.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: access.redhat.com cve.mitre.org lore.kernel.org lore.kernel.org lore.kernel.org www.openwall.com
HIGH

CVE-2021-39686: kernel: race condition in the Android binder driver could lead to incorrect security checks

In several functions of binder.c, there is a possible way to represent the wrong domain to SELinux due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-200688826References: Upstream kernel

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: access.redhat.com android.googlesource.com android.googlesource.com android.googlesource.com android.googlesource.com cve.mitre.org source.android.com
HIGH

CVE-2021-4204: kernel: improper input validation may lead to privilege escalation

An out-of-bounds (OOB) memory access flaw was found in the Linux kernel's eBPF due to an Improper Input Validation. This flaw allows a local attacker with a special privilege to crash the system or leak internal information.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: access.redhat.com cve.mitre.org git.launchpad.net ubuntu.com ubuntu.com ubuntu.com www.openwall.com
HIGH

CVE-2022-0500: kernel: Linux ebpf logic vulnerability leads to critical memory read and write gaining root privileges

A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernel’s BPF subsystem due to the way a user loads BTF. This flaw allows a local user to crash or escalate their privileges on the system.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org git.kernel.org git.kernel.org git.kernel.org git.kernel.org git.kernel.org git.kernel.org git.kernel.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-1247: kernel: A race condition bug in rose_connect()

No description is available for this CVE.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: access.redhat.com
HIGH

CVE-2022-1679: kernel: Use-After-Free in ath9k_htc_probe_device() could cause an escalation of privileges

A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: access.redhat.com cve.mitre.org git.kernel.org lore.kernel.org lore.kernel.org security.netapp.com ubuntu.com ubuntu.com ubuntu.com
HIGH

CVE-2022-1882: kernel: Use-After-Free in free_pipe_info() could cause an escalation of privileges

A use-after-free flaw was found in the Linux kernel’s pipes functionality in how a user performs manipulations with the pipe post_one_notification() after free_pipe_info() that is already called. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: access.redhat.com bugzilla.redhat.com lore.kernel.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-26365: Linux disk/nic frontends data leaks T[his CNA information record relat ...

Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: www.openwall.com xenbits.xen.org lists.fedoraproject.org xenbits.xenproject.org
HIGH

CVE-2022-33740: Linux disk/nic frontends data leaks T[his CNA information record relat ...

Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: www.openwall.com xenbits.xen.org lists.fedoraproject.org xenbits.xenproject.org
HIGH

CVE-2022-33741: Linux disk/nic frontends data leaks T[his CNA information record relat ...

Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: www.openwall.com xenbits.xen.org lists.fedoraproject.org xenbits.xenproject.org
HIGH

CVE-2022-33742: Linux disk/nic frontends data leaks T[his CNA information record relat ...

Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: www.openwall.com xenbits.xen.org lists.fedoraproject.org xenbits.xenproject.org
HIGH

CVE-2022-33743: network backend may cause Linux netfront to use freed SKBs While addin ...

network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further processing to nevertheless be freed.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: www.openwall.com xenbits.xen.org nvd.nist.gov xenbits.xenproject.org
HIGH

CVE-2022-34918: kernel: heap overflow in nft_set_elem_init()

An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: www.openwall.com access.redhat.com git.kernel.org lore.kernel.org lore.kernel.org lore.kernel.org nvd.nist.gov www.openwall.com
HIGH

CVE-2022-1304: e2fsprogs: out-of-bounds read/write via crafted filesystem

An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.

Package Name: logsave
Installed Version: 1.46.2-2
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org marc.info nvd.nist.gov ubuntu.com
HIGH

CVE-2021-46669: mariadb: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used

MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used.

Package Name: mariadb-common
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com cve.mitre.org jira.mariadb.org lists.fedoraproject.org lists.fedoraproject.org mariadb.com nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27376: mariadb: assertion failure in Item_args::walk_arg

MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements.

Package Name: mariadb-common
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27377: mariadb: use-after-poison when complex conversion is involved in blob

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements.

Package Name: mariadb-common
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27378: mariadb: server crash in create_tmp_table::finalize

An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

Package Name: mariadb-common
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27379: mariadb: server crash in component arg_comparator::compare_real_fixed

An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

Package Name: mariadb-common
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27380: mariadb: server crash at my_decimal::operator=

An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

Package Name: mariadb-common
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27381: mariadb: server crash at Field::set_default via specially crafted SQL statements

An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

Package Name: mariadb-common
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27382: mariadb: assertion failure via component Item_field::used_tables/update_depend_map_for_order

MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order.

Package Name: mariadb-common
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27383: mariadb: use-after-poison in my_strcasecmp_8bit() of ctype-simple.c

MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements.

Package Name: mariadb-common
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27384: mariadb: crash via component Item_subselect::init_expr_cache_tracker

An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

Package Name: mariadb-common
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27385: mariadb: crash in Used_tables_and_const_cache::used_tables_and_const_cache_join

An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

Package Name: mariadb-common
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27386: mariadb: server crashes in query_arena::set_query_arena upon SELECT from view

MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc.

Package Name: mariadb-common
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27387: mariadb: assertion failures in decimal_bin_size

MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements.

Package Name: mariadb-common
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27444: mariadb: crash when using HAVING with NOT EXIST predicate in an equality

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc.

Package Name: mariadb-common
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27445: mariadb: assertion failure in compare_order_elements

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc.

Package Name: mariadb-common
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27446: mariadb: crash when using HAVING with IS NULL predicate in an equality

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h.

Package Name: mariadb-common
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27447: mariadb: use-after-poison in Binary_string::free_buffer

MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h.

Package Name: mariadb-common
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27448: mariadb: crash in multi-update and implicit grouping

There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc.

Package Name: mariadb-common
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27449: mariadb: assertion failure in sql/item_func.cc

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148.

Package Name: mariadb-common
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27451: mariadb: crash via window function in expression in ORDER BY

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc.

Package Name: mariadb-common
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27452: mariadb: assertion failure in sql/item_cmpfunc.cc

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc.

Package Name: mariadb-common
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27455: mariadb: use-after-free when WHERE has subquery with an outer reference in HAVING

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c.

Package Name: mariadb-common
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org security.netapp.com
HIGH

CVE-2022-27456: mariadb: assertion failure in VDec::VDec at /sql/sql_type.cc

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc.

Package Name: mariadb-common
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27457: mariadb: incorrect key in "dup value" error after long unique

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c.

Package Name: mariadb-common
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-27458: mariadb: use-after-poison in Binary_string::free_buffer

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h.

Package Name: mariadb-common
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com
HIGH

CVE-2022-32082: mariadb: assertion failure at table->get_ref_count() == 0 in dict0dict.cc

MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc.

Package Name: mariadb-common
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org
HIGH

CVE-2022-32083: mariadb: server crash at Item_subselect::init_expr_cache_tracker

MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker.

Package Name: mariadb-common
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org
HIGH

CVE-2022-32084: mariadb: segmentation fault via the component sub_select

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select.

Package Name: mariadb-common
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org
HIGH

CVE-2022-32085: mariadb: server crash in Item_func_in::cleanup/Item::cleanup_processor

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor.

Package Name: mariadb-common
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org
HIGH

CVE-2022-32086: mariadb: server crash in Item_field::fix_outer_field for INSERT SELECT

MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Item_field::fix_outer_field.

Package Name: mariadb-common
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org
HIGH

CVE-2022-32087: mariadb: server crash in Item_args::walk_args

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args.

Package Name: mariadb-common
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org
HIGH

CVE-2022-32088: mariadb: segmentation fault in Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort.

Package Name: mariadb-common
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org
HIGH

CVE-2022-32089: mariadb: server crash in st_select_lex_unit::exclude_level

MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level.

Package Name: mariadb-common
Installed Version: 1:10.5.15-0+deb11u1
Fixed Version:

References: access.redhat.com jira.mariadb.org
HIGH

CVE-2022-29458: ncurses: segfaulting OOB read

ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.

Package Name: ncurses-base
Installed Version: 6.2+20201114-2
Fixed Version:

References: access.redhat.com cve.mitre.org invisible-island.net lists.gnu.org lists.gnu.org nvd.nist.gov ubuntu.com
HIGH

CVE-2022-29458: ncurses: segfaulting OOB read

ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.

Package Name: ncurses-bin
Installed Version: 6.2+20201114-2
Fixed Version:

References: access.redhat.com cve.mitre.org invisible-island.net lists.gnu.org lists.gnu.org nvd.nist.gov ubuntu.com
HIGH

CVE-2021-41617: openssh: privilege escalation when AuthorizedKeysCommand or AuthorizedPrincipalsCommand are configured

sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.

Package Name: openssh-client
Installed Version: 1:8.4p1-5+deb11u1
Fixed Version:

References: access.redhat.com access.redhat.com bugzilla.suse.com cve.mitre.org errata.almalinux.org linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com www.openssh.com www.openssh.com www.openwall.com www.oracle.com
HIGH

CVE-2022-2097: openssl: AES OCB fails to encrypt some bytes

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).

Package Name: openssl
Installed Version: 1.1.1n-0+deb11u3
Fixed Version:

References: access.redhat.com crates.io cve.mitre.org git.openssl.org git.openssl.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov rustsec.org security.netapp.com ubuntu.com www.openssl.org
HIGH

CVE-2020-16156: perl-CPAN: Bypass of verification of signatures in CHECKSUMS files

CPAN 2.28 allows Signature Verification Bypass.

Package Name: perl
Installed Version: 5.32.1-4+deb11u2
Fixed Version:

References: blogs.perl.org access.redhat.com blog.hackeriet.no cve.mitre.org lists.fedoraproject.org lists.fedoraproject.org metacpan.org
HIGH

CVE-2020-16156: perl-CPAN: Bypass of verification of signatures in CHECKSUMS files

CPAN 2.28 allows Signature Verification Bypass.

Package Name: perl-base
Installed Version: 5.32.1-4+deb11u2
Fixed Version:

References: blogs.perl.org access.redhat.com blog.hackeriet.no cve.mitre.org lists.fedoraproject.org lists.fedoraproject.org metacpan.org
HIGH

CVE-2020-16156: perl-CPAN: Bypass of verification of signatures in CHECKSUMS files

CPAN 2.28 allows Signature Verification Bypass.

Package Name: perl-modules-5.32
Installed Version: 5.32.1-4+deb11u2
Fixed Version:

References: blogs.perl.org access.redhat.com blog.hackeriet.no cve.mitre.org lists.fedoraproject.org lists.fedoraproject.org metacpan.org
HIGH

CVE-2021-3737: python: urllib: HTTP client possible infinite loop on a 100 Continue response

A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.

Package Name: python3.9
Installed Version: 3.9.2-1
Fixed Version:

References: access.redhat.com bugs.python.org bugzilla.redhat.com cve.mitre.org errata.almalinux.org github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com linux.oracle.com linux.oracle.com nvd.nist.gov python-security.readthedocs.io security.netapp.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com
HIGH

CVE-2022-0391: python: urllib.parse does not sanitize URLs containing ASCII newline and tabs

A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14.

Package Name: python3.9
Installed Version: 3.9.2-1
Fixed Version:

References: access.redhat.com bugs.python.org cve.mitre.org errata.almalinux.org linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com ubuntu.com www.oracle.com
HIGH

CVE-2021-3737: python: urllib: HTTP client possible infinite loop on a 100 Continue response

A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.

Package Name: python3.9-minimal
Installed Version: 3.9.2-1
Fixed Version:

References: access.redhat.com bugs.python.org bugzilla.redhat.com cve.mitre.org errata.almalinux.org github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com linux.oracle.com linux.oracle.com nvd.nist.gov python-security.readthedocs.io security.netapp.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com
HIGH

CVE-2022-0391: python: urllib.parse does not sanitize URLs containing ASCII newline and tabs

A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14.

Package Name: python3.9-minimal
Installed Version: 3.9.2-1
Fixed Version:

References: access.redhat.com bugs.python.org cve.mitre.org errata.almalinux.org linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com ubuntu.com www.oracle.com
MEDIUM

CVE-2021-22947: curl: Server responses received before STARTTLS processed after TLS handshake

When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker's injected data comes from the TLS-protected server.

Package Name: curl
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: seclists.org access.redhat.com access.redhat.com access.redhat.com cert-portal.siemens.com curl.se cve.mitre.org hackerone.com launchpad.net linux.oracle.com linux.oracle.com lists.debian.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com support.apple.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com www.oracle.com www.oracle.com www.oracle.com
MEDIUM

CVE-2022-27774: curl: credential leak on redirect

An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.

Package Name: curl
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com curl.se cve.mitre.org hackerone.com linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com ubuntu.com
MEDIUM

CVE-2022-27776: curl: auth/cookie leak on redirect

A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.

Package Name: curl
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com curl.se cve.mitre.org hackerone.com linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com ubuntu.com
MEDIUM

CVE-2022-32205: curl: Set-Cookie denial of service

A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven't expired. Due to cookie matching rules, a server on `foo.example.com` can set cookies that also would match for `bar.example.com`, making it it possible for a "sister server" to effectively cause a denial of service for a sibling site on the same second level domain using this method.

Package Name: curl
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: access.redhat.com curl.se cve.mitre.org hackerone.com lists.fedoraproject.org nvd.nist.gov ubuntu.com
MEDIUM

CVE-2022-32206: curl: HTTP compression denial of service

curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.

Package Name: curl
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: access.redhat.com curl.se cve.mitre.org hackerone.com lists.fedoraproject.org nvd.nist.gov ubuntu.com
MEDIUM

CVE-2022-32208: curl: FTP-KRB bad message verification

When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.

Package Name: curl
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: access.redhat.com curl.se cve.mitre.org hackerone.com lists.fedoraproject.org nvd.nist.gov ubuntu.com ubuntu.com
MEDIUM

CVE-2021-20241: ImageMagick: Division by zero in WriteJP2Image() in coders/jp2.c

A flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Package Name: imagemagick
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com
MEDIUM

CVE-2021-20243: ImageMagick: Division by zero in GetResizeFilterWeight in MagickCore/resize.c

A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Package Name: imagemagick
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com
MEDIUM

CVE-2021-20244: ImageMagick: Division by zero in ImplodeImage in MagickCore/visual-effects.c

A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Package Name: imagemagick
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com
MEDIUM

CVE-2021-20245: ImageMagick: Division by zero in WriteAnimatedWEBPImage() in coders/webp.c

A flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Package Name: imagemagick
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org
MEDIUM

CVE-2021-20246: ImageMagick: Division by zero in ScaleResampleFilter in MagickCore/resample.c

A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Package Name: imagemagick
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com
MEDIUM

CVE-2021-39212: ImageMagick: possible read or write in postscript files

ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded by a `module` policy in `policy.xml`. ex. <policy domain="module" rights="none" pattern="PS" />. The issue has been resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the `module` policy and instead use the `coder` policy that is also our workaround recommendation: <policy domain="coder" rights="none" pattern="{PS,EPI,EPS,EPSF,EPSI}" />.

Package Name: imagemagick
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com cve.mitre.org github.com github.com github.com
MEDIUM

CVE-2021-4219: imagemagick: remote DoS in MagicCore/draw.c via crafted SVG file

A flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows an attacker to crash the system.

Package Name: imagemagick
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com
MEDIUM

CVE-2022-1115: ImageMagick: heap-buffer-overflow in PushShortPixel of quantum-private.h

No description is available for this CVE.

Package Name: imagemagick
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com
MEDIUM

CVE-2021-20241: ImageMagick: Division by zero in WriteJP2Image() in coders/jp2.c

A flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Package Name: imagemagick-6-common
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com
MEDIUM

CVE-2021-20243: ImageMagick: Division by zero in GetResizeFilterWeight in MagickCore/resize.c

A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Package Name: imagemagick-6-common
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com
MEDIUM

CVE-2021-20244: ImageMagick: Division by zero in ImplodeImage in MagickCore/visual-effects.c

A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Package Name: imagemagick-6-common
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com
MEDIUM

CVE-2021-20245: ImageMagick: Division by zero in WriteAnimatedWEBPImage() in coders/webp.c

A flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Package Name: imagemagick-6-common
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org
MEDIUM

CVE-2021-20246: ImageMagick: Division by zero in ScaleResampleFilter in MagickCore/resample.c

A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Package Name: imagemagick-6-common
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com
MEDIUM

CVE-2021-39212: ImageMagick: possible read or write in postscript files

ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded by a `module` policy in `policy.xml`. ex. <policy domain="module" rights="none" pattern="PS" />. The issue has been resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the `module` policy and instead use the `coder` policy that is also our workaround recommendation: <policy domain="coder" rights="none" pattern="{PS,EPI,EPS,EPSF,EPSI}" />.

Package Name: imagemagick-6-common
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com cve.mitre.org github.com github.com github.com
MEDIUM

CVE-2021-4219: imagemagick: remote DoS in MagicCore/draw.c via crafted SVG file

A flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows an attacker to crash the system.

Package Name: imagemagick-6-common
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com
MEDIUM

CVE-2022-1115: ImageMagick: heap-buffer-overflow in PushShortPixel of quantum-private.h

No description is available for this CVE.

Package Name: imagemagick-6-common
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com
MEDIUM

CVE-2021-20241: ImageMagick: Division by zero in WriteJP2Image() in coders/jp2.c

A flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Package Name: imagemagick-6.q16
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com
MEDIUM

CVE-2021-20243: ImageMagick: Division by zero in GetResizeFilterWeight in MagickCore/resize.c

A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Package Name: imagemagick-6.q16
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com
MEDIUM

CVE-2021-20244: ImageMagick: Division by zero in ImplodeImage in MagickCore/visual-effects.c

A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Package Name: imagemagick-6.q16
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com
MEDIUM

CVE-2021-20245: ImageMagick: Division by zero in WriteAnimatedWEBPImage() in coders/webp.c

A flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Package Name: imagemagick-6.q16
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org
MEDIUM

CVE-2021-20246: ImageMagick: Division by zero in ScaleResampleFilter in MagickCore/resample.c

A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Package Name: imagemagick-6.q16
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com
MEDIUM

CVE-2021-39212: ImageMagick: possible read or write in postscript files

ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded by a `module` policy in `policy.xml`. ex. <policy domain="module" rights="none" pattern="PS" />. The issue has been resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the `module` policy and instead use the `coder` policy that is also our workaround recommendation: <policy domain="coder" rights="none" pattern="{PS,EPI,EPS,EPSF,EPSI}" />.

Package Name: imagemagick-6.q16
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com cve.mitre.org github.com github.com github.com
MEDIUM

CVE-2021-4219: imagemagick: remote DoS in MagicCore/draw.c via crafted SVG file

A flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows an attacker to crash the system.

Package Name: imagemagick-6.q16
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com
MEDIUM

CVE-2022-1115: ImageMagick: heap-buffer-overflow in PushShortPixel of quantum-private.h

No description is available for this CVE.

Package Name: imagemagick-6.q16
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com
MEDIUM

CVE-2020-36130: AOM v2.0.1 was discovered to contain a NULL pointer dereference via th ...

AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component av1/av1_dx_iface.c.

Package Name: libaom0
Installed Version: 1.0.0.errata1-3
Fixed Version:

References: aomedia.googlesource.com bugs.chromium.org cve.mitre.org
MEDIUM

CVE-2020-36135: AOM v2.0.1 was discovered to contain a NULL pointer dereference via th ...

AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component rate_hist.c.

Package Name: libaom0
Installed Version: 1.0.0.errata1-3
Fixed Version:

References: aomedia.googlesource.com bugs.chromium.org bugs.chromium.org cve.mitre.org
MEDIUM

CVE-2021-22947: curl: Server responses received before STARTTLS processed after TLS handshake

When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker's injected data comes from the TLS-protected server.

Package Name: libcurl3-gnutls
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: seclists.org access.redhat.com access.redhat.com access.redhat.com cert-portal.siemens.com curl.se cve.mitre.org hackerone.com launchpad.net linux.oracle.com linux.oracle.com lists.debian.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com support.apple.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com www.oracle.com www.oracle.com www.oracle.com
MEDIUM

CVE-2022-27774: curl: credential leak on redirect

An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.

Package Name: libcurl3-gnutls
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com curl.se cve.mitre.org hackerone.com linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com ubuntu.com
MEDIUM

CVE-2022-27776: curl: auth/cookie leak on redirect

A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.

Package Name: libcurl3-gnutls
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com curl.se cve.mitre.org hackerone.com linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com ubuntu.com
MEDIUM

CVE-2022-32205: curl: Set-Cookie denial of service

A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven't expired. Due to cookie matching rules, a server on `foo.example.com` can set cookies that also would match for `bar.example.com`, making it it possible for a "sister server" to effectively cause a denial of service for a sibling site on the same second level domain using this method.

Package Name: libcurl3-gnutls
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: access.redhat.com curl.se cve.mitre.org hackerone.com lists.fedoraproject.org nvd.nist.gov ubuntu.com
MEDIUM

CVE-2022-32206: curl: HTTP compression denial of service

curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.

Package Name: libcurl3-gnutls
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: access.redhat.com curl.se cve.mitre.org hackerone.com lists.fedoraproject.org nvd.nist.gov ubuntu.com
MEDIUM

CVE-2022-32208: curl: FTP-KRB bad message verification

When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.

Package Name: libcurl3-gnutls
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: access.redhat.com curl.se cve.mitre.org hackerone.com lists.fedoraproject.org nvd.nist.gov ubuntu.com ubuntu.com
MEDIUM

CVE-2021-22947: curl: Server responses received before STARTTLS processed after TLS handshake

When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker's injected data comes from the TLS-protected server.

Package Name: libcurl4
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: seclists.org access.redhat.com access.redhat.com access.redhat.com cert-portal.siemens.com curl.se cve.mitre.org hackerone.com launchpad.net linux.oracle.com linux.oracle.com lists.debian.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com support.apple.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com www.oracle.com www.oracle.com www.oracle.com
MEDIUM

CVE-2022-27774: curl: credential leak on redirect

An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.

Package Name: libcurl4
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com curl.se cve.mitre.org hackerone.com linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com ubuntu.com
MEDIUM

CVE-2022-27776: curl: auth/cookie leak on redirect

A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.

Package Name: libcurl4
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com curl.se cve.mitre.org hackerone.com linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com ubuntu.com
MEDIUM

CVE-2022-32205: curl: Set-Cookie denial of service

A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven't expired. Due to cookie matching rules, a server on `foo.example.com` can set cookies that also would match for `bar.example.com`, making it it possible for a "sister server" to effectively cause a denial of service for a sibling site on the same second level domain using this method.

Package Name: libcurl4
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: access.redhat.com curl.se cve.mitre.org hackerone.com lists.fedoraproject.org nvd.nist.gov ubuntu.com
MEDIUM

CVE-2022-32206: curl: HTTP compression denial of service

curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.

Package Name: libcurl4
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: access.redhat.com curl.se cve.mitre.org hackerone.com lists.fedoraproject.org nvd.nist.gov ubuntu.com
MEDIUM

CVE-2022-32208: curl: FTP-KRB bad message verification

When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.

Package Name: libcurl4
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: access.redhat.com curl.se cve.mitre.org hackerone.com lists.fedoraproject.org nvd.nist.gov ubuntu.com ubuntu.com
MEDIUM

CVE-2021-22947: curl: Server responses received before STARTTLS processed after TLS handshake

When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker's injected data comes from the TLS-protected server.

Package Name: libcurl4-openssl-dev
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: seclists.org access.redhat.com access.redhat.com access.redhat.com cert-portal.siemens.com curl.se cve.mitre.org hackerone.com launchpad.net linux.oracle.com linux.oracle.com lists.debian.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com support.apple.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com www.oracle.com www.oracle.com www.oracle.com
MEDIUM

CVE-2022-27774: curl: credential leak on redirect

An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.

Package Name: libcurl4-openssl-dev
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com curl.se cve.mitre.org hackerone.com linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com ubuntu.com
MEDIUM

CVE-2022-27776: curl: auth/cookie leak on redirect

A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.

Package Name: libcurl4-openssl-dev
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com curl.se cve.mitre.org hackerone.com linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com ubuntu.com
MEDIUM

CVE-2022-32205: curl: Set-Cookie denial of service

A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven't expired. Due to cookie matching rules, a server on `foo.example.com` can set cookies that also would match for `bar.example.com`, making it it possible for a "sister server" to effectively cause a denial of service for a sibling site on the same second level domain using this method.

Package Name: libcurl4-openssl-dev
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: access.redhat.com curl.se cve.mitre.org hackerone.com lists.fedoraproject.org nvd.nist.gov ubuntu.com
MEDIUM

CVE-2022-32206: curl: HTTP compression denial of service

curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.

Package Name: libcurl4-openssl-dev
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: access.redhat.com curl.se cve.mitre.org hackerone.com lists.fedoraproject.org nvd.nist.gov ubuntu.com
MEDIUM

CVE-2022-32208: curl: FTP-KRB bad message verification

When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.

Package Name: libcurl4-openssl-dev
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: access.redhat.com curl.se cve.mitre.org hackerone.com lists.fedoraproject.org nvd.nist.gov ubuntu.com ubuntu.com
MEDIUM

CVE-2020-21594: libde265 v1.0.4 contains a heap buffer overflow in the put_epel_hv_fal ...

libde265 v1.0.4 contains a heap buffer overflow in the put_epel_hv_fallback function, which can be exploited via a crafted a file.

Package Name: libde265-0
Installed Version: 1.0.8-1
Fixed Version:

References: github.com
MEDIUM

CVE-2020-21595: libde265 v1.0.4 contains a heap buffer overflow in the mc_luma functio ...

libde265 v1.0.4 contains a heap buffer overflow in the mc_luma function, which can be exploited via a crafted a file.

Package Name: libde265-0
Installed Version: 1.0.8-1
Fixed Version:

References: github.com
MEDIUM

CVE-2020-21596: libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_ ...

libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_bit function, which can be exploited via a crafted a file.

Package Name: libde265-0
Installed Version: 1.0.8-1
Fixed Version:

References: github.com
MEDIUM

CVE-2020-21597: libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma funct ...

libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma function, which can be exploited via a crafted a file.

Package Name: libde265-0
Installed Version: 1.0.8-1
Fixed Version:

References: github.com
MEDIUM

CVE-2020-21599: libde265 v1.0.4 contains a heap buffer overflow in the de265_image::av ...

libde265 v1.0.4 contains a heap buffer overflow in the de265_image::available_zscan function, which can be exploited via a crafted a file.

Package Name: libde265-0
Installed Version: 1.0.8-1
Fixed Version:

References: github.com
MEDIUM

CVE-2020-21600: libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_pr ...

libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_pred_avg_16_fallback function, which can be exploited via a crafted a file.

Package Name: libde265-0
Installed Version: 1.0.8-1
Fixed Version:

References: cwe.mitre.org github.com
MEDIUM

CVE-2020-21601: libde265 v1.0.4 contains a stack buffer overflow in the put_qpel_fallb ...

libde265 v1.0.4 contains a stack buffer overflow in the put_qpel_fallback function, which can be exploited via a crafted a file.

Package Name: libde265-0
Installed Version: 1.0.8-1
Fixed Version:

References: github.com
MEDIUM

CVE-2020-21602: libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_bi ...

libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_bipred_16_fallback function, which can be exploited via a crafted a file.

Package Name: libde265-0
Installed Version: 1.0.8-1
Fixed Version:

References: cwe.mitre.org github.com
MEDIUM

CVE-2020-21603: libde265 v1.0.4 contains a heap buffer overflow in the put_qpel_0_0_fa ...

libde265 v1.0.4 contains a heap buffer overflow in the put_qpel_0_0_fallback_16 function, which can be exploited via a crafted a file.

Package Name: libde265-0
Installed Version: 1.0.8-1
Fixed Version:

References: github.com
MEDIUM

CVE-2020-21604: libde265 v1.0.4 contains a heap buffer overflow fault in the _mm_loadl ...

libde265 v1.0.4 contains a heap buffer overflow fault in the _mm_loadl_epi64 function, which can be exploited via a crafted a file.

Package Name: libde265-0
Installed Version: 1.0.8-1
Fixed Version:

References: github.com
MEDIUM

CVE-2020-21605: libde265 v1.0.4 contains a segmentation fault in the apply_sao_interna ...

libde265 v1.0.4 contains a segmentation fault in the apply_sao_internal function, which can be exploited via a crafted a file.

Package Name: libde265-0
Installed Version: 1.0.8-1
Fixed Version:

References: github.com
MEDIUM

CVE-2020-21606: libde265 v1.0.4 contains a heap buffer overflow fault in the put_epel_ ...

libde265 v1.0.4 contains a heap buffer overflow fault in the put_epel_16_fallback function, which can be exploited via a crafted a file.

Package Name: libde265-0
Installed Version: 1.0.8-1
Fixed Version:

References: github.com
MEDIUM

CVE-2021-35452: An Incorrect Access Control vulnerability exists in libde265 v1.0.8 du ...

An Incorrect Access Control vulnerability exists in libde265 v1.0.8 due to a SEGV in slice.cc.

Package Name: libde265-0
Installed Version: 1.0.8-1
Fixed Version:

References: github.com
MEDIUM

CVE-2021-36408: An issue was discovered in libde265 v1.0.8.There is a Heap-use-after-f ...

An issue was discovered in libde265 v1.0.8.There is a Heap-use-after-free in intrapred.h when decoding file using dec265.

Package Name: libde265-0
Installed Version: 1.0.8-1
Fixed Version:

References: github.com
MEDIUM

CVE-2021-36410: A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion. ...

A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion.cc in function put_epel_hv_fallback when running program dec265.

Package Name: libde265-0
Installed Version: 1.0.8-1
Fixed Version:

References: github.com
MEDIUM

CVE-2021-36411: An issue has been found in libde265 v1.0.8 due to incorrect access con ...

An issue has been found in libde265 v1.0.8 due to incorrect access control. A SEGV caused by a READ memory access in function derive_boundaryStrength of deblock.cc has occurred. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service.

Package Name: libde265-0
Installed Version: 1.0.8-1
Fixed Version:

References: github.com
MEDIUM

CVE-2022-33068: harfbuzz: integer overflow in the component hb-ot-shape-fallback.cc

An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS) via unspecified vectors.

Package Name: libharfbuzz0b
Installed Version: 2.7.4-1
Fixed Version:

References: access.redhat.com cve.mitre.org github.com github.com lists.fedoraproject.org
MEDIUM

CVE-2021-46822: libjpeg-turbo: heap buffer overflow in get_word_rgb_row() in rdppm.c

The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the get_word_rgb_row function in rdppm.c.

Package Name: libjpeg-dev
Installed Version: 1:2.0.6-4
Fixed Version:

References: access.redhat.com cve.mitre.org exchange.xforce.ibmcloud.com github.com nvd.nist.gov
MEDIUM

CVE-2021-46822: libjpeg-turbo: heap buffer overflow in get_word_rgb_row() in rdppm.c

The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the get_word_rgb_row function in rdppm.c.

Package Name: libjpeg62-turbo
Installed Version: 1:2.0.6-4
Fixed Version:

References: access.redhat.com cve.mitre.org exchange.xforce.ibmcloud.com github.com nvd.nist.gov
MEDIUM

CVE-2021-46822: libjpeg-turbo: heap buffer overflow in get_word_rgb_row() in rdppm.c

The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the get_word_rgb_row function in rdppm.c.

Package Name: libjpeg62-turbo-dev
Installed Version: 1:2.0.6-4
Fixed Version:

References: access.redhat.com cve.mitre.org exchange.xforce.ibmcloud.com github.com nvd.nist.gov
MEDIUM

CVE-2021-20241: ImageMagick: Division by zero in WriteJP2Image() in coders/jp2.c

A flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Package Name: libmagickcore-6-arch-config
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com
MEDIUM

CVE-2021-20243: ImageMagick: Division by zero in GetResizeFilterWeight in MagickCore/resize.c

A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Package Name: libmagickcore-6-arch-config
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com
MEDIUM

CVE-2021-20244: ImageMagick: Division by zero in ImplodeImage in MagickCore/visual-effects.c

A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Package Name: libmagickcore-6-arch-config
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com
MEDIUM

CVE-2021-20245: ImageMagick: Division by zero in WriteAnimatedWEBPImage() in coders/webp.c

A flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Package Name: libmagickcore-6-arch-config
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org
MEDIUM

CVE-2021-20246: ImageMagick: Division by zero in ScaleResampleFilter in MagickCore/resample.c

A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Package Name: libmagickcore-6-arch-config
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com
MEDIUM

CVE-2021-39212: ImageMagick: possible read or write in postscript files

ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded by a `module` policy in `policy.xml`. ex. <policy domain="module" rights="none" pattern="PS" />. The issue has been resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the `module` policy and instead use the `coder` policy that is also our workaround recommendation: <policy domain="coder" rights="none" pattern="{PS,EPI,EPS,EPSF,EPSI}" />.

Package Name: libmagickcore-6-arch-config
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com cve.mitre.org github.com github.com github.com
MEDIUM

CVE-2021-4219: imagemagick: remote DoS in MagicCore/draw.c via crafted SVG file

A flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows an attacker to crash the system.

Package Name: libmagickcore-6-arch-config
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com
MEDIUM

CVE-2022-1115: ImageMagick: heap-buffer-overflow in PushShortPixel of quantum-private.h

No description is available for this CVE.

Package Name: libmagickcore-6-arch-config
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com
MEDIUM

CVE-2021-20241: ImageMagick: Division by zero in WriteJP2Image() in coders/jp2.c

A flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Package Name: libmagickcore-6-headers
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com
MEDIUM

CVE-2021-20243: ImageMagick: Division by zero in GetResizeFilterWeight in MagickCore/resize.c

A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Package Name: libmagickcore-6-headers
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com
MEDIUM

CVE-2021-20244: ImageMagick: Division by zero in ImplodeImage in MagickCore/visual-effects.c

A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Package Name: libmagickcore-6-headers
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com
MEDIUM

CVE-2021-20245: ImageMagick: Division by zero in WriteAnimatedWEBPImage() in coders/webp.c

A flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Package Name: libmagickcore-6-headers
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org
MEDIUM

CVE-2021-20246: ImageMagick: Division by zero in ScaleResampleFilter in MagickCore/resample.c

A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Package Name: libmagickcore-6-headers
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com
MEDIUM

CVE-2021-39212: ImageMagick: possible read or write in postscript files

ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded by a `module` policy in `policy.xml`. ex. <policy domain="module" rights="none" pattern="PS" />. The issue has been resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the `module` policy and instead use the `coder` policy that is also our workaround recommendation: <policy domain="coder" rights="none" pattern="{PS,EPI,EPS,EPSF,EPSI}" />.

Package Name: libmagickcore-6-headers
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com cve.mitre.org github.com github.com github.com
MEDIUM

CVE-2021-4219: imagemagick: remote DoS in MagicCore/draw.c via crafted SVG file

A flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows an attacker to crash the system.

Package Name: libmagickcore-6-headers
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com
MEDIUM

CVE-2022-1115: ImageMagick: heap-buffer-overflow in PushShortPixel of quantum-private.h

No description is available for this CVE.

Package Name: libmagickcore-6-headers
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com
MEDIUM

CVE-2021-20241: ImageMagick: Division by zero in WriteJP2Image() in coders/jp2.c

A flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Package Name: libmagickcore-6.q16-6
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com
MEDIUM

CVE-2021-20243: ImageMagick: Division by zero in GetResizeFilterWeight in MagickCore/resize.c

A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Package Name: libmagickcore-6.q16-6
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com
MEDIUM

CVE-2021-20244: ImageMagick: Division by zero in ImplodeImage in MagickCore/visual-effects.c

A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Package Name: libmagickcore-6.q16-6
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com
MEDIUM

CVE-2021-20245: ImageMagick: Division by zero in WriteAnimatedWEBPImage() in coders/webp.c

A flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Package Name: libmagickcore-6.q16-6
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org
MEDIUM

CVE-2021-20246: ImageMagick: Division by zero in ScaleResampleFilter in MagickCore/resample.c

A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Package Name: libmagickcore-6.q16-6
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com
MEDIUM

CVE-2021-39212: ImageMagick: possible read or write in postscript files

ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded by a `module` policy in `policy.xml`. ex. <policy domain="module" rights="none" pattern="PS" />. The issue has been resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the `module` policy and instead use the `coder` policy that is also our workaround recommendation: <policy domain="coder" rights="none" pattern="{PS,EPI,EPS,EPSF,EPSI}" />.

Package Name: libmagickcore-6.q16-6
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com cve.mitre.org github.com github.com github.com
MEDIUM

CVE-2021-4219: imagemagick: remote DoS in MagicCore/draw.c via crafted SVG file

A flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows an attacker to crash the system.

Package Name: libmagickcore-6.q16-6
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com
MEDIUM

CVE-2022-1115: ImageMagick: heap-buffer-overflow in PushShortPixel of quantum-private.h

No description is available for this CVE.

Package Name: libmagickcore-6.q16-6
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com
MEDIUM

CVE-2021-20241: ImageMagick: Division by zero in WriteJP2Image() in coders/jp2.c

A flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Package Name: libmagickcore-6.q16-6-extra
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com
MEDIUM

CVE-2021-20243: ImageMagick: Division by zero in GetResizeFilterWeight in MagickCore/resize.c

A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Package Name: libmagickcore-6.q16-6-extra
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com
MEDIUM

CVE-2021-20244: ImageMagick: Division by zero in ImplodeImage in MagickCore/visual-effects.c

A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Package Name: libmagickcore-6.q16-6-extra
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com
MEDIUM

CVE-2021-20245: ImageMagick: Division by zero in WriteAnimatedWEBPImage() in coders/webp.c

A flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Package Name: libmagickcore-6.q16-6-extra
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org
MEDIUM

CVE-2021-20246: ImageMagick: Division by zero in ScaleResampleFilter in MagickCore/resample.c

A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Package Name: libmagickcore-6.q16-6-extra
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com
MEDIUM

CVE-2021-39212: ImageMagick: possible read or write in postscript files

ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded by a `module` policy in `policy.xml`. ex. <policy domain="module" rights="none" pattern="PS" />. The issue has been resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the `module` policy and instead use the `coder` policy that is also our workaround recommendation: <policy domain="coder" rights="none" pattern="{PS,EPI,EPS,EPSF,EPSI}" />.

Package Name: libmagickcore-6.q16-6-extra
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com cve.mitre.org github.com github.com github.com
MEDIUM

CVE-2021-4219: imagemagick: remote DoS in MagicCore/draw.c via crafted SVG file

A flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows an attacker to crash the system.

Package Name: libmagickcore-6.q16-6-extra
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com
MEDIUM

CVE-2022-1115: ImageMagick: heap-buffer-overflow in PushShortPixel of quantum-private.h

No description is available for this CVE.

Package Name: libmagickcore-6.q16-6-extra
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com
MEDIUM

CVE-2021-20241: ImageMagick: Division by zero in WriteJP2Image() in coders/jp2.c

A flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Package Name: libmagickcore-6.q16-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com
MEDIUM

CVE-2021-20243: ImageMagick: Division by zero in GetResizeFilterWeight in MagickCore/resize.c

A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Package Name: libmagickcore-6.q16-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com
MEDIUM

CVE-2021-20244: ImageMagick: Division by zero in ImplodeImage in MagickCore/visual-effects.c

A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Package Name: libmagickcore-6.q16-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com
MEDIUM

CVE-2021-20245: ImageMagick: Division by zero in WriteAnimatedWEBPImage() in coders/webp.c

A flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Package Name: libmagickcore-6.q16-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org
MEDIUM

CVE-2021-20246: ImageMagick: Division by zero in ScaleResampleFilter in MagickCore/resample.c

A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Package Name: libmagickcore-6.q16-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com
MEDIUM

CVE-2021-39212: ImageMagick: possible read or write in postscript files

ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded by a `module` policy in `policy.xml`. ex. <policy domain="module" rights="none" pattern="PS" />. The issue has been resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the `module` policy and instead use the `coder` policy that is also our workaround recommendation: <policy domain="coder" rights="none" pattern="{PS,EPI,EPS,EPSF,EPSI}" />.

Package Name: libmagickcore-6.q16-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com cve.mitre.org github.com github.com github.com
MEDIUM

CVE-2021-4219: imagemagick: remote DoS in MagicCore/draw.c via crafted SVG file

A flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows an attacker to crash the system.

Package Name: libmagickcore-6.q16-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com
MEDIUM

CVE-2022-1115: ImageMagick: heap-buffer-overflow in PushShortPixel of quantum-private.h

No description is available for this CVE.

Package Name: libmagickcore-6.q16-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com
MEDIUM

CVE-2021-20241: ImageMagick: Division by zero in WriteJP2Image() in coders/jp2.c

A flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Package Name: libmagickcore-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com
MEDIUM

CVE-2021-20243: ImageMagick: Division by zero in GetResizeFilterWeight in MagickCore/resize.c

A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Package Name: libmagickcore-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com
MEDIUM

CVE-2021-20244: ImageMagick: Division by zero in ImplodeImage in MagickCore/visual-effects.c

A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Package Name: libmagickcore-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com
MEDIUM

CVE-2021-20245: ImageMagick: Division by zero in WriteAnimatedWEBPImage() in coders/webp.c

A flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Package Name: libmagickcore-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org
MEDIUM

CVE-2021-20246: ImageMagick: Division by zero in ScaleResampleFilter in MagickCore/resample.c

A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Package Name: libmagickcore-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com
MEDIUM

CVE-2021-39212: ImageMagick: possible read or write in postscript files

ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded by a `module` policy in `policy.xml`. ex. <policy domain="module" rights="none" pattern="PS" />. The issue has been resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the `module` policy and instead use the `coder` policy that is also our workaround recommendation: <policy domain="coder" rights="none" pattern="{PS,EPI,EPS,EPSF,EPSI}" />.

Package Name: libmagickcore-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com cve.mitre.org github.com github.com github.com
MEDIUM

CVE-2021-4219: imagemagick: remote DoS in MagicCore/draw.c via crafted SVG file

A flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows an attacker to crash the system.

Package Name: libmagickcore-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com
MEDIUM

CVE-2022-1115: ImageMagick: heap-buffer-overflow in PushShortPixel of quantum-private.h

No description is available for this CVE.

Package Name: libmagickcore-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com
MEDIUM

CVE-2021-20241: ImageMagick: Division by zero in WriteJP2Image() in coders/jp2.c

A flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Package Name: libmagickwand-6-headers
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com
MEDIUM

CVE-2021-20243: ImageMagick: Division by zero in GetResizeFilterWeight in MagickCore/resize.c

A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Package Name: libmagickwand-6-headers
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com
MEDIUM

CVE-2021-20244: ImageMagick: Division by zero in ImplodeImage in MagickCore/visual-effects.c

A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Package Name: libmagickwand-6-headers
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com
MEDIUM

CVE-2021-20245: ImageMagick: Division by zero in WriteAnimatedWEBPImage() in coders/webp.c

A flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Package Name: libmagickwand-6-headers
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org
MEDIUM

CVE-2021-20246: ImageMagick: Division by zero in ScaleResampleFilter in MagickCore/resample.c

A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Package Name: libmagickwand-6-headers
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com
MEDIUM

CVE-2021-39212: ImageMagick: possible read or write in postscript files

ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded by a `module` policy in `policy.xml`. ex. <policy domain="module" rights="none" pattern="PS" />. The issue has been resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the `module` policy and instead use the `coder` policy that is also our workaround recommendation: <policy domain="coder" rights="none" pattern="{PS,EPI,EPS,EPSF,EPSI}" />.

Package Name: libmagickwand-6-headers
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com cve.mitre.org github.com github.com github.com
MEDIUM

CVE-2021-4219: imagemagick: remote DoS in MagicCore/draw.c via crafted SVG file

A flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows an attacker to crash the system.

Package Name: libmagickwand-6-headers
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com
MEDIUM

CVE-2022-1115: ImageMagick: heap-buffer-overflow in PushShortPixel of quantum-private.h

No description is available for this CVE.

Package Name: libmagickwand-6-headers
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com
MEDIUM

CVE-2021-20241: ImageMagick: Division by zero in WriteJP2Image() in coders/jp2.c

A flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Package Name: libmagickwand-6.q16-6
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com
MEDIUM

CVE-2021-20243: ImageMagick: Division by zero in GetResizeFilterWeight in MagickCore/resize.c

A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Package Name: libmagickwand-6.q16-6
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com
MEDIUM

CVE-2021-20244: ImageMagick: Division by zero in ImplodeImage in MagickCore/visual-effects.c

A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Package Name: libmagickwand-6.q16-6
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com
MEDIUM

CVE-2021-20245: ImageMagick: Division by zero in WriteAnimatedWEBPImage() in coders/webp.c

A flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Package Name: libmagickwand-6.q16-6
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org
MEDIUM

CVE-2021-20246: ImageMagick: Division by zero in ScaleResampleFilter in MagickCore/resample.c

A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Package Name: libmagickwand-6.q16-6
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com
MEDIUM

CVE-2021-39212: ImageMagick: possible read or write in postscript files

ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded by a `module` policy in `policy.xml`. ex. <policy domain="module" rights="none" pattern="PS" />. The issue has been resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the `module` policy and instead use the `coder` policy that is also our workaround recommendation: <policy domain="coder" rights="none" pattern="{PS,EPI,EPS,EPSF,EPSI}" />.

Package Name: libmagickwand-6.q16-6
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com cve.mitre.org github.com github.com github.com
MEDIUM

CVE-2021-4219: imagemagick: remote DoS in MagicCore/draw.c via crafted SVG file

A flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows an attacker to crash the system.

Package Name: libmagickwand-6.q16-6
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com
MEDIUM

CVE-2022-1115: ImageMagick: heap-buffer-overflow in PushShortPixel of quantum-private.h

No description is available for this CVE.

Package Name: libmagickwand-6.q16-6
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com
MEDIUM

CVE-2021-20241: ImageMagick: Division by zero in WriteJP2Image() in coders/jp2.c

A flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Package Name: libmagickwand-6.q16-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com
MEDIUM

CVE-2021-20243: ImageMagick: Division by zero in GetResizeFilterWeight in MagickCore/resize.c

A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Package Name: libmagickwand-6.q16-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com
MEDIUM

CVE-2021-20244: ImageMagick: Division by zero in ImplodeImage in MagickCore/visual-effects.c

A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Package Name: libmagickwand-6.q16-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com
MEDIUM

CVE-2021-20245: ImageMagick: Division by zero in WriteAnimatedWEBPImage() in coders/webp.c

A flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Package Name: libmagickwand-6.q16-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org
MEDIUM

CVE-2021-20246: ImageMagick: Division by zero in ScaleResampleFilter in MagickCore/resample.c

A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Package Name: libmagickwand-6.q16-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com
MEDIUM

CVE-2021-39212: ImageMagick: possible read or write in postscript files

ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded by a `module` policy in `policy.xml`. ex. <policy domain="module" rights="none" pattern="PS" />. The issue has been resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the `module` policy and instead use the `coder` policy that is also our workaround recommendation: <policy domain="coder" rights="none" pattern="{PS,EPI,EPS,EPSF,EPSI}" />.

Package Name: libmagickwand-6.q16-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com cve.mitre.org github.com github.com github.com
MEDIUM

CVE-2021-4219: imagemagick: remote DoS in MagicCore/draw.c via crafted SVG file

A flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows an attacker to crash the system.

Package Name: libmagickwand-6.q16-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com
MEDIUM

CVE-2022-1115: ImageMagick: heap-buffer-overflow in PushShortPixel of quantum-private.h

No description is available for this CVE.

Package Name: libmagickwand-6.q16-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com
MEDIUM

CVE-2021-20241: ImageMagick: Division by zero in WriteJP2Image() in coders/jp2.c

A flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Package Name: libmagickwand-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com
MEDIUM

CVE-2021-20243: ImageMagick: Division by zero in GetResizeFilterWeight in MagickCore/resize.c

A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Package Name: libmagickwand-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com
MEDIUM

CVE-2021-20244: ImageMagick: Division by zero in ImplodeImage in MagickCore/visual-effects.c

A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Package Name: libmagickwand-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com
MEDIUM

CVE-2021-20245: ImageMagick: Division by zero in WriteAnimatedWEBPImage() in coders/webp.c

A flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Package Name: libmagickwand-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org
MEDIUM

CVE-2021-20246: ImageMagick: Division by zero in ScaleResampleFilter in MagickCore/resample.c

A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Package Name: libmagickwand-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com
MEDIUM

CVE-2021-39212: ImageMagick: possible read or write in postscript files

ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded by a `module` policy in `policy.xml`. ex. <policy domain="module" rights="none" pattern="PS" />. The issue has been resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the `module` policy and instead use the `coder` policy that is also our workaround recommendation: <policy domain="coder" rights="none" pattern="{PS,EPI,EPS,EPSF,EPSI}" />.

Package Name: libmagickwand-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com cve.mitre.org github.com github.com github.com
MEDIUM

CVE-2021-4219: imagemagick: remote DoS in MagicCore/draw.c via crafted SVG file

A flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows an attacker to crash the system.

Package Name: libmagickwand-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com
MEDIUM

CVE-2022-1115: ImageMagick: heap-buffer-overflow in PushShortPixel of quantum-private.h

No description is available for this CVE.

Package Name: libmagickwand-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com
MEDIUM

CVE-2021-23215: OpenEXR: Integer-overflow in Imf_2_5::DwaCompressor::initializeBuffers

An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.

Package Name: libopenexr-dev
Installed Version: 2.5.4-2
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org lists.fedoraproject.org ubuntu.com ubuntu.com
MEDIUM

CVE-2021-26260: OpenEXR: Integer-overflow in Imf_2_5::DwaCompressor::initializeBuffers

An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. This is a different flaw from CVE-2021-23215.

Package Name: libopenexr-dev
Installed Version: 2.5.4-2
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org lists.fedoraproject.org ubuntu.com ubuntu.com
MEDIUM

CVE-2021-3598: OpenEXR: Heap buffer overflow in Imf_3_1::CharPtrIO::readChars

There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.

Package Name: libopenexr-dev
Installed Version: 2.5.4-2
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com ubuntu.com ubuntu.com
MEDIUM

CVE-2021-3605: OpenEXR: Heap buffer overflow in the rleUncompress function

There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.

Package Name: libopenexr-dev
Installed Version: 2.5.4-2
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com ubuntu.com ubuntu.com
MEDIUM

CVE-2021-3933: openexr: Integer-overflow in Imf_3_1::bytesPerDeepLineTable

An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits. This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems with application stability or lead to other attack paths.

Package Name: libopenexr-dev
Installed Version: 2.5.4-2
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.fedoraproject.org ubuntu.com
MEDIUM

CVE-2021-3941: openexr: Divide-by-zero in Imf_3_1::RGBtoXYZ

In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR.

Package Name: libopenexr-dev
Installed Version: 2.5.4-2
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.fedoraproject.org ubuntu.com
MEDIUM

CVE-2021-45942: OpenEXR: heap-based buffer overflow in Imf_3_1:LineCompositeTask:execute

OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute (called from IlmThread_3_1::NullThreadPoolProvider::addTask and IlmThread_3_1::ThreadPool::addGlobalTask). NOTE: db217f2 may be inapplicable.

Package Name: libopenexr-dev
Installed Version: 2.5.4-2
Fixed Version:

References: access.redhat.com bugs.chromium.org cve.mitre.org github.com github.com github.com github.com github.com github.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org
MEDIUM

CVE-2021-23215: OpenEXR: Integer-overflow in Imf_2_5::DwaCompressor::initializeBuffers

An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.

Package Name: libopenexr25
Installed Version: 2.5.4-2
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org lists.fedoraproject.org ubuntu.com ubuntu.com
MEDIUM

CVE-2021-26260: OpenEXR: Integer-overflow in Imf_2_5::DwaCompressor::initializeBuffers

An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. This is a different flaw from CVE-2021-23215.

Package Name: libopenexr25
Installed Version: 2.5.4-2
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org lists.fedoraproject.org ubuntu.com ubuntu.com
MEDIUM

CVE-2021-3598: OpenEXR: Heap buffer overflow in Imf_3_1::CharPtrIO::readChars

There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.

Package Name: libopenexr25
Installed Version: 2.5.4-2
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com ubuntu.com ubuntu.com
MEDIUM

CVE-2021-3605: OpenEXR: Heap buffer overflow in the rleUncompress function

There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.

Package Name: libopenexr25
Installed Version: 2.5.4-2
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com ubuntu.com ubuntu.com
MEDIUM

CVE-2021-3933: openexr: Integer-overflow in Imf_3_1::bytesPerDeepLineTable

An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits. This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems with application stability or lead to other attack paths.

Package Name: libopenexr25
Installed Version: 2.5.4-2
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.fedoraproject.org ubuntu.com
MEDIUM

CVE-2021-3941: openexr: Divide-by-zero in Imf_3_1::RGBtoXYZ

In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR.

Package Name: libopenexr25
Installed Version: 2.5.4-2
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.fedoraproject.org ubuntu.com
MEDIUM

CVE-2021-45942: OpenEXR: heap-based buffer overflow in Imf_3_1:LineCompositeTask:execute

OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute (called from IlmThread_3_1::NullThreadPoolProvider::addTask and IlmThread_3_1::ThreadPool::addGlobalTask). NOTE: db217f2 may be inapplicable.

Package Name: libopenexr25
Installed Version: 2.5.4-2
Fixed Version:

References: access.redhat.com bugs.chromium.org cve.mitre.org github.com github.com github.com github.com github.com github.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org
MEDIUM

CVE-2021-29338: openjpeg: out-of-bounds write due to an integer overflow in opj_compress.c

Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service (DoS). This occurs when the attacker uses the command line option "-ImgDir" on a directory that contains 1048576 files.

Package Name: libopenjp2-7
Installed Version: 2.4.0-3
Fixed Version:

References: access.redhat.com cve.mitre.org github.com github.com github.com github.com github.com github.com linux.oracle.com linux.oracle.com lists.debian.org lists.fedoraproject.org lists.fedoraproject.org
MEDIUM

CVE-2022-1122: openjpeg: segmentation fault in opj2_decompress due to uninitialized pointer

A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service.

Package Name: libopenjp2-7
Installed Version: 2.4.0-3
Fixed Version:

References: access.redhat.com github.com lists.debian.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org
MEDIUM

CVE-2021-29338: openjpeg: out-of-bounds write due to an integer overflow in opj_compress.c

Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service (DoS). This occurs when the attacker uses the command line option "-ImgDir" on a directory that contains 1048576 files.

Package Name: libopenjp2-7-dev
Installed Version: 2.4.0-3
Fixed Version:

References: access.redhat.com cve.mitre.org github.com github.com github.com github.com github.com github.com linux.oracle.com linux.oracle.com lists.debian.org lists.fedoraproject.org lists.fedoraproject.org
MEDIUM

CVE-2022-1122: openjpeg: segmentation fault in opj2_decompress due to uninitialized pointer

A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service.

Package Name: libopenjp2-7-dev
Installed Version: 2.4.0-3
Fixed Version:

References: access.redhat.com github.com lists.debian.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org
MEDIUM

CVE-2021-3426: python: Information disclosure via pydoc

There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7.

Package Name: libpython3.9-minimal
Installed Version: 3.9.2-1
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com github.com linux.oracle.com linux.oracle.com lists.debian.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org python-security.readthedocs.io security.gentoo.org security.netapp.com ubuntu.com www.oracle.com www.oracle.com
MEDIUM

CVE-2021-3733: python: urllib: Regular expression DoS in AbstractBasicAuthHandler

There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.

Package Name: libpython3.9-minimal
Installed Version: 3.9.2-1
Fixed Version:

References: access.redhat.com bugs.python.org bugzilla.redhat.com cve.mitre.org docs.python.org docs.python.org docs.python.org docs.python.org errata.almalinux.org github.com github.com github.com github.com github.com github.com github.com linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com
MEDIUM

CVE-2021-4189: python: ftplib should not use the host from the PASV response

A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible.

Package Name: libpython3.9-minimal
Installed Version: 3.9.2-1
Fixed Version:

References: access.redhat.com bugs.python.org bugzilla.redhat.com cve.mitre.org errata.almalinux.org github.com github.com github.com github.com linux.oracle.com linux.oracle.com ubuntu.com
MEDIUM

CVE-2021-3426: python: Information disclosure via pydoc

There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7.

Package Name: libpython3.9-stdlib
Installed Version: 3.9.2-1
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com github.com linux.oracle.com linux.oracle.com lists.debian.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org python-security.readthedocs.io security.gentoo.org security.netapp.com ubuntu.com www.oracle.com www.oracle.com
MEDIUM

CVE-2021-3733: python: urllib: Regular expression DoS in AbstractBasicAuthHandler

There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.

Package Name: libpython3.9-stdlib
Installed Version: 3.9.2-1
Fixed Version:

References: access.redhat.com bugs.python.org bugzilla.redhat.com cve.mitre.org docs.python.org docs.python.org docs.python.org docs.python.org errata.almalinux.org github.com github.com github.com github.com github.com github.com github.com linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com
MEDIUM

CVE-2021-4189: python: ftplib should not use the host from the PASV response

A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible.

Package Name: libpython3.9-stdlib
Installed Version: 3.9.2-1
Fixed Version:

References: access.redhat.com bugs.python.org bugzilla.redhat.com cve.mitre.org errata.almalinux.org github.com github.com github.com github.com linux.oracle.com linux.oracle.com ubuntu.com
MEDIUM

CVE-2021-45346: sqlite: crafted SQL query allows a malicious user to obtain sensitive information

A Memory Leak vulnerabilty exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicous user obtain sensitive information..

Package Name: libsqlite3-0
Installed Version: 3.34.1-3
Fixed Version:

References: access.redhat.com github.com security.netapp.com sqlite.org
MEDIUM

CVE-2021-45346: sqlite: crafted SQL query allows a malicious user to obtain sensitive information

A Memory Leak vulnerabilty exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicous user obtain sensitive information..

Package Name: libsqlite3-dev
Installed Version: 3.34.1-3
Fixed Version:

References: access.redhat.com github.com security.netapp.com sqlite.org
MEDIUM

CVE-2022-1354: libtiff: heap-buffer-overflow in TIFFReadRawDataStriped() in tiffinfo.c

A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffinfo tool, triggering a heap buffer overflow issue and causing a crash that leads to a denial of service.

Package Name: libtiff-dev
Installed Version: 4.2.0-1+deb11u1
Fixed Version:

References: access.redhat.com cve.mitre.org gitlab.com
MEDIUM

CVE-2022-1355: libtiff: stack-buffer-overflow in tiffcp.c in main()

A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, possibly corrupting the memory, and causing a crash that leads to a denial of service.

Package Name: libtiff-dev
Installed Version: 4.2.0-1+deb11u1
Fixed Version:

References: access.redhat.com
MEDIUM

CVE-2022-1622: libtiff: out-of-bounds read in LZWDecode

LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.

Package Name: libtiff-dev
Installed Version: 4.2.0-1+deb11u1
Fixed Version:

References: access.redhat.com gitlab.com gitlab.com gitlab.com lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com
MEDIUM

CVE-2022-1623: libtiff: out-of-bounds read in LZWDecode

LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:624, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.

Package Name: libtiff-dev
Installed Version: 4.2.0-1+deb11u1
Fixed Version:

References: access.redhat.com gitlab.com gitlab.com gitlab.com lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com
MEDIUM

CVE-2022-2056: LibTiff: DoS from Divide By Zero Error

Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.

Package Name: libtiff-dev
Installed Version: 4.2.0-1+deb11u1
Fixed Version:

References: access.redhat.com gitlab.com gitlab.com gitlab.com lists.fedoraproject.org nvd.nist.gov
MEDIUM

CVE-2022-2057: LibTiff: DoS from Divide By Zero Error

Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.

Package Name: libtiff-dev
Installed Version: 4.2.0-1+deb11u1
Fixed Version:

References: access.redhat.com gitlab.com gitlab.com gitlab.com lists.fedoraproject.org nvd.nist.gov
MEDIUM

CVE-2022-2058: LibTiff: DoS from Divide By Zero Error

Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.

Package Name: libtiff-dev
Installed Version: 4.2.0-1+deb11u1
Fixed Version:

References: access.redhat.com gitlab.com gitlab.com gitlab.com lists.fedoraproject.org nvd.nist.gov
MEDIUM

CVE-2022-1354: libtiff: heap-buffer-overflow in TIFFReadRawDataStriped() in tiffinfo.c

A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffinfo tool, triggering a heap buffer overflow issue and causing a crash that leads to a denial of service.

Package Name: libtiff5
Installed Version: 4.2.0-1+deb11u1
Fixed Version:

References: access.redhat.com cve.mitre.org gitlab.com
MEDIUM

CVE-2022-1355: libtiff: stack-buffer-overflow in tiffcp.c in main()

A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, possibly corrupting the memory, and causing a crash that leads to a denial of service.

Package Name: libtiff5
Installed Version: 4.2.0-1+deb11u1
Fixed Version:

References: access.redhat.com
MEDIUM

CVE-2022-1622: libtiff: out-of-bounds read in LZWDecode

LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.

Package Name: libtiff5
Installed Version: 4.2.0-1+deb11u1
Fixed Version:

References: access.redhat.com gitlab.com gitlab.com gitlab.com lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com
MEDIUM

CVE-2022-1623: libtiff: out-of-bounds read in LZWDecode

LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:624, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.

Package Name: libtiff5
Installed Version: 4.2.0-1+deb11u1
Fixed Version:

References: access.redhat.com gitlab.com gitlab.com gitlab.com lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com
MEDIUM

CVE-2022-2056: LibTiff: DoS from Divide By Zero Error

Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.

Package Name: libtiff5
Installed Version: 4.2.0-1+deb11u1
Fixed Version:

References: access.redhat.com gitlab.com gitlab.com gitlab.com lists.fedoraproject.org nvd.nist.gov
MEDIUM

CVE-2022-2057: LibTiff: DoS from Divide By Zero Error

Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.

Package Name: libtiff5
Installed Version: 4.2.0-1+deb11u1
Fixed Version:

References: access.redhat.com gitlab.com gitlab.com gitlab.com lists.fedoraproject.org nvd.nist.gov
MEDIUM

CVE-2022-2058: LibTiff: DoS from Divide By Zero Error

Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.

Package Name: libtiff5
Installed Version: 4.2.0-1+deb11u1
Fixed Version:

References: access.redhat.com gitlab.com gitlab.com gitlab.com lists.fedoraproject.org nvd.nist.gov
MEDIUM

CVE-2022-1354: libtiff: heap-buffer-overflow in TIFFReadRawDataStriped() in tiffinfo.c

A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffinfo tool, triggering a heap buffer overflow issue and causing a crash that leads to a denial of service.

Package Name: libtiffxx5
Installed Version: 4.2.0-1+deb11u1
Fixed Version:

References: access.redhat.com cve.mitre.org gitlab.com
MEDIUM

CVE-2022-1355: libtiff: stack-buffer-overflow in tiffcp.c in main()

A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, possibly corrupting the memory, and causing a crash that leads to a denial of service.

Package Name: libtiffxx5
Installed Version: 4.2.0-1+deb11u1
Fixed Version:

References: access.redhat.com
MEDIUM

CVE-2022-1622: libtiff: out-of-bounds read in LZWDecode

LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.

Package Name: libtiffxx5
Installed Version: 4.2.0-1+deb11u1
Fixed Version:

References: access.redhat.com gitlab.com gitlab.com gitlab.com lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com
MEDIUM

CVE-2022-1623: libtiff: out-of-bounds read in LZWDecode

LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:624, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.

Package Name: libtiffxx5
Installed Version: 4.2.0-1+deb11u1
Fixed Version:

References: access.redhat.com gitlab.com gitlab.com gitlab.com lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com
MEDIUM

CVE-2022-2056: LibTiff: DoS from Divide By Zero Error

Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.

Package Name: libtiffxx5
Installed Version: 4.2.0-1+deb11u1
Fixed Version:

References: access.redhat.com gitlab.com gitlab.com gitlab.com lists.fedoraproject.org nvd.nist.gov
MEDIUM

CVE-2022-2057: LibTiff: DoS from Divide By Zero Error

Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.

Package Name: libtiffxx5
Installed Version: 4.2.0-1+deb11u1
Fixed Version:

References: access.redhat.com gitlab.com gitlab.com gitlab.com lists.fedoraproject.org nvd.nist.gov
MEDIUM

CVE-2022-2058: LibTiff: DoS from Divide By Zero Error

Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.

Package Name: libtiffxx5
Installed Version: 4.2.0-1+deb11u1
Fixed Version:

References: access.redhat.com gitlab.com gitlab.com gitlab.com lists.fedoraproject.org nvd.nist.gov
MEDIUM

CVE-2019-15213: kernel: use-after-free caused by malicious USB device in drivers/media/usb/dvb-usb/dvb-usb-init.c

An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: lists.opensuse.org www.openwall.com access.redhat.com cdn.kernel.org cve.mitre.org git.kernel.org linux.oracle.com linux.oracle.com lore.kernel.org security.netapp.com syzkaller.appspot.com
MEDIUM

CVE-2019-15794: kernel: Overlayfs in the Linux kernel and shiftfs not restoring original value on error leading to a refcount underflow

Overlayfs in the Linux kernel and shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, both replace vma->vm_file in their mmap handlers. On error the original value is not restored, and the reference is put for the file to which vm_file points. On upstream kernels this is not an issue, as no callers dereference vm_file following after call_mmap() returns an error. However, the aufs patchs change mmap_region() to replace the fput() using a local variable with vma_fput(), which will fput() vm_file, leading to a refcount underflow.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: access.redhat.com cve.mitre.org git.launchpad.net git.launchpad.net ubuntu.com ubuntu.com usn.ubuntu.com usn.ubuntu.com
MEDIUM

CVE-2019-16089: kernel: Improper return check in nbd_genl_status function in drivers/block/nbd.c

An issue was discovered in the Linux kernel through 5.2.13. nbd_genl_status in drivers/block/nbd.c does not check the nla_nest_start_noflag return value.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: access.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com lore.kernel.org lore.kernel.org lore.kernel.org security.netapp.com support.f5.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com
MEDIUM

CVE-2019-20794: kernel: task processes not being properly ended could lead to resource exhaustion

An issue was discovered in the Linux kernel 4.18 through 5.6.11 when unprivileged user namespaces are allowed. A user can create their own PID namespace, and mount a FUSE filesystem. Upon interaction with this FUSE filesystem, if the userspace component is terminated via a kill of the PID namespace's pid 1, it will result in a hung task, and resources being permanently locked up until system reboot. This can result in resource exhaustion.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: www.openwall.com access.redhat.com github.com nvd.nist.gov security.netapp.com sourceforge.net
MEDIUM

CVE-2020-12363: kernel: Improper input validation in some Intel(R) Graphics Drivers

Improper input validation in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: access.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com www.intel.com
MEDIUM

CVE-2020-12364: kernel: Null pointer dereference in some Intel(R) Graphics Drivers

Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before version Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: access.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com www.intel.com
MEDIUM

CVE-2020-14304: kernel: ethtool when reading eeprom of device could lead to memory leak

A memory disclosure flaw was found in the Linux kernel's ethernet drivers, in the way it read data from the EEPROM of the device. This flaw allows a local user to read uninitialized values from the kernel memory. The highest threat from this vulnerability is to confidentiality.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: access.redhat.com bugs.debian.org bugzilla.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com lore.kernel.org
MEDIUM

CVE-2020-15802: hardware: BLURtooth: "Dual mode" hardware using CTKD are vulnerable to key overwrite

Devices supporting Bluetooth before 5.1 may allow man-in-the-middle attacks, aka BLURtooth. Cross Transport Key Derivation in Bluetooth Core Specification v4.2 and v5.0 may permit an unauthenticated user to establish a bonding with one transport, either LE or BR/EDR, and replace a bonding already established on the opposing transport, BR/EDR or LE, potentially overwriting an authenticated key with an unauthenticated key, or a key with greater entropy with one with less.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: access.redhat.com arxiv.org gizmodo.com hexhive.epfl.ch securityaffairs.co www.bluetooth.com www.kb.cert.org www.kb.cert.org
MEDIUM

CVE-2020-24504: kernel: Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers

Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 may allow an authenticated user to potentially enable denial of service via local access.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: access.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com www.intel.com
MEDIUM

CVE-2020-26555: kernel: Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation attack

Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org kb.cert.org lists.fedoraproject.org ubuntu.com www.bluetooth.com www.bluetooth.com www.intel.com
MEDIUM

CVE-2020-36516: kernel: an off-path attacker may inject data or terminate a victim's TCP session

An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: access.redhat.com dl.acm.org linux.oracle.com linux.oracle.com security.netapp.com www.spinics.net
MEDIUM

CVE-2021-33061: kernel: insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters may lead to DoS

Insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: access.redhat.com cve.mitre.org security.netapp.com www.intel.com
MEDIUM

CVE-2021-3669: kernel: reading /proc/sysvipc/shm does not scale with large shared memory segment counts

A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com cve.mitre.org errata.almalinux.org linux.oracle.com linux.oracle.com lore.kernel.org
MEDIUM

CVE-2021-3714: kernel: Remote Page Deduplication Attacks

A flaw was found in the Linux kernels memory deduplication mechanism. Previous work has shown that memory deduplication can be attacked via a local exploitation mechanism. The same technique can be used if an attacker can upload page sized files and detect the change in access time from a networked service to determine if the page has been merged.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: access.redhat.com arxiv.org arxiv.org
MEDIUM

CVE-2021-3759: kernel: unaccounted ipc objects in Linux kernel lead to breaking memcg limits and DoS attacks

A memory overflow vulnerability was found in the Linux kernel’s ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local user to starve the resources, causing a denial of service. The highest threat from this vulnerability is to system availability.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: access.redhat.com cve.mitre.org errata.almalinux.org linux.oracle.com linux.oracle.com lore.kernel.org ubuntu.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com
MEDIUM

CVE-2021-4023: kernel: Improper IO-uring request cancellation operation allows local users to cause a crash

A flaw was found in the io-workqueue implementation in the Linux kernel versions prior to 5.15-rc1. The kernel can panic when an improper cancellation operation triggers the submission of new io-uring operations during a shortage of free space. This flaw allows a local user with permissions to execute io-uring requests to possibly crash the system.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: access.redhat.com bugzilla.redhat.com nvd.nist.gov
MEDIUM

CVE-2021-4037: kernel: security regression for CVE-2018-13405

A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not. This vulnerability is similar to the previous CVE-2018-13405 and adds the missed fix for the XFS.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: access.redhat.com cve.mitre.org errata.almalinux.org git.kernel.org git.kernel.org linux.oracle.com linux.oracle.com
MEDIUM

CVE-2021-4149: kernel: Improper lock operation in btrfs

A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of service (DOS) due to a deadlock problem.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org git.kernel.org linux.oracle.com linux.oracle.com lists.debian.org lkml.org lkml.org nvd.nist.gov ubuntu.com
MEDIUM

CVE-2021-44879: kernel: NULL pointer dereference in folio_mark_dirty() via a crafted f2fs image

In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL pointer dereference.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: access.redhat.com bugzilla.kernel.org cdn.kernel.org cve.mitre.org git.kernel.org lkml.org lore.kernel.org nvd.nist.gov ubuntu.com ubuntu.com www.openwall.com
MEDIUM

CVE-2022-0171: kernel: KVM: cache incoherence issue in SEV API may lead to kernel crash

A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV).

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: access.redhat.com cve.mitre.org git.kernel.org
MEDIUM

CVE-2022-0400: kernel: Out of bounds read in the smc protocol stack

No description is available for this CVE.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org
MEDIUM

CVE-2022-0480: kernel: memcg does not limit the number of POSIX file locks allowing memory exhaustion

A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interface (POSIX) file locks.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org git.kernel.org github.com lore.kernel.org
MEDIUM

CVE-2022-1280: kernel: concurrency use-after-free between drm_setmaster_ioctl and drm_mode_getresources

A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: access.redhat.com bugzilla.redhat.com www.openwall.com
MEDIUM

CVE-2022-1462: kernel: possible race condition in drivers/tty/tty_buffers.c

An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: access.redhat.com bugzilla.redhat.com seclists.org
MEDIUM

CVE-2022-2318: Kernel: A use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c

There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: access.redhat.com github.com nvd.nist.gov
MEDIUM

CVE-2022-23816: CVE-2022-29900 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions

A flaw was found in hw. Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: access.redhat.com linux.oracle.com linux.oracle.com www.amd.com
MEDIUM

CVE-2022-23825: hw: cpu: AMD: Branch Type Confusion (non-retbleed)

Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: access.redhat.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org www.amd.com www.debian.org
MEDIUM

CVE-2022-29900: CVE-2022-23816 CVE-2022-29900 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions

AMD microprocessor families 15h to 18h are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: www.openwall.com www.openwall.com www.openwall.com www.openwall.com xenbits.xen.org access.redhat.com comsec.ethz.ch lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org www.amd.com www.debian.org
MEDIUM

CVE-2022-29901: hw: cpu: Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions

Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: www.openwall.com www.openwall.com www.openwall.com www.openwall.com access.redhat.com comsec.ethz.ch linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org www.amd.com www.intel.com
MEDIUM

CVE-2022-33744: Arm guests can cause Dom0 DoS via PV devices When mapping pages of gue ...

Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory pages.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: www.openwall.com xenbits.xen.org nvd.nist.gov xenbits.xenproject.org
MEDIUM

CVE-2021-3426: python: Information disclosure via pydoc

There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7.

Package Name: python3.9
Installed Version: 3.9.2-1
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com github.com linux.oracle.com linux.oracle.com lists.debian.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org python-security.readthedocs.io security.gentoo.org security.netapp.com ubuntu.com www.oracle.com www.oracle.com
MEDIUM

CVE-2021-3733: python: urllib: Regular expression DoS in AbstractBasicAuthHandler

There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.

Package Name: python3.9
Installed Version: 3.9.2-1
Fixed Version:

References: access.redhat.com bugs.python.org bugzilla.redhat.com cve.mitre.org docs.python.org docs.python.org docs.python.org docs.python.org errata.almalinux.org github.com github.com github.com github.com github.com github.com github.com linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com
MEDIUM

CVE-2021-4189: python: ftplib should not use the host from the PASV response

A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible.

Package Name: python3.9
Installed Version: 3.9.2-1
Fixed Version:

References: access.redhat.com bugs.python.org bugzilla.redhat.com cve.mitre.org errata.almalinux.org github.com github.com github.com github.com linux.oracle.com linux.oracle.com ubuntu.com
MEDIUM

CVE-2021-3426: python: Information disclosure via pydoc

There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7.

Package Name: python3.9-minimal
Installed Version: 3.9.2-1
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com github.com linux.oracle.com linux.oracle.com lists.debian.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org python-security.readthedocs.io security.gentoo.org security.netapp.com ubuntu.com www.oracle.com www.oracle.com
MEDIUM

CVE-2021-3733: python: urllib: Regular expression DoS in AbstractBasicAuthHandler

There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.

Package Name: python3.9-minimal
Installed Version: 3.9.2-1
Fixed Version:

References: access.redhat.com bugs.python.org bugzilla.redhat.com cve.mitre.org docs.python.org docs.python.org docs.python.org docs.python.org errata.almalinux.org github.com github.com github.com github.com github.com github.com github.com linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com
MEDIUM

CVE-2021-4189: python: ftplib should not use the host from the PASV response

A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible.

Package Name: python3.9-minimal
Installed Version: 3.9.2-1
Fixed Version:

References: access.redhat.com bugs.python.org bugzilla.redhat.com cve.mitre.org errata.almalinux.org github.com github.com github.com github.com linux.oracle.com linux.oracle.com ubuntu.com
MEDIUM

CVE-2022-0529: unzip: Heap out-of-bound writes and reads during conversion of wide string to local string

A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.

Package Name: unzip
Installed Version: 6.0-26
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com nvd.nist.gov
MEDIUM

CVE-2022-0530: unzip: SIGSEGV during the conversion of an utf-8 string to a local string

A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.

Package Name: unzip
Installed Version: 6.0-26
Fixed Version:

References: seclists.org seclists.org seclists.org access.redhat.com bugzilla.redhat.com cve.mitre.org github.com nvd.nist.gov support.apple.com support.apple.com support.apple.com
MEDIUM

CVE-2021-31879: wget: authorization header disclosure on redirect

GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.

Package Name: wget
Installed Version: 1.21-1+deb11u1
Fixed Version:

References: access.redhat.com cve.mitre.org mail.gnu.org nvd.nist.gov savannah.gnu.org security.netapp.com
LOW

CVE-2011-3374: It was found that apt-key in apt, all versions, do not correctly valid ...

It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.

Package Name: apt
Installed Version: 2.2.4
Fixed Version:

References: access.redhat.com bugs.debian.org people.canonical.com seclists.org security-tracker.debian.org snyk.io ubuntu.com
LOW

CVE-2017-13716: binutils: Memory leak with the C++ symbol demangler routine in libiberty

The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).

Package Name: binutils
Installed Version: 2.35.2-2
Fixed Version:

References: access.redhat.com cve.mitre.org sourceware.org
LOW

CVE-2018-12934: binutils: Uncontrolled Resource Consumption in remember_Ktype in cplus-dem.c

remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt.

Package Name: binutils
Installed Version: 2.35.2-2
Fixed Version:

References: access.redhat.com bugs.launchpad.net cve.mitre.org gcc.gnu.org sourceware.org ubuntu.com ubuntu.com ubuntu.com usn.ubuntu.com usn.ubuntu.com
LOW

CVE-2018-18483: binutils: Integer overflow in cplus-dem.c:get_count() allows for denial of service

The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt.

Package Name: binutils
Installed Version: 2.35.2-2
Fixed Version:

References: lists.opensuse.org lists.opensuse.org www.securityfocus.com access.redhat.com cve.mitre.org gcc.gnu.org sourceware.org ubuntu.com ubuntu.com ubuntu.com usn.ubuntu.com usn.ubuntu.com
LOW

CVE-2018-20623: binutils: Use-after-free in the error function

In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the process_archive function in readelf.c via a crafted ELF file.

Package Name: binutils
Installed Version: 2.35.2-2
Fixed Version:

References: lists.opensuse.org lists.opensuse.org www.securityfocus.com access.redhat.com cve.mitre.org sourceware.org support.f5.com ubuntu.com ubuntu.com usn.ubuntu.com
LOW

CVE-2018-20673: libiberty: Integer overflow in demangle_template() function

The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for "Create an array for saving the template argument values") that can trigger a heap-based buffer overflow, as demonstrated by nm.

Package Name: binutils
Installed Version: 2.35.2-2
Fixed Version:

References: www.securityfocus.com access.redhat.com linux.oracle.com linux.oracle.com sourceware.org
LOW

CVE-2018-20712: libiberty: heap-based buffer over-read in d_expression_1

A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt.

Package Name: binutils
Installed Version: 2.35.2-2
Fixed Version:

References: www.securityfocus.com access.redhat.com gcc.gnu.org sourceware.org support.f5.com
LOW

CVE-2018-9996: binutils: Stack-overflow in libiberty/cplus-dem.c causes crash

An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_template_value_parm, demangle_integral_value, and demangle_expression.

Package Name: binutils
Installed Version: 2.35.2-2
Fixed Version:

References: www.securityfocus.com access.redhat.com gcc.gnu.org
LOW

CVE-2019-1010204: binutils: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read in gold/fileread.cc and elfcpp/elfcpp_file.h leads to denial of service

GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.

Package Name: binutils
Installed Version: 2.35.2-2
Fixed Version:

References: access.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com security.netapp.com sourceware.org support.f5.com ubuntu.com
LOW

CVE-2020-35448: binutils: Heap-based buffer overflow in bfd_getl_signed_32() in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section() in elf.c

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c.

Package Name: binutils
Installed Version: 2.35.2-2
Fixed Version:

References: access.redhat.com linux.oracle.com linux.oracle.com security.gentoo.org security.netapp.com sourceware.org sourceware.org
LOW

CVE-2021-20197: binutils: Race window allows users to own arbitrary files

There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.

Package Name: binutils
Installed Version: 2.35.2-2
Fixed Version:

References: access.redhat.com bugzilla.redhat.com linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com sourceware.org
LOW

CVE-2021-20284: binutils: Heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c

A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability.

Package Name: binutils
Installed Version: 2.35.2-2
Fixed Version:

References: access.redhat.com bugzilla.redhat.com linux.oracle.com linux.oracle.com security.netapp.com sourceware.org
LOW

CVE-2021-3487: binutils: Excessive debug section size can cause excessive memory consumption in bfd's dwarf2.c read_section()

There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption.

Package Name: binutils
Installed Version: 2.35.2-2
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov ubuntu.com ubuntu.com
LOW

CVE-2021-3530: binutils: stack memory exhaustion in demangle_path() in rust-demangle.c

A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash.

Package Name: binutils
Installed Version: 2.35.2-2
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org security.netapp.com src.fedoraproject.org
LOW

CVE-2021-3549: binutils: heap-based buffer overflow in avr_elf32_load_records_from_section() via large section parameter

An out of bounds flaw was found in GNU binutils objdump utility version 2.36. An attacker could use this flaw and pass a large section to avr_elf32_load_records_from_section() probably resulting in a crash or in some cases memory corruption. The highest threat from this vulnerability is to integrity as well as system availability.

Package Name: binutils
Installed Version: 2.35.2-2
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org
LOW

CVE-2021-45078: binutils: out-of-bounds write in stab_xcoff_builtin_type() in stabs.c

stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.

Package Name: binutils
Installed Version: 2.35.2-2
Fixed Version:

References: access.redhat.com cve.mitre.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com sourceware.org sourceware.org ubuntu.com
LOW

CVE-2021-46195: gcc: uncontrolled recursion in libiberty/rust-demangle.c

GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources.

Package Name: binutils
Installed Version: 2.35.2-2
Fixed Version:

References: access.redhat.com gcc.gnu.org
LOW

CVE-2017-13716: binutils: Memory leak with the C++ symbol demangler routine in libiberty

The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).

Package Name: binutils-common
Installed Version: 2.35.2-2
Fixed Version:

References: access.redhat.com cve.mitre.org sourceware.org
LOW

CVE-2018-12934: binutils: Uncontrolled Resource Consumption in remember_Ktype in cplus-dem.c

remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt.

Package Name: binutils-common
Installed Version: 2.35.2-2
Fixed Version:

References: access.redhat.com bugs.launchpad.net cve.mitre.org gcc.gnu.org sourceware.org ubuntu.com ubuntu.com ubuntu.com usn.ubuntu.com usn.ubuntu.com
LOW

CVE-2018-18483: binutils: Integer overflow in cplus-dem.c:get_count() allows for denial of service

The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt.

Package Name: binutils-common
Installed Version: 2.35.2-2
Fixed Version:

References: lists.opensuse.org lists.opensuse.org www.securityfocus.com access.redhat.com cve.mitre.org gcc.gnu.org sourceware.org ubuntu.com ubuntu.com ubuntu.com usn.ubuntu.com usn.ubuntu.com
LOW

CVE-2018-20623: binutils: Use-after-free in the error function

In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the process_archive function in readelf.c via a crafted ELF file.

Package Name: binutils-common
Installed Version: 2.35.2-2
Fixed Version:

References: lists.opensuse.org lists.opensuse.org www.securityfocus.com access.redhat.com cve.mitre.org sourceware.org support.f5.com ubuntu.com ubuntu.com usn.ubuntu.com
LOW

CVE-2018-20673: libiberty: Integer overflow in demangle_template() function

The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for "Create an array for saving the template argument values") that can trigger a heap-based buffer overflow, as demonstrated by nm.

Package Name: binutils-common
Installed Version: 2.35.2-2
Fixed Version:

References: www.securityfocus.com access.redhat.com linux.oracle.com linux.oracle.com sourceware.org
LOW

CVE-2018-20712: libiberty: heap-based buffer over-read in d_expression_1

A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt.

Package Name: binutils-common
Installed Version: 2.35.2-2
Fixed Version:

References: www.securityfocus.com access.redhat.com gcc.gnu.org sourceware.org support.f5.com
LOW

CVE-2018-9996: binutils: Stack-overflow in libiberty/cplus-dem.c causes crash

An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_template_value_parm, demangle_integral_value, and demangle_expression.

Package Name: binutils-common
Installed Version: 2.35.2-2
Fixed Version:

References: www.securityfocus.com access.redhat.com gcc.gnu.org
LOW

CVE-2019-1010204: binutils: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read in gold/fileread.cc and elfcpp/elfcpp_file.h leads to denial of service

GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.

Package Name: binutils-common
Installed Version: 2.35.2-2
Fixed Version:

References: access.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com security.netapp.com sourceware.org support.f5.com ubuntu.com
LOW

CVE-2020-35448: binutils: Heap-based buffer overflow in bfd_getl_signed_32() in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section() in elf.c

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c.

Package Name: binutils-common
Installed Version: 2.35.2-2
Fixed Version:

References: access.redhat.com linux.oracle.com linux.oracle.com security.gentoo.org security.netapp.com sourceware.org sourceware.org
LOW

CVE-2021-20197: binutils: Race window allows users to own arbitrary files

There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.

Package Name: binutils-common
Installed Version: 2.35.2-2
Fixed Version:

References: access.redhat.com bugzilla.redhat.com linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com sourceware.org
LOW

CVE-2021-20284: binutils: Heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c

A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability.

Package Name: binutils-common
Installed Version: 2.35.2-2
Fixed Version:

References: access.redhat.com bugzilla.redhat.com linux.oracle.com linux.oracle.com security.netapp.com sourceware.org
LOW

CVE-2021-3487: binutils: Excessive debug section size can cause excessive memory consumption in bfd's dwarf2.c read_section()

There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption.

Package Name: binutils-common
Installed Version: 2.35.2-2
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov ubuntu.com ubuntu.com
LOW

CVE-2021-3530: binutils: stack memory exhaustion in demangle_path() in rust-demangle.c

A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash.

Package Name: binutils-common
Installed Version: 2.35.2-2
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org security.netapp.com src.fedoraproject.org
LOW

CVE-2021-3549: binutils: heap-based buffer overflow in avr_elf32_load_records_from_section() via large section parameter

An out of bounds flaw was found in GNU binutils objdump utility version 2.36. An attacker could use this flaw and pass a large section to avr_elf32_load_records_from_section() probably resulting in a crash or in some cases memory corruption. The highest threat from this vulnerability is to integrity as well as system availability.

Package Name: binutils-common
Installed Version: 2.35.2-2
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org
LOW

CVE-2021-45078: binutils: out-of-bounds write in stab_xcoff_builtin_type() in stabs.c

stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.

Package Name: binutils-common
Installed Version: 2.35.2-2
Fixed Version:

References: access.redhat.com cve.mitre.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com sourceware.org sourceware.org ubuntu.com
LOW

CVE-2021-46195: gcc: uncontrolled recursion in libiberty/rust-demangle.c

GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources.

Package Name: binutils-common
Installed Version: 2.35.2-2
Fixed Version:

References: access.redhat.com gcc.gnu.org
LOW

CVE-2017-13716: binutils: Memory leak with the C++ symbol demangler routine in libiberty

The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).

Package Name: binutils-x86-64-linux-gnu
Installed Version: 2.35.2-2
Fixed Version:

References: access.redhat.com cve.mitre.org sourceware.org
LOW

CVE-2018-12934: binutils: Uncontrolled Resource Consumption in remember_Ktype in cplus-dem.c

remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt.

Package Name: binutils-x86-64-linux-gnu
Installed Version: 2.35.2-2
Fixed Version:

References: access.redhat.com bugs.launchpad.net cve.mitre.org gcc.gnu.org sourceware.org ubuntu.com ubuntu.com ubuntu.com usn.ubuntu.com usn.ubuntu.com
LOW

CVE-2018-18483: binutils: Integer overflow in cplus-dem.c:get_count() allows for denial of service

The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt.

Package Name: binutils-x86-64-linux-gnu
Installed Version: 2.35.2-2
Fixed Version:

References: lists.opensuse.org lists.opensuse.org www.securityfocus.com access.redhat.com cve.mitre.org gcc.gnu.org sourceware.org ubuntu.com ubuntu.com ubuntu.com usn.ubuntu.com usn.ubuntu.com
LOW

CVE-2018-20623: binutils: Use-after-free in the error function

In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the process_archive function in readelf.c via a crafted ELF file.

Package Name: binutils-x86-64-linux-gnu
Installed Version: 2.35.2-2
Fixed Version:

References: lists.opensuse.org lists.opensuse.org www.securityfocus.com access.redhat.com cve.mitre.org sourceware.org support.f5.com ubuntu.com ubuntu.com usn.ubuntu.com
LOW

CVE-2018-20673: libiberty: Integer overflow in demangle_template() function

The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for "Create an array for saving the template argument values") that can trigger a heap-based buffer overflow, as demonstrated by nm.

Package Name: binutils-x86-64-linux-gnu
Installed Version: 2.35.2-2
Fixed Version:

References: www.securityfocus.com access.redhat.com linux.oracle.com linux.oracle.com sourceware.org
LOW

CVE-2018-20712: libiberty: heap-based buffer over-read in d_expression_1

A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt.

Package Name: binutils-x86-64-linux-gnu
Installed Version: 2.35.2-2
Fixed Version:

References: www.securityfocus.com access.redhat.com gcc.gnu.org sourceware.org support.f5.com
LOW

CVE-2018-9996: binutils: Stack-overflow in libiberty/cplus-dem.c causes crash

An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_template_value_parm, demangle_integral_value, and demangle_expression.

Package Name: binutils-x86-64-linux-gnu
Installed Version: 2.35.2-2
Fixed Version:

References: www.securityfocus.com access.redhat.com gcc.gnu.org
LOW

CVE-2019-1010204: binutils: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read in gold/fileread.cc and elfcpp/elfcpp_file.h leads to denial of service

GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.

Package Name: binutils-x86-64-linux-gnu
Installed Version: 2.35.2-2
Fixed Version:

References: access.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com security.netapp.com sourceware.org support.f5.com ubuntu.com
LOW

CVE-2020-35448: binutils: Heap-based buffer overflow in bfd_getl_signed_32() in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section() in elf.c

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c.

Package Name: binutils-x86-64-linux-gnu
Installed Version: 2.35.2-2
Fixed Version:

References: access.redhat.com linux.oracle.com linux.oracle.com security.gentoo.org security.netapp.com sourceware.org sourceware.org
LOW

CVE-2021-20197: binutils: Race window allows users to own arbitrary files

There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.

Package Name: binutils-x86-64-linux-gnu
Installed Version: 2.35.2-2
Fixed Version:

References: access.redhat.com bugzilla.redhat.com linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com sourceware.org
LOW

CVE-2021-20284: binutils: Heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c

A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability.

Package Name: binutils-x86-64-linux-gnu
Installed Version: 2.35.2-2
Fixed Version:

References: access.redhat.com bugzilla.redhat.com linux.oracle.com linux.oracle.com security.netapp.com sourceware.org
LOW

CVE-2021-3487: binutils: Excessive debug section size can cause excessive memory consumption in bfd's dwarf2.c read_section()

There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption.

Package Name: binutils-x86-64-linux-gnu
Installed Version: 2.35.2-2
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov ubuntu.com ubuntu.com
LOW

CVE-2021-3530: binutils: stack memory exhaustion in demangle_path() in rust-demangle.c

A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash.

Package Name: binutils-x86-64-linux-gnu
Installed Version: 2.35.2-2
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org security.netapp.com src.fedoraproject.org
LOW

CVE-2021-3549: binutils: heap-based buffer overflow in avr_elf32_load_records_from_section() via large section parameter

An out of bounds flaw was found in GNU binutils objdump utility version 2.36. An attacker could use this flaw and pass a large section to avr_elf32_load_records_from_section() probably resulting in a crash or in some cases memory corruption. The highest threat from this vulnerability is to integrity as well as system availability.

Package Name: binutils-x86-64-linux-gnu
Installed Version: 2.35.2-2
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org
LOW

CVE-2021-45078: binutils: out-of-bounds write in stab_xcoff_builtin_type() in stabs.c

stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.

Package Name: binutils-x86-64-linux-gnu
Installed Version: 2.35.2-2
Fixed Version:

References: access.redhat.com cve.mitre.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com sourceware.org sourceware.org ubuntu.com
LOW

CVE-2021-46195: gcc: uncontrolled recursion in libiberty/rust-demangle.c

GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources.

Package Name: binutils-x86-64-linux-gnu
Installed Version: 2.35.2-2
Fixed Version:

References: access.redhat.com gcc.gnu.org
LOW

CVE-2022-0563: util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline

A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.

Package Name: bsdutils
Installed Version: 2.36.1-8+deb11u1
Fixed Version:

References: access.redhat.com lore.kernel.org nvd.nist.gov security.netapp.com
LOW

CVE-2016-2781: coreutils: Non-privileged session can escape to the parent session in chroot

chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.

Package Name: coreutils
Installed Version: 8.32-4
Fixed Version:

References: seclists.org www.openwall.com www.openwall.com access.redhat.com cve.mitre.org lists.apache.org lore.kernel.org nvd.nist.gov
LOW

CVE-2017-18018: coreutils: race condition vulnerability in chown and chgrp

In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.

Package Name: coreutils
Installed Version: 8.32-4
Fixed Version:

References: lists.gnu.org access.redhat.com
LOW

CVE-2021-22898: curl: TELNET stack contents disclosure

curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.

Package Name: curl
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: www.openwall.com access.redhat.com cert-portal.siemens.com curl.se cve.mitre.org errata.almalinux.org github.com hackerone.com linux.oracle.com linux.oracle.com lists.apache.org lists.debian.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov ubuntu.com ubuntu.com www.oracle.com www.oracle.com www.oracle.com
LOW

CVE-2021-22922: curl: Content not matching hash in Metalink is not being discarded

When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them. In a serial orparallel manner.If one of the servers hosting the contents has been breached and the contentsof the specific file on that server is replaced with a modified payload, curlshould detect this when the hash of the file mismatches after a completeddownload. It should remove the contents and instead try getting the contentsfrom another URL. This is not done, and instead such a hash mismatch is onlymentioned in text and the potentially malicious content is kept in the file ondisk.

Package Name: curl
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: access.redhat.com cert-portal.siemens.com curl.se hackerone.com linux.oracle.com linux.oracle.com lists.apache.org lists.apache.org lists.apache.org lists.apache.org lists.fedoraproject.org nvd.nist.gov security.netapp.com www.oracle.com
LOW

CVE-2021-22923: curl: Metalink download sends credentials

When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often contrary to the user's expectations and intentions and without telling the user it happened.

Package Name: curl
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: access.redhat.com cert-portal.siemens.com curl.se hackerone.com linux.oracle.com linux.oracle.com lists.fedoraproject.org nvd.nist.gov security.netapp.com www.oracle.com
LOW

CVE-2021-22924: curl: Bad connection reuse due to flawed path name checks

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate.

Package Name: curl
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: access.redhat.com cert-portal.siemens.com cert-portal.siemens.com cert-portal.siemens.com curl.se cve.mitre.org hackerone.com linux.oracle.com linux.oracle.com lists.apache.org lists.apache.org lists.apache.org lists.apache.org lists.debian.org lists.fedoraproject.org nvd.nist.gov security.netapp.com ubuntu.com www.oracle.com www.oracle.com
LOW

CVE-2018-1000021: git: client prints server-sent ANSI escape codes to the terminal, allowing for unverified messages to potentially execute arbitrary commands

GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).

Package Name: git
Installed Version: 1:2.30.2-1
Fixed Version:

References: www.batterystapl.es access.redhat.com cve.mitre.org
LOW

CVE-2022-24975: git: The --mirror option for git leaks secret for deleted content, aka the "GitBleed"

The --mirror documentation for Git through 2.35.1 does not mention the availability of deleted content, aka the "GitBleed" issue. This could present a security risk if information-disclosure auditing processes rely on a clone operation without the --mirror option.

Package Name: git
Installed Version: 1:2.30.2-1
Fixed Version:

References: access.redhat.com github.com wwws.nightwatchcybersecurity.com
LOW

CVE-2018-1000021: git: client prints server-sent ANSI escape codes to the terminal, allowing for unverified messages to potentially execute arbitrary commands

GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).

Package Name: git-man
Installed Version: 1:2.30.2-1
Fixed Version:

References: www.batterystapl.es access.redhat.com cve.mitre.org
LOW

CVE-2022-24975: git: The --mirror option for git leaks secret for deleted content, aka the "GitBleed"

The --mirror documentation for Git through 2.35.1 does not mention the availability of deleted content, aka the "GitBleed" issue. This could present a security risk if information-disclosure auditing processes rely on a clone operation without the --mirror option.

Package Name: git-man
Installed Version: 1:2.30.2-1
Fixed Version:

References: access.redhat.com github.com wwws.nightwatchcybersecurity.com
LOW

CVE-2005-0406: A design flaw in image processing software that modifies JPEG images m ...

A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image.

Package Name: imagemagick
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: seclists.org www.redteam-pentesting.de
LOW

CVE-2008-3134: GraphicsMagick/ImageMagick: multiple crash or DoS issues

Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, and (9) TGA decoder readers; and (b) the GetImageCharacteristics function in magick/image.c, as reachable from a crafted (10) PNG, (11) JPEG, (12) BMP, or (13) TIFF file.

Package Name: imagemagick
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: lists.opensuse.org secunia.com secunia.com sourceforge.net sourceforge.net www.securityfocus.com www.securitytracker.com www.vupen.com access.redhat.com exchange.xforce.ibmcloud.com exchange.xforce.ibmcloud.com
LOW

CVE-2016-8678: ImageMagick: Heap-buffer overflow in IsPixelMonochrome

The IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted file. NOTE: the vendor says "This is a Q64 issue and we do not support Q64."

Package Name: imagemagick
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: www.openwall.com www.openwall.com www.securityfocus.com access.redhat.com bugzilla.redhat.com github.com
LOW

CVE-2017-11754: ImageMagick: Memory leak in WritePICONImage function

The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an OpenPixelCache call.

Package Name: imagemagick
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com github.com
LOW

CVE-2017-11755: ImageMagick: Memory leak in WritePICONImage function via mishandled AcquireSemaphoreInfo call

The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an AcquireSemaphoreInfo call.

Package Name: imagemagick
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com github.com
LOW

CVE-2017-7275: ImageMagick: Memory allocation failure in AcquireMagickMemory (incomplete fix for CVE-2016-8866)

The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862 and CVE-2016-8866.

Package Name: imagemagick
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: www.securityfocus.com access.redhat.com blogs.gentoo.org github.com
LOW

CVE-2018-15607: ImageMagick: CPU Exhaustion via crafted input file

In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.

Package Name: imagemagick
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: www.securityfocus.com access.redhat.com cve.mitre.org github.com linux.oracle.com linux.oracle.com ubuntu.com usn.ubuntu.com
LOW

CVE-2021-20311: ImageMagick: Division by zero in sRGBTransformImage() in MagickCore/colorspace.c

A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.

Package Name: imagemagick
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com
LOW

CVE-2005-0406: A design flaw in image processing software that modifies JPEG images m ...

A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image.

Package Name: imagemagick-6-common
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: seclists.org www.redteam-pentesting.de
LOW

CVE-2008-3134: GraphicsMagick/ImageMagick: multiple crash or DoS issues

Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, and (9) TGA decoder readers; and (b) the GetImageCharacteristics function in magick/image.c, as reachable from a crafted (10) PNG, (11) JPEG, (12) BMP, or (13) TIFF file.

Package Name: imagemagick-6-common
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: lists.opensuse.org secunia.com secunia.com sourceforge.net sourceforge.net www.securityfocus.com www.securitytracker.com www.vupen.com access.redhat.com exchange.xforce.ibmcloud.com exchange.xforce.ibmcloud.com
LOW

CVE-2016-8678: ImageMagick: Heap-buffer overflow in IsPixelMonochrome

The IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted file. NOTE: the vendor says "This is a Q64 issue and we do not support Q64."

Package Name: imagemagick-6-common
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: www.openwall.com www.openwall.com www.securityfocus.com access.redhat.com bugzilla.redhat.com github.com
LOW

CVE-2017-11754: ImageMagick: Memory leak in WritePICONImage function

The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an OpenPixelCache call.

Package Name: imagemagick-6-common
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com github.com
LOW

CVE-2017-11755: ImageMagick: Memory leak in WritePICONImage function via mishandled AcquireSemaphoreInfo call

The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an AcquireSemaphoreInfo call.

Package Name: imagemagick-6-common
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com github.com
LOW

CVE-2017-7275: ImageMagick: Memory allocation failure in AcquireMagickMemory (incomplete fix for CVE-2016-8866)

The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862 and CVE-2016-8866.

Package Name: imagemagick-6-common
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: www.securityfocus.com access.redhat.com blogs.gentoo.org github.com
LOW

CVE-2018-15607: ImageMagick: CPU Exhaustion via crafted input file

In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.

Package Name: imagemagick-6-common
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: www.securityfocus.com access.redhat.com cve.mitre.org github.com linux.oracle.com linux.oracle.com ubuntu.com usn.ubuntu.com
LOW

CVE-2021-20311: ImageMagick: Division by zero in sRGBTransformImage() in MagickCore/colorspace.c

A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.

Package Name: imagemagick-6-common
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com
LOW

CVE-2005-0406: A design flaw in image processing software that modifies JPEG images m ...

A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image.

Package Name: imagemagick-6.q16
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: seclists.org www.redteam-pentesting.de
LOW

CVE-2008-3134: GraphicsMagick/ImageMagick: multiple crash or DoS issues

Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, and (9) TGA decoder readers; and (b) the GetImageCharacteristics function in magick/image.c, as reachable from a crafted (10) PNG, (11) JPEG, (12) BMP, or (13) TIFF file.

Package Name: imagemagick-6.q16
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: lists.opensuse.org secunia.com secunia.com sourceforge.net sourceforge.net www.securityfocus.com www.securitytracker.com www.vupen.com access.redhat.com exchange.xforce.ibmcloud.com exchange.xforce.ibmcloud.com
LOW

CVE-2016-8678: ImageMagick: Heap-buffer overflow in IsPixelMonochrome

The IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted file. NOTE: the vendor says "This is a Q64 issue and we do not support Q64."

Package Name: imagemagick-6.q16
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: www.openwall.com www.openwall.com www.securityfocus.com access.redhat.com bugzilla.redhat.com github.com
LOW

CVE-2017-11754: ImageMagick: Memory leak in WritePICONImage function

The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an OpenPixelCache call.

Package Name: imagemagick-6.q16
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com github.com
LOW

CVE-2017-11755: ImageMagick: Memory leak in WritePICONImage function via mishandled AcquireSemaphoreInfo call

The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an AcquireSemaphoreInfo call.

Package Name: imagemagick-6.q16
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com github.com
LOW

CVE-2017-7275: ImageMagick: Memory allocation failure in AcquireMagickMemory (incomplete fix for CVE-2016-8866)

The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862 and CVE-2016-8866.

Package Name: imagemagick-6.q16
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: www.securityfocus.com access.redhat.com blogs.gentoo.org github.com
LOW

CVE-2018-15607: ImageMagick: CPU Exhaustion via crafted input file

In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.

Package Name: imagemagick-6.q16
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: www.securityfocus.com access.redhat.com cve.mitre.org github.com linux.oracle.com linux.oracle.com ubuntu.com usn.ubuntu.com
LOW

CVE-2021-20311: ImageMagick: Division by zero in sRGBTransformImage() in MagickCore/colorspace.c

A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.

Package Name: imagemagick-6.q16
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com
LOW

CVE-2004-0971: security flaw

The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.

Package Name: krb5-multidev
Installed Version: 1.18.3-6+deb11u1
Fixed Version:

References: bugzilla.redhat.com www.gentoo.org www.redhat.com www.securityfocus.com www.trustix.org access.redhat.com exchange.xforce.ibmcloud.com lists.apache.org oval.cisecurity.org
LOW

CVE-2018-5709: krb5: integer overflow in dbentry->n_key_data in kadmin/dbutil/dump.c

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.

Package Name: krb5-multidev
Installed Version: 1.18.3-6+deb11u1
Fixed Version:

References: access.redhat.com github.com lists.apache.org
LOW

CVE-2011-3374: It was found that apt-key in apt, all versions, do not correctly valid ...

It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.

Package Name: libapt-pkg6.0
Installed Version: 2.2.4
Fixed Version:

References: access.redhat.com bugs.debian.org people.canonical.com seclists.org security-tracker.debian.org snyk.io ubuntu.com
LOW

CVE-2017-13716: binutils: Memory leak with the C++ symbol demangler routine in libiberty

The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).

Package Name: libbinutils
Installed Version: 2.35.2-2
Fixed Version:

References: access.redhat.com cve.mitre.org sourceware.org
LOW

CVE-2018-12934: binutils: Uncontrolled Resource Consumption in remember_Ktype in cplus-dem.c

remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt.

Package Name: libbinutils
Installed Version: 2.35.2-2
Fixed Version:

References: access.redhat.com bugs.launchpad.net cve.mitre.org gcc.gnu.org sourceware.org ubuntu.com ubuntu.com ubuntu.com usn.ubuntu.com usn.ubuntu.com
LOW

CVE-2018-18483: binutils: Integer overflow in cplus-dem.c:get_count() allows for denial of service

The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt.

Package Name: libbinutils
Installed Version: 2.35.2-2
Fixed Version:

References: lists.opensuse.org lists.opensuse.org www.securityfocus.com access.redhat.com cve.mitre.org gcc.gnu.org sourceware.org ubuntu.com ubuntu.com ubuntu.com usn.ubuntu.com usn.ubuntu.com
LOW

CVE-2018-20623: binutils: Use-after-free in the error function

In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the process_archive function in readelf.c via a crafted ELF file.

Package Name: libbinutils
Installed Version: 2.35.2-2
Fixed Version:

References: lists.opensuse.org lists.opensuse.org www.securityfocus.com access.redhat.com cve.mitre.org sourceware.org support.f5.com ubuntu.com ubuntu.com usn.ubuntu.com
LOW

CVE-2018-20673: libiberty: Integer overflow in demangle_template() function

The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for "Create an array for saving the template argument values") that can trigger a heap-based buffer overflow, as demonstrated by nm.

Package Name: libbinutils
Installed Version: 2.35.2-2
Fixed Version:

References: www.securityfocus.com access.redhat.com linux.oracle.com linux.oracle.com sourceware.org
LOW

CVE-2018-20712: libiberty: heap-based buffer over-read in d_expression_1

A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt.

Package Name: libbinutils
Installed Version: 2.35.2-2
Fixed Version:

References: www.securityfocus.com access.redhat.com gcc.gnu.org sourceware.org support.f5.com
LOW

CVE-2018-9996: binutils: Stack-overflow in libiberty/cplus-dem.c causes crash

An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_template_value_parm, demangle_integral_value, and demangle_expression.

Package Name: libbinutils
Installed Version: 2.35.2-2
Fixed Version:

References: www.securityfocus.com access.redhat.com gcc.gnu.org
LOW

CVE-2019-1010204: binutils: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read in gold/fileread.cc and elfcpp/elfcpp_file.h leads to denial of service

GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.

Package Name: libbinutils
Installed Version: 2.35.2-2
Fixed Version:

References: access.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com security.netapp.com sourceware.org support.f5.com ubuntu.com
LOW

CVE-2020-35448: binutils: Heap-based buffer overflow in bfd_getl_signed_32() in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section() in elf.c

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c.

Package Name: libbinutils
Installed Version: 2.35.2-2
Fixed Version:

References: access.redhat.com linux.oracle.com linux.oracle.com security.gentoo.org security.netapp.com sourceware.org sourceware.org
LOW

CVE-2021-20197: binutils: Race window allows users to own arbitrary files

There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.

Package Name: libbinutils
Installed Version: 2.35.2-2
Fixed Version:

References: access.redhat.com bugzilla.redhat.com linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com sourceware.org
LOW

CVE-2021-20284: binutils: Heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c

A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability.

Package Name: libbinutils
Installed Version: 2.35.2-2
Fixed Version:

References: access.redhat.com bugzilla.redhat.com linux.oracle.com linux.oracle.com security.netapp.com sourceware.org
LOW

CVE-2021-3487: binutils: Excessive debug section size can cause excessive memory consumption in bfd's dwarf2.c read_section()

There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption.

Package Name: libbinutils
Installed Version: 2.35.2-2
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov ubuntu.com ubuntu.com
LOW

CVE-2021-3530: binutils: stack memory exhaustion in demangle_path() in rust-demangle.c

A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash.

Package Name: libbinutils
Installed Version: 2.35.2-2
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org security.netapp.com src.fedoraproject.org
LOW

CVE-2021-3549: binutils: heap-based buffer overflow in avr_elf32_load_records_from_section() via large section parameter

An out of bounds flaw was found in GNU binutils objdump utility version 2.36. An attacker could use this flaw and pass a large section to avr_elf32_load_records_from_section() probably resulting in a crash or in some cases memory corruption. The highest threat from this vulnerability is to integrity as well as system availability.

Package Name: libbinutils
Installed Version: 2.35.2-2
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org
LOW

CVE-2021-45078: binutils: out-of-bounds write in stab_xcoff_builtin_type() in stabs.c

stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.

Package Name: libbinutils
Installed Version: 2.35.2-2
Fixed Version:

References: access.redhat.com cve.mitre.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com sourceware.org sourceware.org ubuntu.com
LOW

CVE-2021-46195: gcc: uncontrolled recursion in libiberty/rust-demangle.c

GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources.

Package Name: libbinutils
Installed Version: 2.35.2-2
Fixed Version:

References: access.redhat.com gcc.gnu.org
LOW

CVE-2022-0563: util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline

A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.

Package Name: libblkid-dev
Installed Version: 2.36.1-8+deb11u1
Fixed Version:

References: access.redhat.com lore.kernel.org nvd.nist.gov security.netapp.com
LOW

CVE-2022-0563: util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline

A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.

Package Name: libblkid1
Installed Version: 2.36.1-8+deb11u1
Fixed Version:

References: access.redhat.com lore.kernel.org nvd.nist.gov security.netapp.com
LOW

CVE-2010-4756: glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions

The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.

Package Name: libc-bin
Installed Version: 2.31-13+deb11u3
Fixed Version:

References: cxib.net securityreason.com securityreason.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com nvd.nist.gov
LOW

CVE-2018-20796: glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c

In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\\1\\1|t1|\\\2537)+' in grep.

Package Name: libc-bin
Installed Version: 2.31-13+deb11u3
Fixed Version:

References: www.securityfocus.com access.redhat.com debbugs.gnu.org lists.gnu.org nvd.nist.gov security.netapp.com support.f5.com
LOW

CVE-2019-1010022: glibc: stack guard protection bypass

** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat."

Package Name: libc-bin
Installed Version: 2.31-13+deb11u3
Fixed Version:

References: access.redhat.com security-tracker.debian.org sourceware.org sourceware.org ubuntu.com
LOW

CVE-2019-1010023: glibc: running ldd on malicious ELF leads to code execution because of wrong size computation

** DISPUTED ** GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat."

Package Name: libc-bin
Installed Version: 2.31-13+deb11u3
Fixed Version:

References: www.securityfocus.com access.redhat.com security-tracker.debian.org sourceware.org support.f5.com ubuntu.com
LOW

CVE-2019-1010024: glibc: ASLR bypass using cache of thread stack and heap

** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat."

Package Name: libc-bin
Installed Version: 2.31-13+deb11u3
Fixed Version:

References: www.securityfocus.com access.redhat.com security-tracker.debian.org sourceware.org support.f5.com support.f5.com ubuntu.com
LOW

CVE-2019-1010025: glibc: information disclosure of heap addresses of pthread_created thread

** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is "ASLR bypass itself is not a vulnerability."

Package Name: libc-bin
Installed Version: 2.31-13+deb11u3
Fixed Version:

References: access.redhat.com security-tracker.debian.org sourceware.org support.f5.com support.f5.com ubuntu.com
LOW

CVE-2019-9192: glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c

** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\1\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern.

Package Name: libc-bin
Installed Version: 2.31-13+deb11u3
Fixed Version:

References: access.redhat.com nvd.nist.gov sourceware.org support.f5.com
LOW

CVE-2010-4756: glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions

The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.

Package Name: libc-dev-bin
Installed Version: 2.31-13+deb11u3
Fixed Version:

References: cxib.net securityreason.com securityreason.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com nvd.nist.gov
LOW

CVE-2018-20796: glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c

In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\\1\\1|t1|\\\2537)+' in grep.

Package Name: libc-dev-bin
Installed Version: 2.31-13+deb11u3
Fixed Version:

References: www.securityfocus.com access.redhat.com debbugs.gnu.org lists.gnu.org nvd.nist.gov security.netapp.com support.f5.com
LOW

CVE-2019-1010022: glibc: stack guard protection bypass

** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat."

Package Name: libc-dev-bin
Installed Version: 2.31-13+deb11u3
Fixed Version:

References: access.redhat.com security-tracker.debian.org sourceware.org sourceware.org ubuntu.com
LOW

CVE-2019-1010023: glibc: running ldd on malicious ELF leads to code execution because of wrong size computation

** DISPUTED ** GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat."

Package Name: libc-dev-bin
Installed Version: 2.31-13+deb11u3
Fixed Version:

References: www.securityfocus.com access.redhat.com security-tracker.debian.org sourceware.org support.f5.com ubuntu.com
LOW

CVE-2019-1010024: glibc: ASLR bypass using cache of thread stack and heap

** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat."

Package Name: libc-dev-bin
Installed Version: 2.31-13+deb11u3
Fixed Version:

References: www.securityfocus.com access.redhat.com security-tracker.debian.org sourceware.org support.f5.com support.f5.com ubuntu.com
LOW

CVE-2019-1010025: glibc: information disclosure of heap addresses of pthread_created thread

** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is "ASLR bypass itself is not a vulnerability."

Package Name: libc-dev-bin
Installed Version: 2.31-13+deb11u3
Fixed Version:

References: access.redhat.com security-tracker.debian.org sourceware.org support.f5.com support.f5.com ubuntu.com
LOW

CVE-2019-9192: glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c

** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\1\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern.

Package Name: libc-dev-bin
Installed Version: 2.31-13+deb11u3
Fixed Version:

References: access.redhat.com nvd.nist.gov sourceware.org support.f5.com
LOW

CVE-2010-4756: glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions

The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.

Package Name: libc6
Installed Version: 2.31-13+deb11u3
Fixed Version:

References: cxib.net securityreason.com securityreason.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com nvd.nist.gov
LOW

CVE-2018-20796: glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c

In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\\1\\1|t1|\\\2537)+' in grep.

Package Name: libc6
Installed Version: 2.31-13+deb11u3
Fixed Version:

References: www.securityfocus.com access.redhat.com debbugs.gnu.org lists.gnu.org nvd.nist.gov security.netapp.com support.f5.com
LOW

CVE-2019-1010022: glibc: stack guard protection bypass

** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat."

Package Name: libc6
Installed Version: 2.31-13+deb11u3
Fixed Version:

References: access.redhat.com security-tracker.debian.org sourceware.org sourceware.org ubuntu.com
LOW

CVE-2019-1010023: glibc: running ldd on malicious ELF leads to code execution because of wrong size computation

** DISPUTED ** GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat."

Package Name: libc6
Installed Version: 2.31-13+deb11u3
Fixed Version:

References: www.securityfocus.com access.redhat.com security-tracker.debian.org sourceware.org support.f5.com ubuntu.com
LOW

CVE-2019-1010024: glibc: ASLR bypass using cache of thread stack and heap

** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat."

Package Name: libc6
Installed Version: 2.31-13+deb11u3
Fixed Version:

References: www.securityfocus.com access.redhat.com security-tracker.debian.org sourceware.org support.f5.com support.f5.com ubuntu.com
LOW

CVE-2019-1010025: glibc: information disclosure of heap addresses of pthread_created thread

** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is "ASLR bypass itself is not a vulnerability."

Package Name: libc6
Installed Version: 2.31-13+deb11u3
Fixed Version:

References: access.redhat.com security-tracker.debian.org sourceware.org support.f5.com support.f5.com ubuntu.com
LOW

CVE-2019-9192: glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c

** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\1\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern.

Package Name: libc6
Installed Version: 2.31-13+deb11u3
Fixed Version:

References: access.redhat.com nvd.nist.gov sourceware.org support.f5.com
LOW

CVE-2010-4756: glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions

The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.

Package Name: libc6-dev
Installed Version: 2.31-13+deb11u3
Fixed Version:

References: cxib.net securityreason.com securityreason.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com nvd.nist.gov
LOW

CVE-2018-20796: glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c

In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\\1\\1|t1|\\\2537)+' in grep.

Package Name: libc6-dev
Installed Version: 2.31-13+deb11u3
Fixed Version:

References: www.securityfocus.com access.redhat.com debbugs.gnu.org lists.gnu.org nvd.nist.gov security.netapp.com support.f5.com
LOW

CVE-2019-1010022: glibc: stack guard protection bypass

** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat."

Package Name: libc6-dev
Installed Version: 2.31-13+deb11u3
Fixed Version:

References: access.redhat.com security-tracker.debian.org sourceware.org sourceware.org ubuntu.com
LOW

CVE-2019-1010023: glibc: running ldd on malicious ELF leads to code execution because of wrong size computation

** DISPUTED ** GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat."

Package Name: libc6-dev
Installed Version: 2.31-13+deb11u3
Fixed Version:

References: www.securityfocus.com access.redhat.com security-tracker.debian.org sourceware.org support.f5.com ubuntu.com
LOW

CVE-2019-1010024: glibc: ASLR bypass using cache of thread stack and heap

** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat."

Package Name: libc6-dev
Installed Version: 2.31-13+deb11u3
Fixed Version:

References: www.securityfocus.com access.redhat.com security-tracker.debian.org sourceware.org support.f5.com support.f5.com ubuntu.com
LOW

CVE-2019-1010025: glibc: information disclosure of heap addresses of pthread_created thread

** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is "ASLR bypass itself is not a vulnerability."

Package Name: libc6-dev
Installed Version: 2.31-13+deb11u3
Fixed Version:

References: access.redhat.com security-tracker.debian.org sourceware.org support.f5.com support.f5.com ubuntu.com
LOW

CVE-2019-9192: glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c

** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\1\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern.

Package Name: libc6-dev
Installed Version: 2.31-13+deb11u3
Fixed Version:

References: access.redhat.com nvd.nist.gov sourceware.org support.f5.com
LOW

CVE-2017-7475: cairo: NULL pointer dereference with a crafted font file

Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.

Package Name: libcairo-gobject2
Installed Version: 1.16.0-5
Fixed Version:

References: seclists.org access.redhat.com bugs.freedesktop.org bugzilla.redhat.com cve.mitre.org github.com lists.apache.org nvd.nist.gov
LOW

CVE-2018-18064: cairo: Stack-based buffer overflow via parsing of crafted WebKitGTK+ document

cairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c (the generate and render_rows functions) and cairo-image-compositor.c (the _cairo_image_spans_and_zero function).

Package Name: libcairo-gobject2
Installed Version: 1.16.0-5
Fixed Version:

References: access.redhat.com cve.mitre.org gitlab.freedesktop.org lists.apache.org
LOW

CVE-2019-6461: cairo: assertion problem in _cairo_arc_in_direction in cairo-arc.c

An issue was discovered in cairo 1.16.0. There is an assertion problem in the function _cairo_arc_in_direction in the file cairo-arc.c.

Package Name: libcairo-gobject2
Installed Version: 1.16.0-5
Fixed Version:

References: access.redhat.com cve.mitre.org github.com gitlab.freedesktop.org lists.apache.org nvd.nist.gov
LOW

CVE-2019-6462: cairo: infinite loop in the function _arc_error_normalized in the file cairo-arc.c

An issue was discovered in cairo 1.16.0. There is an infinite loop in the function _arc_error_normalized in the file cairo-arc.c, related to _arc_max_angle_for_tolerance_normalized.

Package Name: libcairo-gobject2
Installed Version: 1.16.0-5
Fixed Version:

References: access.redhat.com cve.mitre.org github.com gitlab.freedesktop.org lists.apache.org nvd.nist.gov ubuntu.com
LOW

CVE-2017-7475: cairo: NULL pointer dereference with a crafted font file

Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.

Package Name: libcairo-script-interpreter2
Installed Version: 1.16.0-5
Fixed Version:

References: seclists.org access.redhat.com bugs.freedesktop.org bugzilla.redhat.com cve.mitre.org github.com lists.apache.org nvd.nist.gov
LOW

CVE-2018-18064: cairo: Stack-based buffer overflow via parsing of crafted WebKitGTK+ document

cairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c (the generate and render_rows functions) and cairo-image-compositor.c (the _cairo_image_spans_and_zero function).

Package Name: libcairo-script-interpreter2
Installed Version: 1.16.0-5
Fixed Version:

References: access.redhat.com cve.mitre.org gitlab.freedesktop.org lists.apache.org
LOW

CVE-2019-6461: cairo: assertion problem in _cairo_arc_in_direction in cairo-arc.c

An issue was discovered in cairo 1.16.0. There is an assertion problem in the function _cairo_arc_in_direction in the file cairo-arc.c.

Package Name: libcairo-script-interpreter2
Installed Version: 1.16.0-5
Fixed Version:

References: access.redhat.com cve.mitre.org github.com gitlab.freedesktop.org lists.apache.org nvd.nist.gov
LOW

CVE-2019-6462: cairo: infinite loop in the function _arc_error_normalized in the file cairo-arc.c

An issue was discovered in cairo 1.16.0. There is an infinite loop in the function _arc_error_normalized in the file cairo-arc.c, related to _arc_max_angle_for_tolerance_normalized.

Package Name: libcairo-script-interpreter2
Installed Version: 1.16.0-5
Fixed Version:

References: access.redhat.com cve.mitre.org github.com gitlab.freedesktop.org lists.apache.org nvd.nist.gov ubuntu.com
LOW

CVE-2017-7475: cairo: NULL pointer dereference with a crafted font file

Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.

Package Name: libcairo2
Installed Version: 1.16.0-5
Fixed Version:

References: seclists.org access.redhat.com bugs.freedesktop.org bugzilla.redhat.com cve.mitre.org github.com lists.apache.org nvd.nist.gov
LOW

CVE-2018-18064: cairo: Stack-based buffer overflow via parsing of crafted WebKitGTK+ document

cairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c (the generate and render_rows functions) and cairo-image-compositor.c (the _cairo_image_spans_and_zero function).

Package Name: libcairo2
Installed Version: 1.16.0-5
Fixed Version:

References: access.redhat.com cve.mitre.org gitlab.freedesktop.org lists.apache.org
LOW

CVE-2019-6461: cairo: assertion problem in _cairo_arc_in_direction in cairo-arc.c

An issue was discovered in cairo 1.16.0. There is an assertion problem in the function _cairo_arc_in_direction in the file cairo-arc.c.

Package Name: libcairo2
Installed Version: 1.16.0-5
Fixed Version:

References: access.redhat.com cve.mitre.org github.com gitlab.freedesktop.org lists.apache.org nvd.nist.gov
LOW

CVE-2019-6462: cairo: infinite loop in the function _arc_error_normalized in the file cairo-arc.c

An issue was discovered in cairo 1.16.0. There is an infinite loop in the function _arc_error_normalized in the file cairo-arc.c, related to _arc_max_angle_for_tolerance_normalized.

Package Name: libcairo2
Installed Version: 1.16.0-5
Fixed Version:

References: access.redhat.com cve.mitre.org github.com gitlab.freedesktop.org lists.apache.org nvd.nist.gov ubuntu.com
LOW

CVE-2017-7475: cairo: NULL pointer dereference with a crafted font file

Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.

Package Name: libcairo2-dev
Installed Version: 1.16.0-5
Fixed Version:

References: seclists.org access.redhat.com bugs.freedesktop.org bugzilla.redhat.com cve.mitre.org github.com lists.apache.org nvd.nist.gov
LOW

CVE-2018-18064: cairo: Stack-based buffer overflow via parsing of crafted WebKitGTK+ document

cairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c (the generate and render_rows functions) and cairo-image-compositor.c (the _cairo_image_spans_and_zero function).

Package Name: libcairo2-dev
Installed Version: 1.16.0-5
Fixed Version:

References: access.redhat.com cve.mitre.org gitlab.freedesktop.org lists.apache.org
LOW

CVE-2019-6461: cairo: assertion problem in _cairo_arc_in_direction in cairo-arc.c

An issue was discovered in cairo 1.16.0. There is an assertion problem in the function _cairo_arc_in_direction in the file cairo-arc.c.

Package Name: libcairo2-dev
Installed Version: 1.16.0-5
Fixed Version:

References: access.redhat.com cve.mitre.org github.com gitlab.freedesktop.org lists.apache.org nvd.nist.gov
LOW

CVE-2019-6462: cairo: infinite loop in the function _arc_error_normalized in the file cairo-arc.c

An issue was discovered in cairo 1.16.0. There is an infinite loop in the function _arc_error_normalized in the file cairo-arc.c, related to _arc_max_angle_for_tolerance_normalized.

Package Name: libcairo2-dev
Installed Version: 1.16.0-5
Fixed Version:

References: access.redhat.com cve.mitre.org github.com gitlab.freedesktop.org lists.apache.org nvd.nist.gov ubuntu.com
LOW

CVE-2017-13716: binutils: Memory leak with the C++ symbol demangler routine in libiberty

The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).

Package Name: libctf-nobfd0
Installed Version: 2.35.2-2
Fixed Version:

References: access.redhat.com cve.mitre.org sourceware.org
LOW

CVE-2018-12934: binutils: Uncontrolled Resource Consumption in remember_Ktype in cplus-dem.c

remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt.

Package Name: libctf-nobfd0
Installed Version: 2.35.2-2
Fixed Version:

References: access.redhat.com bugs.launchpad.net cve.mitre.org gcc.gnu.org sourceware.org ubuntu.com ubuntu.com ubuntu.com usn.ubuntu.com usn.ubuntu.com
LOW

CVE-2018-18483: binutils: Integer overflow in cplus-dem.c:get_count() allows for denial of service

The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt.

Package Name: libctf-nobfd0
Installed Version: 2.35.2-2
Fixed Version:

References: lists.opensuse.org lists.opensuse.org www.securityfocus.com access.redhat.com cve.mitre.org gcc.gnu.org sourceware.org ubuntu.com ubuntu.com ubuntu.com usn.ubuntu.com usn.ubuntu.com
LOW

CVE-2018-20623: binutils: Use-after-free in the error function

In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the process_archive function in readelf.c via a crafted ELF file.

Package Name: libctf-nobfd0
Installed Version: 2.35.2-2
Fixed Version:

References: lists.opensuse.org lists.opensuse.org www.securityfocus.com access.redhat.com cve.mitre.org sourceware.org support.f5.com ubuntu.com ubuntu.com usn.ubuntu.com
LOW

CVE-2018-20673: libiberty: Integer overflow in demangle_template() function

The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for "Create an array for saving the template argument values") that can trigger a heap-based buffer overflow, as demonstrated by nm.

Package Name: libctf-nobfd0
Installed Version: 2.35.2-2
Fixed Version:

References: www.securityfocus.com access.redhat.com linux.oracle.com linux.oracle.com sourceware.org
LOW

CVE-2018-20712: libiberty: heap-based buffer over-read in d_expression_1

A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt.

Package Name: libctf-nobfd0
Installed Version: 2.35.2-2
Fixed Version:

References: www.securityfocus.com access.redhat.com gcc.gnu.org sourceware.org support.f5.com
LOW

CVE-2018-9996: binutils: Stack-overflow in libiberty/cplus-dem.c causes crash

An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_template_value_parm, demangle_integral_value, and demangle_expression.

Package Name: libctf-nobfd0
Installed Version: 2.35.2-2
Fixed Version:

References: www.securityfocus.com access.redhat.com gcc.gnu.org
LOW

CVE-2019-1010204: binutils: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read in gold/fileread.cc and elfcpp/elfcpp_file.h leads to denial of service

GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.

Package Name: libctf-nobfd0
Installed Version: 2.35.2-2
Fixed Version:

References: access.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com security.netapp.com sourceware.org support.f5.com ubuntu.com
LOW

CVE-2020-35448: binutils: Heap-based buffer overflow in bfd_getl_signed_32() in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section() in elf.c

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c.

Package Name: libctf-nobfd0
Installed Version: 2.35.2-2
Fixed Version:

References: access.redhat.com linux.oracle.com linux.oracle.com security.gentoo.org security.netapp.com sourceware.org sourceware.org
LOW

CVE-2021-20197: binutils: Race window allows users to own arbitrary files

There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.

Package Name: libctf-nobfd0
Installed Version: 2.35.2-2
Fixed Version:

References: access.redhat.com bugzilla.redhat.com linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com sourceware.org
LOW

CVE-2021-20284: binutils: Heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c

A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability.

Package Name: libctf-nobfd0
Installed Version: 2.35.2-2
Fixed Version:

References: access.redhat.com bugzilla.redhat.com linux.oracle.com linux.oracle.com security.netapp.com sourceware.org
LOW

CVE-2021-3487: binutils: Excessive debug section size can cause excessive memory consumption in bfd's dwarf2.c read_section()

There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption.

Package Name: libctf-nobfd0
Installed Version: 2.35.2-2
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov ubuntu.com ubuntu.com
LOW

CVE-2021-3530: binutils: stack memory exhaustion in demangle_path() in rust-demangle.c

A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash.

Package Name: libctf-nobfd0
Installed Version: 2.35.2-2
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org security.netapp.com src.fedoraproject.org
LOW

CVE-2021-3549: binutils: heap-based buffer overflow in avr_elf32_load_records_from_section() via large section parameter

An out of bounds flaw was found in GNU binutils objdump utility version 2.36. An attacker could use this flaw and pass a large section to avr_elf32_load_records_from_section() probably resulting in a crash or in some cases memory corruption. The highest threat from this vulnerability is to integrity as well as system availability.

Package Name: libctf-nobfd0
Installed Version: 2.35.2-2
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org
LOW

CVE-2021-45078: binutils: out-of-bounds write in stab_xcoff_builtin_type() in stabs.c

stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.

Package Name: libctf-nobfd0
Installed Version: 2.35.2-2
Fixed Version:

References: access.redhat.com cve.mitre.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com sourceware.org sourceware.org ubuntu.com
LOW

CVE-2021-46195: gcc: uncontrolled recursion in libiberty/rust-demangle.c

GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources.

Package Name: libctf-nobfd0
Installed Version: 2.35.2-2
Fixed Version:

References: access.redhat.com gcc.gnu.org
LOW

CVE-2017-13716: binutils: Memory leak with the C++ symbol demangler routine in libiberty

The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).

Package Name: libctf0
Installed Version: 2.35.2-2
Fixed Version:

References: access.redhat.com cve.mitre.org sourceware.org
LOW

CVE-2018-12934: binutils: Uncontrolled Resource Consumption in remember_Ktype in cplus-dem.c

remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt.

Package Name: libctf0
Installed Version: 2.35.2-2
Fixed Version:

References: access.redhat.com bugs.launchpad.net cve.mitre.org gcc.gnu.org sourceware.org ubuntu.com ubuntu.com ubuntu.com usn.ubuntu.com usn.ubuntu.com
LOW

CVE-2018-18483: binutils: Integer overflow in cplus-dem.c:get_count() allows for denial of service

The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt.

Package Name: libctf0
Installed Version: 2.35.2-2
Fixed Version:

References: lists.opensuse.org lists.opensuse.org www.securityfocus.com access.redhat.com cve.mitre.org gcc.gnu.org sourceware.org ubuntu.com ubuntu.com ubuntu.com usn.ubuntu.com usn.ubuntu.com
LOW

CVE-2018-20623: binutils: Use-after-free in the error function

In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the process_archive function in readelf.c via a crafted ELF file.

Package Name: libctf0
Installed Version: 2.35.2-2
Fixed Version:

References: lists.opensuse.org lists.opensuse.org www.securityfocus.com access.redhat.com cve.mitre.org sourceware.org support.f5.com ubuntu.com ubuntu.com usn.ubuntu.com
LOW

CVE-2018-20673: libiberty: Integer overflow in demangle_template() function

The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for "Create an array for saving the template argument values") that can trigger a heap-based buffer overflow, as demonstrated by nm.

Package Name: libctf0
Installed Version: 2.35.2-2
Fixed Version:

References: www.securityfocus.com access.redhat.com linux.oracle.com linux.oracle.com sourceware.org
LOW

CVE-2018-20712: libiberty: heap-based buffer over-read in d_expression_1

A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt.

Package Name: libctf0
Installed Version: 2.35.2-2
Fixed Version:

References: www.securityfocus.com access.redhat.com gcc.gnu.org sourceware.org support.f5.com
LOW

CVE-2018-9996: binutils: Stack-overflow in libiberty/cplus-dem.c causes crash

An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_template_value_parm, demangle_integral_value, and demangle_expression.

Package Name: libctf0
Installed Version: 2.35.2-2
Fixed Version:

References: www.securityfocus.com access.redhat.com gcc.gnu.org
LOW

CVE-2019-1010204: binutils: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read in gold/fileread.cc and elfcpp/elfcpp_file.h leads to denial of service

GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.

Package Name: libctf0
Installed Version: 2.35.2-2
Fixed Version:

References: access.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com security.netapp.com sourceware.org support.f5.com ubuntu.com
LOW

CVE-2020-35448: binutils: Heap-based buffer overflow in bfd_getl_signed_32() in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section() in elf.c

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c.

Package Name: libctf0
Installed Version: 2.35.2-2
Fixed Version:

References: access.redhat.com linux.oracle.com linux.oracle.com security.gentoo.org security.netapp.com sourceware.org sourceware.org
LOW

CVE-2021-20197: binutils: Race window allows users to own arbitrary files

There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.

Package Name: libctf0
Installed Version: 2.35.2-2
Fixed Version:

References: access.redhat.com bugzilla.redhat.com linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com sourceware.org
LOW

CVE-2021-20284: binutils: Heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c

A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability.

Package Name: libctf0
Installed Version: 2.35.2-2
Fixed Version:

References: access.redhat.com bugzilla.redhat.com linux.oracle.com linux.oracle.com security.netapp.com sourceware.org
LOW

CVE-2021-3487: binutils: Excessive debug section size can cause excessive memory consumption in bfd's dwarf2.c read_section()

There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption.

Package Name: libctf0
Installed Version: 2.35.2-2
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov ubuntu.com ubuntu.com
LOW

CVE-2021-3530: binutils: stack memory exhaustion in demangle_path() in rust-demangle.c

A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash.

Package Name: libctf0
Installed Version: 2.35.2-2
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org security.netapp.com src.fedoraproject.org
LOW

CVE-2021-3549: binutils: heap-based buffer overflow in avr_elf32_load_records_from_section() via large section parameter

An out of bounds flaw was found in GNU binutils objdump utility version 2.36. An attacker could use this flaw and pass a large section to avr_elf32_load_records_from_section() probably resulting in a crash or in some cases memory corruption. The highest threat from this vulnerability is to integrity as well as system availability.

Package Name: libctf0
Installed Version: 2.35.2-2
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org
LOW

CVE-2021-45078: binutils: out-of-bounds write in stab_xcoff_builtin_type() in stabs.c

stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.

Package Name: libctf0
Installed Version: 2.35.2-2
Fixed Version:

References: access.redhat.com cve.mitre.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com sourceware.org sourceware.org ubuntu.com
LOW

CVE-2021-46195: gcc: uncontrolled recursion in libiberty/rust-demangle.c

GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources.

Package Name: libctf0
Installed Version: 2.35.2-2
Fixed Version:

References: access.redhat.com gcc.gnu.org
LOW

CVE-2021-22898: curl: TELNET stack contents disclosure

curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.

Package Name: libcurl3-gnutls
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: www.openwall.com access.redhat.com cert-portal.siemens.com curl.se cve.mitre.org errata.almalinux.org github.com hackerone.com linux.oracle.com linux.oracle.com lists.apache.org lists.debian.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov ubuntu.com ubuntu.com www.oracle.com www.oracle.com www.oracle.com
LOW

CVE-2021-22922: curl: Content not matching hash in Metalink is not being discarded

When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them. In a serial orparallel manner.If one of the servers hosting the contents has been breached and the contentsof the specific file on that server is replaced with a modified payload, curlshould detect this when the hash of the file mismatches after a completeddownload. It should remove the contents and instead try getting the contentsfrom another URL. This is not done, and instead such a hash mismatch is onlymentioned in text and the potentially malicious content is kept in the file ondisk.

Package Name: libcurl3-gnutls
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: access.redhat.com cert-portal.siemens.com curl.se hackerone.com linux.oracle.com linux.oracle.com lists.apache.org lists.apache.org lists.apache.org lists.apache.org lists.fedoraproject.org nvd.nist.gov security.netapp.com www.oracle.com
LOW

CVE-2021-22923: curl: Metalink download sends credentials

When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often contrary to the user's expectations and intentions and without telling the user it happened.

Package Name: libcurl3-gnutls
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: access.redhat.com cert-portal.siemens.com curl.se hackerone.com linux.oracle.com linux.oracle.com lists.fedoraproject.org nvd.nist.gov security.netapp.com www.oracle.com
LOW

CVE-2021-22924: curl: Bad connection reuse due to flawed path name checks

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate.

Package Name: libcurl3-gnutls
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: access.redhat.com cert-portal.siemens.com cert-portal.siemens.com cert-portal.siemens.com curl.se cve.mitre.org hackerone.com linux.oracle.com linux.oracle.com lists.apache.org lists.apache.org lists.apache.org lists.apache.org lists.debian.org lists.fedoraproject.org nvd.nist.gov security.netapp.com ubuntu.com www.oracle.com www.oracle.com
LOW

CVE-2021-22898: curl: TELNET stack contents disclosure

curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.

Package Name: libcurl4
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: www.openwall.com access.redhat.com cert-portal.siemens.com curl.se cve.mitre.org errata.almalinux.org github.com hackerone.com linux.oracle.com linux.oracle.com lists.apache.org lists.debian.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov ubuntu.com ubuntu.com www.oracle.com www.oracle.com www.oracle.com
LOW

CVE-2021-22922: curl: Content not matching hash in Metalink is not being discarded

When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them. In a serial orparallel manner.If one of the servers hosting the contents has been breached and the contentsof the specific file on that server is replaced with a modified payload, curlshould detect this when the hash of the file mismatches after a completeddownload. It should remove the contents and instead try getting the contentsfrom another URL. This is not done, and instead such a hash mismatch is onlymentioned in text and the potentially malicious content is kept in the file ondisk.

Package Name: libcurl4
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: access.redhat.com cert-portal.siemens.com curl.se hackerone.com linux.oracle.com linux.oracle.com lists.apache.org lists.apache.org lists.apache.org lists.apache.org lists.fedoraproject.org nvd.nist.gov security.netapp.com www.oracle.com
LOW

CVE-2021-22923: curl: Metalink download sends credentials

When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often contrary to the user's expectations and intentions and without telling the user it happened.

Package Name: libcurl4
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: access.redhat.com cert-portal.siemens.com curl.se hackerone.com linux.oracle.com linux.oracle.com lists.fedoraproject.org nvd.nist.gov security.netapp.com www.oracle.com
LOW

CVE-2021-22924: curl: Bad connection reuse due to flawed path name checks

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate.

Package Name: libcurl4
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: access.redhat.com cert-portal.siemens.com cert-portal.siemens.com cert-portal.siemens.com curl.se cve.mitre.org hackerone.com linux.oracle.com linux.oracle.com lists.apache.org lists.apache.org lists.apache.org lists.apache.org lists.debian.org lists.fedoraproject.org nvd.nist.gov security.netapp.com ubuntu.com www.oracle.com www.oracle.com
LOW

CVE-2021-22898: curl: TELNET stack contents disclosure

curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.

Package Name: libcurl4-openssl-dev
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: www.openwall.com access.redhat.com cert-portal.siemens.com curl.se cve.mitre.org errata.almalinux.org github.com hackerone.com linux.oracle.com linux.oracle.com lists.apache.org lists.debian.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov ubuntu.com ubuntu.com www.oracle.com www.oracle.com www.oracle.com
LOW

CVE-2021-22922: curl: Content not matching hash in Metalink is not being discarded

When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them. In a serial orparallel manner.If one of the servers hosting the contents has been breached and the contentsof the specific file on that server is replaced with a modified payload, curlshould detect this when the hash of the file mismatches after a completeddownload. It should remove the contents and instead try getting the contentsfrom another URL. This is not done, and instead such a hash mismatch is onlymentioned in text and the potentially malicious content is kept in the file ondisk.

Package Name: libcurl4-openssl-dev
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: access.redhat.com cert-portal.siemens.com curl.se hackerone.com linux.oracle.com linux.oracle.com lists.apache.org lists.apache.org lists.apache.org lists.apache.org lists.fedoraproject.org nvd.nist.gov security.netapp.com www.oracle.com
LOW

CVE-2021-22923: curl: Metalink download sends credentials

When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often contrary to the user's expectations and intentions and without telling the user it happened.

Package Name: libcurl4-openssl-dev
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: access.redhat.com cert-portal.siemens.com curl.se hackerone.com linux.oracle.com linux.oracle.com lists.fedoraproject.org nvd.nist.gov security.netapp.com www.oracle.com
LOW

CVE-2021-22924: curl: Bad connection reuse due to flawed path name checks

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate.

Package Name: libcurl4-openssl-dev
Installed Version: 7.74.0-1.3+deb11u1
Fixed Version:

References: access.redhat.com cert-portal.siemens.com cert-portal.siemens.com cert-portal.siemens.com curl.se cve.mitre.org hackerone.com linux.oracle.com linux.oracle.com lists.apache.org lists.apache.org lists.apache.org lists.apache.org lists.debian.org lists.fedoraproject.org nvd.nist.gov security.netapp.com ubuntu.com www.oracle.com www.oracle.com
LOW

CVE-2013-0340: expat: internal entity expansion

expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.

Package Name: libexpat1
Installed Version: 2.2.10-2+deb11u3
Fixed Version:

References: openwall.com seclists.org seclists.org seclists.org seclists.org seclists.org seclists.org seclists.org seclists.org seclists.org securitytracker.com www.openwall.com www.openwall.com www.osvdb.org www.securityfocus.com access.redhat.com lists.apache.org lists.apache.org nvd.nist.gov security.gentoo.org support.apple.com support.apple.com support.apple.com support.apple.com support.apple.com support.apple.com
LOW

CVE-2013-0340: expat: internal entity expansion

expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.

Package Name: libexpat1-dev
Installed Version: 2.2.10-2+deb11u3
Fixed Version:

References: openwall.com seclists.org seclists.org seclists.org seclists.org seclists.org seclists.org seclists.org seclists.org seclists.org securitytracker.com www.openwall.com www.openwall.com www.osvdb.org www.securityfocus.com access.redhat.com lists.apache.org lists.apache.org nvd.nist.gov security.gentoo.org support.apple.com support.apple.com support.apple.com support.apple.com support.apple.com support.apple.com
LOW

CVE-2022-31782: ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based bu ...

ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based buffer overflow.

Package Name: libfreetype-dev
Installed Version: 2.10.4+dfsg-1+deb11u1
Fixed Version:

References: cve.mitre.org gitlab.freedesktop.org
LOW

CVE-2022-31782: ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based bu ...

ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based buffer overflow.

Package Name: libfreetype6
Installed Version: 2.10.4+dfsg-1+deb11u1
Fixed Version:

References: cve.mitre.org gitlab.freedesktop.org
LOW

CVE-2022-31782: ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based bu ...

ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based buffer overflow.

Package Name: libfreetype6-dev
Installed Version: 2.10.4+dfsg-1+deb11u1
Fixed Version:

References: cve.mitre.org gitlab.freedesktop.org
LOW

CVE-2018-6829: libgcrypt: ElGamal implementation doesn't have semantic security due to incorrectly encoded plaintexts possibly allowing to obtain sensitive information

cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.

Package Name: libgcrypt20
Installed Version: 1.8.7-6
Fixed Version:

References: access.redhat.com github.com github.com lists.gnupg.org www.oracle.com
LOW

CVE-2012-0039: glib2: hash table collisions CPU usage DoS

** DISPUTED ** GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this issue may be disputed by the vendor; the existence of the g_str_hash function is not a vulnerability in the library, because callers of g_hash_table_new and g_hash_table_new_full can specify an arbitrary hash function that is appropriate for the application.

Package Name: libglib2.0-0
Installed Version: 2.66.8-1
Fixed Version:

References: bugs.debian.org mail.gnome.org openwall.com access.redhat.com bugzilla.redhat.com
LOW

CVE-2012-0039: glib2: hash table collisions CPU usage DoS

** DISPUTED ** GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this issue may be disputed by the vendor; the existence of the g_str_hash function is not a vulnerability in the library, because callers of g_hash_table_new and g_hash_table_new_full can specify an arbitrary hash function that is appropriate for the application.

Package Name: libglib2.0-bin
Installed Version: 2.66.8-1
Fixed Version:

References: bugs.debian.org mail.gnome.org openwall.com access.redhat.com bugzilla.redhat.com
LOW

CVE-2012-0039: glib2: hash table collisions CPU usage DoS

** DISPUTED ** GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this issue may be disputed by the vendor; the existence of the g_str_hash function is not a vulnerability in the library, because callers of g_hash_table_new and g_hash_table_new_full can specify an arbitrary hash function that is appropriate for the application.

Package Name: libglib2.0-data
Installed Version: 2.66.8-1
Fixed Version:

References: bugs.debian.org mail.gnome.org openwall.com access.redhat.com bugzilla.redhat.com
LOW

CVE-2012-0039: glib2: hash table collisions CPU usage DoS

** DISPUTED ** GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this issue may be disputed by the vendor; the existence of the g_str_hash function is not a vulnerability in the library, because callers of g_hash_table_new and g_hash_table_new_full can specify an arbitrary hash function that is appropriate for the application.

Package Name: libglib2.0-dev
Installed Version: 2.66.8-1
Fixed Version:

References: bugs.debian.org mail.gnome.org openwall.com access.redhat.com bugzilla.redhat.com
LOW

CVE-2012-0039: glib2: hash table collisions CPU usage DoS

** DISPUTED ** GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this issue may be disputed by the vendor; the existence of the g_str_hash function is not a vulnerability in the library, because callers of g_hash_table_new and g_hash_table_new_full can specify an arbitrary hash function that is appropriate for the application.

Package Name: libglib2.0-dev-bin
Installed Version: 2.66.8-1
Fixed Version:

References: bugs.debian.org mail.gnome.org openwall.com access.redhat.com bugzilla.redhat.com
LOW

CVE-2011-3389: HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.

Package Name: libgnutls30
Installed Version: 3.7.1-5+deb11u1
Fixed Version:

References: arcticdog.wordpress.com blog.mozilla.com blogs.technet.com blogs.technet.com curl.haxx.se downloads.asterisk.org ekoparty.org eprint.iacr.org eprint.iacr.org googlechromereleases.blogspot.com isc.sans.edu lists.apple.com lists.apple.com lists.apple.com lists.apple.com lists.apple.com lists.apple.com lists.apple.com lists.opensuse.org lists.opensuse.org lists.opensuse.org lists.opensuse.org marc.info marc.info marc.info marc.info marc.info marc.info my.opera.com osvdb.org rhn.redhat.com rhn.redhat.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com security.gentoo.org security.gentoo.org support.apple.com support.apple.com support.apple.com support.apple.com support.apple.com support.apple.com technet.microsoft.com vnhacker.blogspot.com www.apcmedia.com www.debian.org www.educatedguesswork.org www.ibm.com www.imperialviolet.org www.insecure.cl www.kb.cert.org www.mandriva.com www.opera.com www.opera.com www.opera.com www.opera.com www.opera.com www.opera.com www.opera.com www.oracle.com www.oracle.com www.oracle.com www.redhat.com www.redhat.com www.securityfocus.com www.securityfocus.com www.securitytracker.com www.securitytracker.com www.securitytracker.com www.securitytracker.com www.ubuntu.com www.us-cert.gov access.redhat.com blogs.oracle.com bugzilla.novell.com bugzilla.redhat.com cert-portal.siemens.com cve.mitre.org docs.microsoft.com h20564.www2.hp.com hermes.opensuse.org hermes.opensuse.org ics-cert.us-cert.gov linux.oracle.com linux.oracle.com oval.cisecurity.org ubuntu.com
LOW

CVE-2004-0971: security flaw

The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.

Package Name: libgssapi-krb5-2
Installed Version: 1.18.3-6+deb11u1
Fixed Version:

References: bugzilla.redhat.com www.gentoo.org www.redhat.com www.securityfocus.com www.trustix.org access.redhat.com exchange.xforce.ibmcloud.com lists.apache.org oval.cisecurity.org
LOW

CVE-2018-5709: krb5: integer overflow in dbentry->n_key_data in kadmin/dbutil/dump.c

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.

Package Name: libgssapi-krb5-2
Installed Version: 1.18.3-6+deb11u1
Fixed Version:

References: access.redhat.com github.com lists.apache.org
LOW

CVE-2004-0971: security flaw

The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.

Package Name: libgssrpc4
Installed Version: 1.18.3-6+deb11u1
Fixed Version:

References: bugzilla.redhat.com www.gentoo.org www.redhat.com www.securityfocus.com www.trustix.org access.redhat.com exchange.xforce.ibmcloud.com lists.apache.org oval.cisecurity.org
LOW

CVE-2018-5709: krb5: integer overflow in dbentry->n_key_data in kadmin/dbutil/dump.c

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.

Package Name: libgssrpc4
Installed Version: 1.18.3-6+deb11u1
Fixed Version:

References: access.redhat.com github.com lists.apache.org
LOW

CVE-2017-9937: libtiff: memory malloc failure in tif_jbig.c could cause DOS.

In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted TIFF document can lead to an abort resulting in a remote denial of service attack.

Package Name: libjbig-dev
Installed Version: 2.1-3.1
Fixed Version:

References: bugzilla.maptools.org www.securityfocus.com access.redhat.com cve.mitre.org lists.apache.org
LOW

CVE-2017-9937: libtiff: memory malloc failure in tif_jbig.c could cause DOS.

In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted TIFF document can lead to an abort resulting in a remote denial of service attack.

Package Name: libjbig0
Installed Version: 2.1-3.1
Fixed Version:

References: bugzilla.maptools.org www.securityfocus.com access.redhat.com cve.mitre.org lists.apache.org
LOW

CVE-2004-0971: security flaw

The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.

Package Name: libk5crypto3
Installed Version: 1.18.3-6+deb11u1
Fixed Version:

References: bugzilla.redhat.com www.gentoo.org www.redhat.com www.securityfocus.com www.trustix.org access.redhat.com exchange.xforce.ibmcloud.com lists.apache.org oval.cisecurity.org
LOW

CVE-2018-5709: krb5: integer overflow in dbentry->n_key_data in kadmin/dbutil/dump.c

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.

Package Name: libk5crypto3
Installed Version: 1.18.3-6+deb11u1
Fixed Version:

References: access.redhat.com github.com lists.apache.org
LOW

CVE-2004-0971: security flaw

The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.

Package Name: libkadm5clnt-mit12
Installed Version: 1.18.3-6+deb11u1
Fixed Version:

References: bugzilla.redhat.com www.gentoo.org www.redhat.com www.securityfocus.com www.trustix.org access.redhat.com exchange.xforce.ibmcloud.com lists.apache.org oval.cisecurity.org
LOW

CVE-2018-5709: krb5: integer overflow in dbentry->n_key_data in kadmin/dbutil/dump.c

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.

Package Name: libkadm5clnt-mit12
Installed Version: 1.18.3-6+deb11u1
Fixed Version:

References: access.redhat.com github.com lists.apache.org
LOW

CVE-2004-0971: security flaw

The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.

Package Name: libkadm5srv-mit12
Installed Version: 1.18.3-6+deb11u1
Fixed Version:

References: bugzilla.redhat.com www.gentoo.org www.redhat.com www.securityfocus.com www.trustix.org access.redhat.com exchange.xforce.ibmcloud.com lists.apache.org oval.cisecurity.org
LOW

CVE-2018-5709: krb5: integer overflow in dbentry->n_key_data in kadmin/dbutil/dump.c

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.

Package Name: libkadm5srv-mit12
Installed Version: 1.18.3-6+deb11u1
Fixed Version:

References: access.redhat.com github.com lists.apache.org
LOW

CVE-2004-0971: security flaw

The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.

Package Name: libkdb5-10
Installed Version: 1.18.3-6+deb11u1
Fixed Version:

References: bugzilla.redhat.com www.gentoo.org www.redhat.com www.securityfocus.com www.trustix.org access.redhat.com exchange.xforce.ibmcloud.com lists.apache.org oval.cisecurity.org
LOW

CVE-2018-5709: krb5: integer overflow in dbentry->n_key_data in kadmin/dbutil/dump.c

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.

Package Name: libkdb5-10
Installed Version: 1.18.3-6+deb11u1
Fixed Version:

References: access.redhat.com github.com lists.apache.org
LOW

CVE-2004-0971: security flaw

The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.

Package Name: libkrb5-3
Installed Version: 1.18.3-6+deb11u1
Fixed Version:

References: bugzilla.redhat.com www.gentoo.org www.redhat.com www.securityfocus.com www.trustix.org access.redhat.com exchange.xforce.ibmcloud.com lists.apache.org oval.cisecurity.org
LOW

CVE-2018-5709: krb5: integer overflow in dbentry->n_key_data in kadmin/dbutil/dump.c

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.

Package Name: libkrb5-3
Installed Version: 1.18.3-6+deb11u1
Fixed Version:

References: access.redhat.com github.com lists.apache.org
LOW

CVE-2004-0971: security flaw

The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.

Package Name: libkrb5-dev
Installed Version: 1.18.3-6+deb11u1
Fixed Version:

References: bugzilla.redhat.com www.gentoo.org www.redhat.com www.securityfocus.com www.trustix.org access.redhat.com exchange.xforce.ibmcloud.com lists.apache.org oval.cisecurity.org
LOW

CVE-2018-5709: krb5: integer overflow in dbentry->n_key_data in kadmin/dbutil/dump.c

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.

Package Name: libkrb5-dev
Installed Version: 1.18.3-6+deb11u1
Fixed Version:

References: access.redhat.com github.com lists.apache.org
LOW

CVE-2004-0971: security flaw

The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.

Package Name: libkrb5support0
Installed Version: 1.18.3-6+deb11u1
Fixed Version:

References: bugzilla.redhat.com www.gentoo.org www.redhat.com www.securityfocus.com www.trustix.org access.redhat.com exchange.xforce.ibmcloud.com lists.apache.org oval.cisecurity.org
LOW

CVE-2018-5709: krb5: integer overflow in dbentry->n_key_data in kadmin/dbutil/dump.c

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.

Package Name: libkrb5support0
Installed Version: 1.18.3-6+deb11u1
Fixed Version:

References: access.redhat.com github.com lists.apache.org
LOW

CVE-2015-3276: openldap: incorrect multi-keyword mode cipherstring parsing

The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.

Package Name: libldap-2.4-2
Installed Version: 2.4.57+dfsg-3+deb11u1
Fixed Version:

References: rhn.redhat.com www.oracle.com www.securitytracker.com access.redhat.com bugzilla.redhat.com linux.oracle.com linux.oracle.com nvd.nist.gov
LOW

CVE-2017-14159: openldap: Privilege escalation via PID file manipulation

slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by openldap-initscript.

Package Name: libldap-2.4-2
Installed Version: 2.4.57+dfsg-3+deb11u1
Fixed Version:

References: www.openldap.org access.redhat.com www.oracle.com
LOW

CVE-2017-17740: openldap: contrib/slapd-modules/nops/nops.c attempts to free stack buffer allowing remote attackers to cause a denial of service

contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.

Package Name: libldap-2.4-2
Installed Version: 2.4.57+dfsg-3+deb11u1
Fixed Version:

References: lists.opensuse.org lists.opensuse.org www.openldap.org access.redhat.com kc.mcafee.com www.oracle.com
LOW

CVE-2020-15719: openldap: Certificate validation incorrectly matches name against CN-ID

libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.

Package Name: libldap-2.4-2
Installed Version: 2.4.57+dfsg-3+deb11u1
Fixed Version:

References: lists.opensuse.org lists.opensuse.org access.redhat.com access.redhat.com bugs.openldap.org bugzilla.redhat.com kc.mcafee.com www.oracle.com
LOW

CVE-2005-0406: A design flaw in image processing software that modifies JPEG images m ...

A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image.

Package Name: libmagickcore-6-arch-config
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: seclists.org www.redteam-pentesting.de
LOW

CVE-2008-3134: GraphicsMagick/ImageMagick: multiple crash or DoS issues

Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, and (9) TGA decoder readers; and (b) the GetImageCharacteristics function in magick/image.c, as reachable from a crafted (10) PNG, (11) JPEG, (12) BMP, or (13) TIFF file.

Package Name: libmagickcore-6-arch-config
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: lists.opensuse.org secunia.com secunia.com sourceforge.net sourceforge.net www.securityfocus.com www.securitytracker.com www.vupen.com access.redhat.com exchange.xforce.ibmcloud.com exchange.xforce.ibmcloud.com
LOW

CVE-2016-8678: ImageMagick: Heap-buffer overflow in IsPixelMonochrome

The IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted file. NOTE: the vendor says "This is a Q64 issue and we do not support Q64."

Package Name: libmagickcore-6-arch-config
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: www.openwall.com www.openwall.com www.securityfocus.com access.redhat.com bugzilla.redhat.com github.com
LOW

CVE-2017-11754: ImageMagick: Memory leak in WritePICONImage function

The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an OpenPixelCache call.

Package Name: libmagickcore-6-arch-config
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com github.com
LOW

CVE-2017-11755: ImageMagick: Memory leak in WritePICONImage function via mishandled AcquireSemaphoreInfo call

The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an AcquireSemaphoreInfo call.

Package Name: libmagickcore-6-arch-config
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com github.com
LOW

CVE-2017-7275: ImageMagick: Memory allocation failure in AcquireMagickMemory (incomplete fix for CVE-2016-8866)

The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862 and CVE-2016-8866.

Package Name: libmagickcore-6-arch-config
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: www.securityfocus.com access.redhat.com blogs.gentoo.org github.com
LOW

CVE-2018-15607: ImageMagick: CPU Exhaustion via crafted input file

In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.

Package Name: libmagickcore-6-arch-config
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: www.securityfocus.com access.redhat.com cve.mitre.org github.com linux.oracle.com linux.oracle.com ubuntu.com usn.ubuntu.com
LOW

CVE-2021-20311: ImageMagick: Division by zero in sRGBTransformImage() in MagickCore/colorspace.c

A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.

Package Name: libmagickcore-6-arch-config
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com
LOW

CVE-2005-0406: A design flaw in image processing software that modifies JPEG images m ...

A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image.

Package Name: libmagickcore-6-headers
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: seclists.org www.redteam-pentesting.de
LOW

CVE-2008-3134: GraphicsMagick/ImageMagick: multiple crash or DoS issues

Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, and (9) TGA decoder readers; and (b) the GetImageCharacteristics function in magick/image.c, as reachable from a crafted (10) PNG, (11) JPEG, (12) BMP, or (13) TIFF file.

Package Name: libmagickcore-6-headers
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: lists.opensuse.org secunia.com secunia.com sourceforge.net sourceforge.net www.securityfocus.com www.securitytracker.com www.vupen.com access.redhat.com exchange.xforce.ibmcloud.com exchange.xforce.ibmcloud.com
LOW

CVE-2016-8678: ImageMagick: Heap-buffer overflow in IsPixelMonochrome

The IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted file. NOTE: the vendor says "This is a Q64 issue and we do not support Q64."

Package Name: libmagickcore-6-headers
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: www.openwall.com www.openwall.com www.securityfocus.com access.redhat.com bugzilla.redhat.com github.com
LOW

CVE-2017-11754: ImageMagick: Memory leak in WritePICONImage function

The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an OpenPixelCache call.

Package Name: libmagickcore-6-headers
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com github.com
LOW

CVE-2017-11755: ImageMagick: Memory leak in WritePICONImage function via mishandled AcquireSemaphoreInfo call

The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an AcquireSemaphoreInfo call.

Package Name: libmagickcore-6-headers
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com github.com
LOW

CVE-2017-7275: ImageMagick: Memory allocation failure in AcquireMagickMemory (incomplete fix for CVE-2016-8866)

The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862 and CVE-2016-8866.

Package Name: libmagickcore-6-headers
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: www.securityfocus.com access.redhat.com blogs.gentoo.org github.com
LOW

CVE-2018-15607: ImageMagick: CPU Exhaustion via crafted input file

In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.

Package Name: libmagickcore-6-headers
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: www.securityfocus.com access.redhat.com cve.mitre.org github.com linux.oracle.com linux.oracle.com ubuntu.com usn.ubuntu.com
LOW

CVE-2021-20311: ImageMagick: Division by zero in sRGBTransformImage() in MagickCore/colorspace.c

A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.

Package Name: libmagickcore-6-headers
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com
LOW

CVE-2005-0406: A design flaw in image processing software that modifies JPEG images m ...

A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image.

Package Name: libmagickcore-6.q16-6
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: seclists.org www.redteam-pentesting.de
LOW

CVE-2008-3134: GraphicsMagick/ImageMagick: multiple crash or DoS issues

Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, and (9) TGA decoder readers; and (b) the GetImageCharacteristics function in magick/image.c, as reachable from a crafted (10) PNG, (11) JPEG, (12) BMP, or (13) TIFF file.

Package Name: libmagickcore-6.q16-6
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: lists.opensuse.org secunia.com secunia.com sourceforge.net sourceforge.net www.securityfocus.com www.securitytracker.com www.vupen.com access.redhat.com exchange.xforce.ibmcloud.com exchange.xforce.ibmcloud.com
LOW

CVE-2016-8678: ImageMagick: Heap-buffer overflow in IsPixelMonochrome

The IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted file. NOTE: the vendor says "This is a Q64 issue and we do not support Q64."

Package Name: libmagickcore-6.q16-6
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: www.openwall.com www.openwall.com www.securityfocus.com access.redhat.com bugzilla.redhat.com github.com
LOW

CVE-2017-11754: ImageMagick: Memory leak in WritePICONImage function

The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an OpenPixelCache call.

Package Name: libmagickcore-6.q16-6
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com github.com
LOW

CVE-2017-11755: ImageMagick: Memory leak in WritePICONImage function via mishandled AcquireSemaphoreInfo call

The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an AcquireSemaphoreInfo call.

Package Name: libmagickcore-6.q16-6
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com github.com
LOW

CVE-2017-7275: ImageMagick: Memory allocation failure in AcquireMagickMemory (incomplete fix for CVE-2016-8866)

The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862 and CVE-2016-8866.

Package Name: libmagickcore-6.q16-6
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: www.securityfocus.com access.redhat.com blogs.gentoo.org github.com
LOW

CVE-2018-15607: ImageMagick: CPU Exhaustion via crafted input file

In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.

Package Name: libmagickcore-6.q16-6
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: www.securityfocus.com access.redhat.com cve.mitre.org github.com linux.oracle.com linux.oracle.com ubuntu.com usn.ubuntu.com
LOW

CVE-2021-20311: ImageMagick: Division by zero in sRGBTransformImage() in MagickCore/colorspace.c

A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.

Package Name: libmagickcore-6.q16-6
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com
LOW

CVE-2005-0406: A design flaw in image processing software that modifies JPEG images m ...

A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image.

Package Name: libmagickcore-6.q16-6-extra
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: seclists.org www.redteam-pentesting.de
LOW

CVE-2008-3134: GraphicsMagick/ImageMagick: multiple crash or DoS issues

Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, and (9) TGA decoder readers; and (b) the GetImageCharacteristics function in magick/image.c, as reachable from a crafted (10) PNG, (11) JPEG, (12) BMP, or (13) TIFF file.

Package Name: libmagickcore-6.q16-6-extra
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: lists.opensuse.org secunia.com secunia.com sourceforge.net sourceforge.net www.securityfocus.com www.securitytracker.com www.vupen.com access.redhat.com exchange.xforce.ibmcloud.com exchange.xforce.ibmcloud.com
LOW

CVE-2016-8678: ImageMagick: Heap-buffer overflow in IsPixelMonochrome

The IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted file. NOTE: the vendor says "This is a Q64 issue and we do not support Q64."

Package Name: libmagickcore-6.q16-6-extra
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: www.openwall.com www.openwall.com www.securityfocus.com access.redhat.com bugzilla.redhat.com github.com
LOW

CVE-2017-11754: ImageMagick: Memory leak in WritePICONImage function

The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an OpenPixelCache call.

Package Name: libmagickcore-6.q16-6-extra
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com github.com
LOW

CVE-2017-11755: ImageMagick: Memory leak in WritePICONImage function via mishandled AcquireSemaphoreInfo call

The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an AcquireSemaphoreInfo call.

Package Name: libmagickcore-6.q16-6-extra
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com github.com
LOW

CVE-2017-7275: ImageMagick: Memory allocation failure in AcquireMagickMemory (incomplete fix for CVE-2016-8866)

The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862 and CVE-2016-8866.

Package Name: libmagickcore-6.q16-6-extra
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: www.securityfocus.com access.redhat.com blogs.gentoo.org github.com
LOW

CVE-2018-15607: ImageMagick: CPU Exhaustion via crafted input file

In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.

Package Name: libmagickcore-6.q16-6-extra
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: www.securityfocus.com access.redhat.com cve.mitre.org github.com linux.oracle.com linux.oracle.com ubuntu.com usn.ubuntu.com
LOW

CVE-2021-20311: ImageMagick: Division by zero in sRGBTransformImage() in MagickCore/colorspace.c

A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.

Package Name: libmagickcore-6.q16-6-extra
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com
LOW

CVE-2005-0406: A design flaw in image processing software that modifies JPEG images m ...

A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image.

Package Name: libmagickcore-6.q16-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: seclists.org www.redteam-pentesting.de
LOW

CVE-2008-3134: GraphicsMagick/ImageMagick: multiple crash or DoS issues

Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, and (9) TGA decoder readers; and (b) the GetImageCharacteristics function in magick/image.c, as reachable from a crafted (10) PNG, (11) JPEG, (12) BMP, or (13) TIFF file.

Package Name: libmagickcore-6.q16-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: lists.opensuse.org secunia.com secunia.com sourceforge.net sourceforge.net www.securityfocus.com www.securitytracker.com www.vupen.com access.redhat.com exchange.xforce.ibmcloud.com exchange.xforce.ibmcloud.com
LOW

CVE-2016-8678: ImageMagick: Heap-buffer overflow in IsPixelMonochrome

The IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted file. NOTE: the vendor says "This is a Q64 issue and we do not support Q64."

Package Name: libmagickcore-6.q16-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: www.openwall.com www.openwall.com www.securityfocus.com access.redhat.com bugzilla.redhat.com github.com
LOW

CVE-2017-11754: ImageMagick: Memory leak in WritePICONImage function

The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an OpenPixelCache call.

Package Name: libmagickcore-6.q16-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com github.com
LOW

CVE-2017-11755: ImageMagick: Memory leak in WritePICONImage function via mishandled AcquireSemaphoreInfo call

The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an AcquireSemaphoreInfo call.

Package Name: libmagickcore-6.q16-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com github.com
LOW

CVE-2017-7275: ImageMagick: Memory allocation failure in AcquireMagickMemory (incomplete fix for CVE-2016-8866)

The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862 and CVE-2016-8866.

Package Name: libmagickcore-6.q16-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: www.securityfocus.com access.redhat.com blogs.gentoo.org github.com
LOW

CVE-2018-15607: ImageMagick: CPU Exhaustion via crafted input file

In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.

Package Name: libmagickcore-6.q16-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: www.securityfocus.com access.redhat.com cve.mitre.org github.com linux.oracle.com linux.oracle.com ubuntu.com usn.ubuntu.com
LOW

CVE-2021-20311: ImageMagick: Division by zero in sRGBTransformImage() in MagickCore/colorspace.c

A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.

Package Name: libmagickcore-6.q16-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com
LOW

CVE-2005-0406: A design flaw in image processing software that modifies JPEG images m ...

A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image.

Package Name: libmagickcore-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: seclists.org www.redteam-pentesting.de
LOW

CVE-2008-3134: GraphicsMagick/ImageMagick: multiple crash or DoS issues

Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, and (9) TGA decoder readers; and (b) the GetImageCharacteristics function in magick/image.c, as reachable from a crafted (10) PNG, (11) JPEG, (12) BMP, or (13) TIFF file.

Package Name: libmagickcore-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: lists.opensuse.org secunia.com secunia.com sourceforge.net sourceforge.net www.securityfocus.com www.securitytracker.com www.vupen.com access.redhat.com exchange.xforce.ibmcloud.com exchange.xforce.ibmcloud.com
LOW

CVE-2016-8678: ImageMagick: Heap-buffer overflow in IsPixelMonochrome

The IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted file. NOTE: the vendor says "This is a Q64 issue and we do not support Q64."

Package Name: libmagickcore-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: www.openwall.com www.openwall.com www.securityfocus.com access.redhat.com bugzilla.redhat.com github.com
LOW

CVE-2017-11754: ImageMagick: Memory leak in WritePICONImage function

The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an OpenPixelCache call.

Package Name: libmagickcore-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com github.com
LOW

CVE-2017-11755: ImageMagick: Memory leak in WritePICONImage function via mishandled AcquireSemaphoreInfo call

The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an AcquireSemaphoreInfo call.

Package Name: libmagickcore-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com github.com
LOW

CVE-2017-7275: ImageMagick: Memory allocation failure in AcquireMagickMemory (incomplete fix for CVE-2016-8866)

The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862 and CVE-2016-8866.

Package Name: libmagickcore-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: www.securityfocus.com access.redhat.com blogs.gentoo.org github.com
LOW

CVE-2018-15607: ImageMagick: CPU Exhaustion via crafted input file

In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.

Package Name: libmagickcore-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: www.securityfocus.com access.redhat.com cve.mitre.org github.com linux.oracle.com linux.oracle.com ubuntu.com usn.ubuntu.com
LOW

CVE-2021-20311: ImageMagick: Division by zero in sRGBTransformImage() in MagickCore/colorspace.c

A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.

Package Name: libmagickcore-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com
LOW

CVE-2005-0406: A design flaw in image processing software that modifies JPEG images m ...

A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image.

Package Name: libmagickwand-6-headers
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: seclists.org www.redteam-pentesting.de
LOW

CVE-2008-3134: GraphicsMagick/ImageMagick: multiple crash or DoS issues

Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, and (9) TGA decoder readers; and (b) the GetImageCharacteristics function in magick/image.c, as reachable from a crafted (10) PNG, (11) JPEG, (12) BMP, or (13) TIFF file.

Package Name: libmagickwand-6-headers
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: lists.opensuse.org secunia.com secunia.com sourceforge.net sourceforge.net www.securityfocus.com www.securitytracker.com www.vupen.com access.redhat.com exchange.xforce.ibmcloud.com exchange.xforce.ibmcloud.com
LOW

CVE-2016-8678: ImageMagick: Heap-buffer overflow in IsPixelMonochrome

The IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted file. NOTE: the vendor says "This is a Q64 issue and we do not support Q64."

Package Name: libmagickwand-6-headers
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: www.openwall.com www.openwall.com www.securityfocus.com access.redhat.com bugzilla.redhat.com github.com
LOW

CVE-2017-11754: ImageMagick: Memory leak in WritePICONImage function

The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an OpenPixelCache call.

Package Name: libmagickwand-6-headers
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com github.com
LOW

CVE-2017-11755: ImageMagick: Memory leak in WritePICONImage function via mishandled AcquireSemaphoreInfo call

The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an AcquireSemaphoreInfo call.

Package Name: libmagickwand-6-headers
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com github.com
LOW

CVE-2017-7275: ImageMagick: Memory allocation failure in AcquireMagickMemory (incomplete fix for CVE-2016-8866)

The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862 and CVE-2016-8866.

Package Name: libmagickwand-6-headers
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: www.securityfocus.com access.redhat.com blogs.gentoo.org github.com
LOW

CVE-2018-15607: ImageMagick: CPU Exhaustion via crafted input file

In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.

Package Name: libmagickwand-6-headers
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: www.securityfocus.com access.redhat.com cve.mitre.org github.com linux.oracle.com linux.oracle.com ubuntu.com usn.ubuntu.com
LOW

CVE-2021-20311: ImageMagick: Division by zero in sRGBTransformImage() in MagickCore/colorspace.c

A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.

Package Name: libmagickwand-6-headers
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com
LOW

CVE-2005-0406: A design flaw in image processing software that modifies JPEG images m ...

A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image.

Package Name: libmagickwand-6.q16-6
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: seclists.org www.redteam-pentesting.de
LOW

CVE-2008-3134: GraphicsMagick/ImageMagick: multiple crash or DoS issues

Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, and (9) TGA decoder readers; and (b) the GetImageCharacteristics function in magick/image.c, as reachable from a crafted (10) PNG, (11) JPEG, (12) BMP, or (13) TIFF file.

Package Name: libmagickwand-6.q16-6
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: lists.opensuse.org secunia.com secunia.com sourceforge.net sourceforge.net www.securityfocus.com www.securitytracker.com www.vupen.com access.redhat.com exchange.xforce.ibmcloud.com exchange.xforce.ibmcloud.com
LOW

CVE-2016-8678: ImageMagick: Heap-buffer overflow in IsPixelMonochrome

The IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted file. NOTE: the vendor says "This is a Q64 issue and we do not support Q64."

Package Name: libmagickwand-6.q16-6
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: www.openwall.com www.openwall.com www.securityfocus.com access.redhat.com bugzilla.redhat.com github.com
LOW

CVE-2017-11754: ImageMagick: Memory leak in WritePICONImage function

The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an OpenPixelCache call.

Package Name: libmagickwand-6.q16-6
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com github.com
LOW

CVE-2017-11755: ImageMagick: Memory leak in WritePICONImage function via mishandled AcquireSemaphoreInfo call

The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an AcquireSemaphoreInfo call.

Package Name: libmagickwand-6.q16-6
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com github.com
LOW

CVE-2017-7275: ImageMagick: Memory allocation failure in AcquireMagickMemory (incomplete fix for CVE-2016-8866)

The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862 and CVE-2016-8866.

Package Name: libmagickwand-6.q16-6
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: www.securityfocus.com access.redhat.com blogs.gentoo.org github.com
LOW

CVE-2018-15607: ImageMagick: CPU Exhaustion via crafted input file

In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.

Package Name: libmagickwand-6.q16-6
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: www.securityfocus.com access.redhat.com cve.mitre.org github.com linux.oracle.com linux.oracle.com ubuntu.com usn.ubuntu.com
LOW

CVE-2021-20311: ImageMagick: Division by zero in sRGBTransformImage() in MagickCore/colorspace.c

A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.

Package Name: libmagickwand-6.q16-6
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com
LOW

CVE-2005-0406: A design flaw in image processing software that modifies JPEG images m ...

A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image.

Package Name: libmagickwand-6.q16-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: seclists.org www.redteam-pentesting.de
LOW

CVE-2008-3134: GraphicsMagick/ImageMagick: multiple crash or DoS issues

Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, and (9) TGA decoder readers; and (b) the GetImageCharacteristics function in magick/image.c, as reachable from a crafted (10) PNG, (11) JPEG, (12) BMP, or (13) TIFF file.

Package Name: libmagickwand-6.q16-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: lists.opensuse.org secunia.com secunia.com sourceforge.net sourceforge.net www.securityfocus.com www.securitytracker.com www.vupen.com access.redhat.com exchange.xforce.ibmcloud.com exchange.xforce.ibmcloud.com
LOW

CVE-2016-8678: ImageMagick: Heap-buffer overflow in IsPixelMonochrome

The IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted file. NOTE: the vendor says "This is a Q64 issue and we do not support Q64."

Package Name: libmagickwand-6.q16-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: www.openwall.com www.openwall.com www.securityfocus.com access.redhat.com bugzilla.redhat.com github.com
LOW

CVE-2017-11754: ImageMagick: Memory leak in WritePICONImage function

The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an OpenPixelCache call.

Package Name: libmagickwand-6.q16-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com github.com
LOW

CVE-2017-11755: ImageMagick: Memory leak in WritePICONImage function via mishandled AcquireSemaphoreInfo call

The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an AcquireSemaphoreInfo call.

Package Name: libmagickwand-6.q16-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com github.com
LOW

CVE-2017-7275: ImageMagick: Memory allocation failure in AcquireMagickMemory (incomplete fix for CVE-2016-8866)

The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862 and CVE-2016-8866.

Package Name: libmagickwand-6.q16-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: www.securityfocus.com access.redhat.com blogs.gentoo.org github.com
LOW

CVE-2018-15607: ImageMagick: CPU Exhaustion via crafted input file

In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.

Package Name: libmagickwand-6.q16-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: www.securityfocus.com access.redhat.com cve.mitre.org github.com linux.oracle.com linux.oracle.com ubuntu.com usn.ubuntu.com
LOW

CVE-2021-20311: ImageMagick: Division by zero in sRGBTransformImage() in MagickCore/colorspace.c

A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.

Package Name: libmagickwand-6.q16-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com
LOW

CVE-2005-0406: A design flaw in image processing software that modifies JPEG images m ...

A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image.

Package Name: libmagickwand-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: seclists.org www.redteam-pentesting.de
LOW

CVE-2008-3134: GraphicsMagick/ImageMagick: multiple crash or DoS issues

Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, and (9) TGA decoder readers; and (b) the GetImageCharacteristics function in magick/image.c, as reachable from a crafted (10) PNG, (11) JPEG, (12) BMP, or (13) TIFF file.

Package Name: libmagickwand-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: lists.opensuse.org secunia.com secunia.com sourceforge.net sourceforge.net www.securityfocus.com www.securitytracker.com www.vupen.com access.redhat.com exchange.xforce.ibmcloud.com exchange.xforce.ibmcloud.com
LOW

CVE-2016-8678: ImageMagick: Heap-buffer overflow in IsPixelMonochrome

The IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted file. NOTE: the vendor says "This is a Q64 issue and we do not support Q64."

Package Name: libmagickwand-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: www.openwall.com www.openwall.com www.securityfocus.com access.redhat.com bugzilla.redhat.com github.com
LOW

CVE-2017-11754: ImageMagick: Memory leak in WritePICONImage function

The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an OpenPixelCache call.

Package Name: libmagickwand-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com github.com
LOW

CVE-2017-11755: ImageMagick: Memory leak in WritePICONImage function via mishandled AcquireSemaphoreInfo call

The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an AcquireSemaphoreInfo call.

Package Name: libmagickwand-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com github.com
LOW

CVE-2017-7275: ImageMagick: Memory allocation failure in AcquireMagickMemory (incomplete fix for CVE-2016-8866)

The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862 and CVE-2016-8866.

Package Name: libmagickwand-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: www.securityfocus.com access.redhat.com blogs.gentoo.org github.com
LOW

CVE-2018-15607: ImageMagick: CPU Exhaustion via crafted input file

In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.

Package Name: libmagickwand-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: www.securityfocus.com access.redhat.com cve.mitre.org github.com linux.oracle.com linux.oracle.com ubuntu.com usn.ubuntu.com
LOW

CVE-2021-20311: ImageMagick: Division by zero in sRGBTransformImage() in MagickCore/colorspace.c

A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.

Package Name: libmagickwand-dev
Installed Version: 8:6.9.11.60+dfsg-1.3
Fixed Version:

References: access.redhat.com bugzilla.redhat.com
LOW

CVE-2022-0563: util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline

A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.

Package Name: libmount-dev
Installed Version: 2.36.1-8+deb11u1
Fixed Version:

References: access.redhat.com lore.kernel.org nvd.nist.gov security.netapp.com
LOW

CVE-2022-0563: util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline

A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.

Package Name: libmount1
Installed Version: 2.36.1-8+deb11u1
Fixed Version:

References: access.redhat.com lore.kernel.org nvd.nist.gov security.netapp.com
LOW

CVE-2021-39537: ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.c

An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.

Package Name: libncurses-dev
Installed Version: 6.2+20201114-2
Fixed Version:

References: cvsweb.netbsd.org access.redhat.com cve.mitre.org lists.gnu.org lists.gnu.org nvd.nist.gov ubuntu.com
LOW

CVE-2021-39537: ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.c

An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.

Package Name: libncurses5-dev
Installed Version: 6.2+20201114-2
Fixed Version:

References: cvsweb.netbsd.org access.redhat.com cve.mitre.org lists.gnu.org lists.gnu.org nvd.nist.gov ubuntu.com
LOW

CVE-2021-39537: ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.c

An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.

Package Name: libncurses6
Installed Version: 6.2+20201114-2
Fixed Version:

References: cvsweb.netbsd.org access.redhat.com cve.mitre.org lists.gnu.org lists.gnu.org nvd.nist.gov ubuntu.com
LOW

CVE-2021-39537: ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.c

An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.

Package Name: libncursesw5-dev
Installed Version: 6.2+20201114-2
Fixed Version:

References: cvsweb.netbsd.org access.redhat.com cve.mitre.org lists.gnu.org lists.gnu.org nvd.nist.gov ubuntu.com
LOW

CVE-2021-39537: ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.c

An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.

Package Name: libncursesw6
Installed Version: 6.2+20201114-2
Fixed Version:

References: cvsweb.netbsd.org access.redhat.com cve.mitre.org lists.gnu.org lists.gnu.org nvd.nist.gov ubuntu.com
LOW

CVE-2017-14988: OpenEXR: Excessive memory allocation in Header::readfrom

** DISPUTED ** Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file that is accessed with the ImfOpenInputFile function in IlmImf/ImfCRgbaFile.cpp. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid.

Package Name: libopenexr-dev
Installed Version: 2.5.4-2
Fixed Version:

References: lists.opensuse.org access.redhat.com github.com
LOW

CVE-2021-26945: OpenEXR: Integer-overflow in bool Imf_2_5::readDeepTile<Imf_2_5::DeepTiledInputPart>

An integer overflow leading to a heap-buffer overflow was found in OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.

Package Name: libopenexr-dev
Installed Version: 2.5.4-2
Fixed Version:

References: access.redhat.com bugzilla.redhat.com
LOW

CVE-2017-14988: OpenEXR: Excessive memory allocation in Header::readfrom

** DISPUTED ** Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file that is accessed with the ImfOpenInputFile function in IlmImf/ImfCRgbaFile.cpp. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid.

Package Name: libopenexr25
Installed Version: 2.5.4-2
Fixed Version:

References: lists.opensuse.org access.redhat.com github.com
LOW

CVE-2021-26945: OpenEXR: Integer-overflow in bool Imf_2_5::readDeepTile<Imf_2_5::DeepTiledInputPart>

An integer overflow leading to a heap-buffer overflow was found in OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.

Package Name: libopenexr25
Installed Version: 2.5.4-2
Fixed Version:

References: access.redhat.com bugzilla.redhat.com
LOW

CVE-2016-10505: openjpeg: NULL pointer dereference in imagetopnm function in convert.c

NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.

Package Name: libopenjp2-7
Installed Version: 2.4.0-3
Fixed Version:

References: access.redhat.com github.com github.com github.com github.com security.gentoo.org
LOW

CVE-2016-10506: openjpeg: Division by zero in functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c

Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.

Package Name: libopenjp2-7
Installed Version: 2.4.0-3
Fixed Version:

References: www.securityfocus.com access.redhat.com github.com github.com github.com github.com github.com github.com github.com security.gentoo.org
LOW

CVE-2016-9113: CVE-2016-9114 CVE-2016-9115 CVE-2016-9116 CVE-2016-9117 CVE-2016-9118 openjpeg2: Multiple security issues

There is a NULL pointer dereference in function imagetobmp of convertbmp.c:980 of OpenJPEG 2.1.2. image->comps[0].data is not assigned a value after initialization(NULL). Impact is Denial of Service.

Package Name: libopenjp2-7
Installed Version: 2.4.0-3
Fixed Version:

References: www.securityfocus.com access.redhat.com github.com security.gentoo.org
LOW

CVE-2016-9114: CVE-2016-9113 CVE-2016-9114 CVE-2016-9115 CVE-2016-9116 CVE-2016-9117 CVE-2016-9118 openjpeg2: Multiple security issues

There is a NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) of OpenJPEG 2.1.2. image->comps[compno].data is not assigned a value after initialization(NULL). Impact is Denial of Service.

Package Name: libopenjp2-7
Installed Version: 2.4.0-3
Fixed Version:

References: www.securityfocus.com access.redhat.com github.com security.gentoo.org
LOW

CVE-2016-9115: CVE-2016-9113 CVE-2016-9114 CVE-2016-9115 CVE-2016-9116 CVE-2016-9117 CVE-2016-9118 openjpeg2: Multiple security issues

Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.

Package Name: libopenjp2-7
Installed Version: 2.4.0-3
Fixed Version:

References: www.securityfocus.com access.redhat.com github.com security.gentoo.org
LOW

CVE-2016-9116: CVE-2016-9113 CVE-2016-9114 CVE-2016-9115 CVE-2016-9116 CVE-2016-9117 CVE-2016-9118 openjpeg2: Multiple security issues

NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.

Package Name: libopenjp2-7
Installed Version: 2.4.0-3
Fixed Version:

References: www.securityfocus.com access.redhat.com github.com security.gentoo.org
LOW

CVE-2016-9117: CVE-2016-9113 CVE-2016-9114 CVE-2016-9115 CVE-2016-9116 CVE-2016-9117 CVE-2016-9118 openjpeg2: Multiple security issues

NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.

Package Name: libopenjp2-7
Installed Version: 2.4.0-3
Fixed Version:

References: www.securityfocus.com access.redhat.com github.com security.gentoo.org
LOW

CVE-2016-9580: openjpeg2: Integer overflow in tiftoimage causes heap buffer overflow

An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow.

Package Name: libopenjp2-7
Installed Version: 2.4.0-3
Fixed Version:

References: www.securityfocus.com access.redhat.com bugzilla.redhat.com github.com github.com security.gentoo.org
LOW

CVE-2016-9581: openjpeg2: Infinite loop in tiftoimage resulting into heap buffer overflow in convert_32s_C1P1

An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2.

Package Name: libopenjp2-7
Installed Version: 2.4.0-3
Fixed Version:

References: www.securityfocus.com access.redhat.com bugzilla.redhat.com github.com github.com security.gentoo.org
LOW

CVE-2017-17479: openjpeg: Stack-buffer overflow in the pgxtoimage function

In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtoimage function in jpwl/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.

Package Name: libopenjp2-7
Installed Version: 2.4.0-3
Fixed Version:

References: access.redhat.com cve.mitre.org github.com
LOW

CVE-2018-16375: openjpeg: Heap-based buffer overflow in pnmtoimage function in bin/jpwl/convert.c

An issue was discovered in OpenJPEG 2.3.0. Missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c can lead to a heap-based buffer overflow.

Package Name: libopenjp2-7
Installed Version: 2.4.0-3
Fixed Version:

References: www.securityfocus.com access.redhat.com github.com
LOW

CVE-2018-16376: openjpeg: Heap-based buffer overflow in function t2_encode_packet in src/lib/openmj2/t2.c

An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the function t2_encode_packet in lib/openmj2/t2.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact.

Package Name: libopenjp2-7
Installed Version: 2.4.0-3
Fixed Version:

References: www.securityfocus.com access.redhat.com github.com
LOW

CVE-2018-20846: openjpeg: out-of-bounds read in functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c leads to denial of service

Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).

Package Name: libopenjp2-7
Installed Version: 2.4.0-3
Fixed Version:

References: www.securityfocus.com access.redhat.com github.com
LOW

CVE-2019-6988: openjpeg: DoS via memory exhaustion in opj_decompress

An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a denial of service (attempted excessive memory allocation) in opj_calloc in openjp2/opj_malloc.c, when called from opj_tcd_init_tile in openjp2/tcd.c, as demonstrated by the 64-bit opj_decompress.

Package Name: libopenjp2-7
Installed Version: 2.4.0-3
Fixed Version:

References: www.securityfocus.com access.redhat.com cve.mitre.org github.com
LOW

CVE-2016-10505: openjpeg: NULL pointer dereference in imagetopnm function in convert.c

NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.

Package Name: libopenjp2-7-dev
Installed Version: 2.4.0-3
Fixed Version:

References: access.redhat.com github.com github.com github.com github.com security.gentoo.org
LOW

CVE-2016-10506: openjpeg: Division by zero in functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c

Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.

Package Name: libopenjp2-7-dev
Installed Version: 2.4.0-3
Fixed Version:

References: www.securityfocus.com access.redhat.com github.com github.com github.com github.com github.com github.com github.com security.gentoo.org
LOW

CVE-2016-9113: CVE-2016-9114 CVE-2016-9115 CVE-2016-9116 CVE-2016-9117 CVE-2016-9118 openjpeg2: Multiple security issues

There is a NULL pointer dereference in function imagetobmp of convertbmp.c:980 of OpenJPEG 2.1.2. image->comps[0].data is not assigned a value after initialization(NULL). Impact is Denial of Service.

Package Name: libopenjp2-7-dev
Installed Version: 2.4.0-3
Fixed Version:

References: www.securityfocus.com access.redhat.com github.com security.gentoo.org
LOW

CVE-2016-9114: CVE-2016-9113 CVE-2016-9114 CVE-2016-9115 CVE-2016-9116 CVE-2016-9117 CVE-2016-9118 openjpeg2: Multiple security issues

There is a NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) of OpenJPEG 2.1.2. image->comps[compno].data is not assigned a value after initialization(NULL). Impact is Denial of Service.

Package Name: libopenjp2-7-dev
Installed Version: 2.4.0-3
Fixed Version:

References: www.securityfocus.com access.redhat.com github.com security.gentoo.org
LOW

CVE-2016-9115: CVE-2016-9113 CVE-2016-9114 CVE-2016-9115 CVE-2016-9116 CVE-2016-9117 CVE-2016-9118 openjpeg2: Multiple security issues

Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.

Package Name: libopenjp2-7-dev
Installed Version: 2.4.0-3
Fixed Version:

References: www.securityfocus.com access.redhat.com github.com security.gentoo.org
LOW

CVE-2016-9116: CVE-2016-9113 CVE-2016-9114 CVE-2016-9115 CVE-2016-9116 CVE-2016-9117 CVE-2016-9118 openjpeg2: Multiple security issues

NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.

Package Name: libopenjp2-7-dev
Installed Version: 2.4.0-3
Fixed Version:

References: www.securityfocus.com access.redhat.com github.com security.gentoo.org
LOW

CVE-2016-9117: CVE-2016-9113 CVE-2016-9114 CVE-2016-9115 CVE-2016-9116 CVE-2016-9117 CVE-2016-9118 openjpeg2: Multiple security issues

NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.

Package Name: libopenjp2-7-dev
Installed Version: 2.4.0-3
Fixed Version:

References: www.securityfocus.com access.redhat.com github.com security.gentoo.org
LOW

CVE-2016-9580: openjpeg2: Integer overflow in tiftoimage causes heap buffer overflow

An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow.

Package Name: libopenjp2-7-dev
Installed Version: 2.4.0-3
Fixed Version:

References: www.securityfocus.com access.redhat.com bugzilla.redhat.com github.com github.com security.gentoo.org
LOW

CVE-2016-9581: openjpeg2: Infinite loop in tiftoimage resulting into heap buffer overflow in convert_32s_C1P1

An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2.

Package Name: libopenjp2-7-dev
Installed Version: 2.4.0-3
Fixed Version:

References: www.securityfocus.com access.redhat.com bugzilla.redhat.com github.com github.com security.gentoo.org
LOW

CVE-2017-17479: openjpeg: Stack-buffer overflow in the pgxtoimage function

In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtoimage function in jpwl/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.

Package Name: libopenjp2-7-dev
Installed Version: 2.4.0-3
Fixed Version:

References: access.redhat.com cve.mitre.org github.com
LOW

CVE-2018-16375: openjpeg: Heap-based buffer overflow in pnmtoimage function in bin/jpwl/convert.c

An issue was discovered in OpenJPEG 2.3.0. Missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c can lead to a heap-based buffer overflow.

Package Name: libopenjp2-7-dev
Installed Version: 2.4.0-3
Fixed Version:

References: www.securityfocus.com access.redhat.com github.com
LOW

CVE-2018-16376: openjpeg: Heap-based buffer overflow in function t2_encode_packet in src/lib/openmj2/t2.c

An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the function t2_encode_packet in lib/openmj2/t2.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact.

Package Name: libopenjp2-7-dev
Installed Version: 2.4.0-3
Fixed Version:

References: www.securityfocus.com access.redhat.com github.com
LOW

CVE-2018-20846: openjpeg: out-of-bounds read in functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c leads to denial of service

Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).

Package Name: libopenjp2-7-dev
Installed Version: 2.4.0-3
Fixed Version:

References: www.securityfocus.com access.redhat.com github.com
LOW

CVE-2019-6988: openjpeg: DoS via memory exhaustion in opj_decompress

An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a denial of service (attempted excessive memory allocation) in opj_calloc in openjp2/opj_malloc.c, when called from opj_tcd_init_tile in openjp2/tcd.c, as demonstrated by the 64-bit opj_decompress.

Package Name: libopenjp2-7-dev
Installed Version: 2.4.0-3
Fixed Version:

References: www.securityfocus.com access.redhat.com cve.mitre.org github.com
LOW

CVE-2017-11164: pcre: OP_KETRMAX feature in the match function in pcre_exec.c

In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.

Package Name: libpcre16-3
Installed Version: 2:8.39-13
Fixed Version:

References: openwall.com www.securityfocus.com access.redhat.com cve.mitre.org lists.apache.org
LOW

CVE-2017-16231: pcre: self-recursive call in match() in pcre_exec.c leads to denial of service

** DISPUTED ** In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is used.

Package Name: libpcre16-3
Installed Version: 2:8.39-13
Fixed Version:

References: packetstormsecurity.com seclists.org www.openwall.com www.openwall.com www.openwall.com www.openwall.com www.securityfocus.com access.redhat.com bugs.exim.org
LOW

CVE-2017-7245: pcre: stack-based buffer overflow write in pcre32_copy_substring

Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.

Package Name: libpcre16-3
Installed Version: 2:8.39-13
Fixed Version:

References: www.securityfocus.com access.redhat.com access.redhat.com blogs.gentoo.org security.gentoo.org
LOW

CVE-2017-7246: pcre: stack-based buffer overflow write in pcre32_copy_substring

Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.

Package Name: libpcre16-3
Installed Version: 2:8.39-13
Fixed Version:

References: www.securityfocus.com access.redhat.com access.redhat.com blogs.gentoo.org security.gentoo.org
LOW

CVE-2019-20838: pcre: Buffer over-read in JIT when UTF is disabled and \X or \R has fixed quantifier greater than 1

libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454.

Package Name: libpcre16-3
Installed Version: 2:8.39-13
Fixed Version:

References: seclists.org seclists.org access.redhat.com bugs.gentoo.org cve.mitre.org errata.almalinux.org linux.oracle.com linux.oracle.com lists.apache.org nvd.nist.gov support.apple.com support.apple.com ubuntu.com www.pcre.org
LOW

CVE-2017-11164: pcre: OP_KETRMAX feature in the match function in pcre_exec.c

In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.

Package Name: libpcre3
Installed Version: 2:8.39-13
Fixed Version:

References: openwall.com www.securityfocus.com access.redhat.com cve.mitre.org lists.apache.org
LOW

CVE-2017-16231: pcre: self-recursive call in match() in pcre_exec.c leads to denial of service

** DISPUTED ** In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is used.

Package Name: libpcre3
Installed Version: 2:8.39-13
Fixed Version:

References: packetstormsecurity.com seclists.org www.openwall.com www.openwall.com www.openwall.com www.openwall.com www.securityfocus.com access.redhat.com bugs.exim.org
LOW

CVE-2017-7245: pcre: stack-based buffer overflow write in pcre32_copy_substring

Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.

Package Name: libpcre3
Installed Version: 2:8.39-13
Fixed Version:

References: www.securityfocus.com access.redhat.com access.redhat.com blogs.gentoo.org security.gentoo.org
LOW

CVE-2017-7246: pcre: stack-based buffer overflow write in pcre32_copy_substring

Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.

Package Name: libpcre3
Installed Version: 2:8.39-13
Fixed Version:

References: www.securityfocus.com access.redhat.com access.redhat.com blogs.gentoo.org security.gentoo.org
LOW

CVE-2019-20838: pcre: Buffer over-read in JIT when UTF is disabled and \X or \R has fixed quantifier greater than 1

libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454.

Package Name: libpcre3
Installed Version: 2:8.39-13
Fixed Version:

References: seclists.org seclists.org access.redhat.com bugs.gentoo.org cve.mitre.org errata.almalinux.org linux.oracle.com linux.oracle.com lists.apache.org nvd.nist.gov support.apple.com support.apple.com ubuntu.com www.pcre.org
LOW

CVE-2017-11164: pcre: OP_KETRMAX feature in the match function in pcre_exec.c

In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.

Package Name: libpcre3-dev
Installed Version: 2:8.39-13
Fixed Version:

References: openwall.com www.securityfocus.com access.redhat.com cve.mitre.org lists.apache.org
LOW

CVE-2017-16231: pcre: self-recursive call in match() in pcre_exec.c leads to denial of service

** DISPUTED ** In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is used.

Package Name: libpcre3-dev
Installed Version: 2:8.39-13
Fixed Version:

References: packetstormsecurity.com seclists.org www.openwall.com www.openwall.com www.openwall.com www.openwall.com www.securityfocus.com access.redhat.com bugs.exim.org
LOW

CVE-2017-7245: pcre: stack-based buffer overflow write in pcre32_copy_substring

Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.

Package Name: libpcre3-dev
Installed Version: 2:8.39-13
Fixed Version:

References: www.securityfocus.com access.redhat.com access.redhat.com blogs.gentoo.org security.gentoo.org
LOW

CVE-2017-7246: pcre: stack-based buffer overflow write in pcre32_copy_substring

Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.

Package Name: libpcre3-dev
Installed Version: 2:8.39-13
Fixed Version:

References: www.securityfocus.com access.redhat.com access.redhat.com blogs.gentoo.org security.gentoo.org
LOW

CVE-2019-20838: pcre: Buffer over-read in JIT when UTF is disabled and \X or \R has fixed quantifier greater than 1

libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454.

Package Name: libpcre3-dev
Installed Version: 2:8.39-13
Fixed Version:

References: seclists.org seclists.org access.redhat.com bugs.gentoo.org cve.mitre.org errata.almalinux.org linux.oracle.com linux.oracle.com lists.apache.org nvd.nist.gov support.apple.com support.apple.com ubuntu.com www.pcre.org
LOW

CVE-2017-11164: pcre: OP_KETRMAX feature in the match function in pcre_exec.c

In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.

Package Name: libpcre32-3
Installed Version: 2:8.39-13
Fixed Version:

References: openwall.com www.securityfocus.com access.redhat.com cve.mitre.org lists.apache.org
LOW

CVE-2017-16231: pcre: self-recursive call in match() in pcre_exec.c leads to denial of service

** DISPUTED ** In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is used.

Package Name: libpcre32-3
Installed Version: 2:8.39-13
Fixed Version:

References: packetstormsecurity.com seclists.org www.openwall.com www.openwall.com www.openwall.com www.openwall.com www.securityfocus.com access.redhat.com bugs.exim.org
LOW

CVE-2017-7245: pcre: stack-based buffer overflow write in pcre32_copy_substring

Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.

Package Name: libpcre32-3
Installed Version: 2:8.39-13
Fixed Version:

References: www.securityfocus.com access.redhat.com access.redhat.com blogs.gentoo.org security.gentoo.org
LOW

CVE-2017-7246: pcre: stack-based buffer overflow write in pcre32_copy_substring

Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.

Package Name: libpcre32-3
Installed Version: 2:8.39-13
Fixed Version:

References: www.securityfocus.com access.redhat.com access.redhat.com blogs.gentoo.org security.gentoo.org
LOW

CVE-2019-20838: pcre: Buffer over-read in JIT when UTF is disabled and \X or \R has fixed quantifier greater than 1

libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454.

Package Name: libpcre32-3
Installed Version: 2:8.39-13
Fixed Version:

References: seclists.org seclists.org access.redhat.com bugs.gentoo.org cve.mitre.org errata.almalinux.org linux.oracle.com linux.oracle.com lists.apache.org nvd.nist.gov support.apple.com support.apple.com ubuntu.com www.pcre.org
LOW

CVE-2017-11164: pcre: OP_KETRMAX feature in the match function in pcre_exec.c

In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.

Package Name: libpcrecpp0v5
Installed Version: 2:8.39-13
Fixed Version:

References: openwall.com www.securityfocus.com access.redhat.com cve.mitre.org lists.apache.org
LOW

CVE-2017-16231: pcre: self-recursive call in match() in pcre_exec.c leads to denial of service

** DISPUTED ** In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is used.

Package Name: libpcrecpp0v5
Installed Version: 2:8.39-13
Fixed Version:

References: packetstormsecurity.com seclists.org www.openwall.com www.openwall.com www.openwall.com www.openwall.com www.securityfocus.com access.redhat.com bugs.exim.org
LOW

CVE-2017-7245: pcre: stack-based buffer overflow write in pcre32_copy_substring

Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.

Package Name: libpcrecpp0v5
Installed Version: 2:8.39-13
Fixed Version:

References: www.securityfocus.com access.redhat.com access.redhat.com blogs.gentoo.org security.gentoo.org
LOW

CVE-2017-7246: pcre: stack-based buffer overflow write in pcre32_copy_substring

Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.

Package Name: libpcrecpp0v5
Installed Version: 2:8.39-13
Fixed Version:

References: www.securityfocus.com access.redhat.com access.redhat.com blogs.gentoo.org security.gentoo.org
LOW

CVE-2019-20838: pcre: Buffer over-read in JIT when UTF is disabled and \X or \R has fixed quantifier greater than 1

libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454.

Package Name: libpcrecpp0v5
Installed Version: 2:8.39-13
Fixed Version:

References: seclists.org seclists.org access.redhat.com bugs.gentoo.org cve.mitre.org errata.almalinux.org linux.oracle.com linux.oracle.com lists.apache.org nvd.nist.gov support.apple.com support.apple.com ubuntu.com www.pcre.org
LOW

CVE-2011-4116: perl: File::Temp insecure temporary file handling

_is_safe in the File::Temp module for Perl does not properly handle symlinks.

Package Name: libperl5.32
Installed Version: 5.32.1-4+deb11u2
Fixed Version:

References: www.openwall.com www.openwall.com access.redhat.com github.com rt.cpan.org seclists.org
LOW

CVE-2019-6129: libpng: memory leak of png_info struct in pngcp.c

** DISPUTED ** png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. NOTE: a third party has stated "I don't think it is libpng's job to free this buffer."

Package Name: libpng-dev
Installed Version: 1.6.37-3
Fixed Version:

References: access.redhat.com github.com www.oracle.com
LOW

CVE-2021-4214: libpng: hardcoded value leads to heap-overflow

A heap overflow flaw was found in libpngs' pngimage.c program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the pngimage utility, causing an application to crash, leading to a denial of service.

Package Name: libpng-dev
Installed Version: 1.6.37-3
Fixed Version:

References: access.redhat.com
LOW

CVE-2019-6129: libpng: memory leak of png_info struct in pngcp.c

** DISPUTED ** png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. NOTE: a third party has stated "I don't think it is libpng's job to free this buffer."

Package Name: libpng16-16
Installed Version: 1.6.37-3
Fixed Version:

References: access.redhat.com github.com www.oracle.com
LOW

CVE-2021-4214: libpng: hardcoded value leads to heap-overflow

A heap overflow flaw was found in libpngs' pngimage.c program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the pngimage utility, causing an application to crash, leading to a denial of service.

Package Name: libpng16-16
Installed Version: 1.6.37-3
Fixed Version:

References: access.redhat.com
LOW

CVE-2020-27619: python: Unsafe use of eval() on data retrieved via HTTP in the test suite

In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.

Package Name: libpython3.9-minimal
Installed Version: 3.9.2-1
Fixed Version:

References: access.redhat.com bugs.python.org cve.mitre.org errata.almalinux.org github.com github.com github.com github.com github.com linux.oracle.com linux.oracle.com lists.apache.org lists.apache.org lists.apache.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com ubuntu.com ubuntu.com
LOW

CVE-2020-27619: python: Unsafe use of eval() on data retrieved via HTTP in the test suite

In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.

Package Name: libpython3.9-stdlib
Installed Version: 3.9.2-1
Fixed Version:

References: access.redhat.com bugs.python.org cve.mitre.org errata.almalinux.org github.com github.com github.com github.com github.com linux.oracle.com linux.oracle.com lists.apache.org lists.apache.org lists.apache.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com ubuntu.com ubuntu.com
LOW

CVE-2021-36084: libsepol: use-after-free in __cil_verify_classperms()

The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper).

Package Name: libsepol1
Installed Version: 3.1-1
Fixed Version:

References: access.redhat.com bugs.chromium.org cve.mitre.org errata.almalinux.org github.com github.com linux.oracle.com linux.oracle.com lists.fedoraproject.org ubuntu.com
LOW

CVE-2021-36085: libsepol: use-after-free in __cil_verify_classperms()

The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __verify_map_perm_classperms and hashtab_map).

Package Name: libsepol1
Installed Version: 3.1-1
Fixed Version:

References: access.redhat.com bugs.chromium.org cve.mitre.org errata.almalinux.org github.com github.com linux.oracle.com linux.oracle.com lists.fedoraproject.org ubuntu.com
LOW

CVE-2021-36086: libsepol: use-after-free in cil_reset_classpermission()

The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list).

Package Name: libsepol1
Installed Version: 3.1-1
Fixed Version:

References: access.redhat.com bugs.chromium.org cve.mitre.org errata.almalinux.org github.com github.com linux.oracle.com linux.oracle.com lists.fedoraproject.org ubuntu.com
LOW

CVE-2021-36087: libsepol: heap-based buffer overflow in ebitmap_match_any()

The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). This occurs because there is sometimes a lack of checks for invalid statements in an optional block.

Package Name: libsepol1
Installed Version: 3.1-1
Fixed Version:

References: access.redhat.com bugs.chromium.org cve.mitre.org errata.almalinux.org github.com github.com linux.oracle.com linux.oracle.com lists.fedoraproject.org lore.kernel.org ubuntu.com
LOW

CVE-2021-36084: libsepol: use-after-free in __cil_verify_classperms()

The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper).

Package Name: libsepol1-dev
Installed Version: 3.1-1
Fixed Version:

References: access.redhat.com bugs.chromium.org cve.mitre.org errata.almalinux.org github.com github.com linux.oracle.com linux.oracle.com lists.fedoraproject.org ubuntu.com
LOW

CVE-2021-36085: libsepol: use-after-free in __cil_verify_classperms()

The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __verify_map_perm_classperms and hashtab_map).

Package Name: libsepol1-dev
Installed Version: 3.1-1
Fixed Version:

References: access.redhat.com bugs.chromium.org cve.mitre.org errata.almalinux.org github.com github.com linux.oracle.com linux.oracle.com lists.fedoraproject.org ubuntu.com
LOW

CVE-2021-36086: libsepol: use-after-free in cil_reset_classpermission()

The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list).

Package Name: libsepol1-dev
Installed Version: 3.1-1
Fixed Version:

References: access.redhat.com bugs.chromium.org cve.mitre.org errata.almalinux.org github.com github.com linux.oracle.com linux.oracle.com lists.fedoraproject.org ubuntu.com
LOW

CVE-2021-36087: libsepol: heap-based buffer overflow in ebitmap_match_any()

The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). This occurs because there is sometimes a lack of checks for invalid statements in an optional block.

Package Name: libsepol1-dev
Installed Version: 3.1-1
Fixed Version:

References: access.redhat.com bugs.chromium.org cve.mitre.org errata.almalinux.org github.com github.com linux.oracle.com linux.oracle.com lists.fedoraproject.org lore.kernel.org ubuntu.com
LOW

CVE-2022-0563: util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline

A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.

Package Name: libsmartcols1
Installed Version: 2.36.1-8+deb11u1
Fixed Version:

References: access.redhat.com lore.kernel.org nvd.nist.gov security.netapp.com
LOW

CVE-2021-36690: ** DISPUTED ** A segmentation fault can occur in the sqlite3.exe comma ...

** DISPUTED ** A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g., is intentionally allowed to execute commands). This report does NOT imply any problem in the SQLite library.

Package Name: libsqlite3-0
Installed Version: 3.34.1-3
Fixed Version:

References: cve.mitre.org nvd.nist.gov ubuntu.com www.oracle.com www.sqlite.org
LOW

CVE-2021-36690: ** DISPUTED ** A segmentation fault can occur in the sqlite3.exe comma ...

** DISPUTED ** A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g., is intentionally allowed to execute commands). This report does NOT imply any problem in the SQLite library.

Package Name: libsqlite3-dev
Installed Version: 3.34.1-3
Fixed Version:

References: cve.mitre.org nvd.nist.gov ubuntu.com www.oracle.com www.sqlite.org
LOW

CVE-2007-6755: Dual_EC_DRBG: weak pseudo random number generator

The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.

Package Name: libssl-dev
Installed Version: 1.1.1n-0+deb11u3
Fixed Version:

References: arstechnica.com blog.cryptographyengineering.com blog.cryptographyengineering.com rump2007.cr.yp.to stream.wsj.com threatpost.com www.securityfocus.com access.redhat.com www.schneier.com
LOW

CVE-2010-0928: openssl: RSA authentication weakness

OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a "fault-based attack."

Package Name: libssl-dev
Installed Version: 1.1.1n-0+deb11u3
Fixed Version:

References: rdist.root.org www.eecs.umich.edu www.networkworld.com www.osvdb.org www.theregister.co.uk access.redhat.com exchange.xforce.ibmcloud.com
LOW

CVE-2007-6755: Dual_EC_DRBG: weak pseudo random number generator

The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.

Package Name: libssl1.1
Installed Version: 1.1.1n-0+deb11u3
Fixed Version:

References: arstechnica.com blog.cryptographyengineering.com blog.cryptographyengineering.com rump2007.cr.yp.to stream.wsj.com threatpost.com www.securityfocus.com access.redhat.com www.schneier.com
LOW

CVE-2010-0928: openssl: RSA authentication weakness

OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a "fault-based attack."

Package Name: libssl1.1
Installed Version: 1.1.1n-0+deb11u3
Fixed Version:

References: rdist.root.org www.eecs.umich.edu www.networkworld.com www.osvdb.org www.theregister.co.uk access.redhat.com exchange.xforce.ibmcloud.com
LOW

CVE-2013-4392: systemd: TOCTOU race condition when updating file permissions and SELinux security contexts

systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.

Package Name: libsystemd0
Installed Version: 247.3-7
Fixed Version:

References: bugs.debian.org www.openwall.com access.redhat.com bugzilla.redhat.com
LOW

CVE-2020-13529: systemd: DHCP FORCERENEW authentication not implemented can cause a system running the DHCP client to have its network reconfigured

An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.

Package Name: libsystemd0
Installed Version: 247.3-7
Fixed Version:

References: www.openwall.com www.openwall.com www.openwall.com access.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com lists.fedoraproject.org security.gentoo.org security.netapp.com talosintelligence.com ubuntu.com ubuntu.com
LOW

CVE-2014-8130: libtiff: divide by zero in the tiffdither tool

The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither.

Package Name: libtiff-dev
Installed Version: 4.2.0-1+deb11u1
Fixed Version:

References: bugzilla.maptools.org lists.apple.com lists.apple.com openwall.com rhn.redhat.com rhn.redhat.com support.apple.com support.apple.com www.conostix.com www.securityfocus.com www.securitytracker.com access.redhat.com bugzilla.redhat.com cve.mitre.org github.com linux.oracle.com linux.oracle.com security.gentoo.org ubuntu.com
LOW

CVE-2017-16232: libtiff: Memory leaks in tif_open.c, tif_lzw.c, and tif_aux.c

** DISPUTED ** LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue.

Package Name: libtiff-dev
Installed Version: 4.2.0-1+deb11u1
Fixed Version:

References: lists.opensuse.org lists.opensuse.org packetstormsecurity.com seclists.org seclists.org www.openwall.com www.openwall.com www.openwall.com www.openwall.com www.securityfocus.com access.redhat.com
LOW

CVE-2017-17973: libtiff: heap-based use after free in tiff2pdf.c:t2p_writeproc

** DISPUTED ** In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-party report of inability to reproduce this issue.

Package Name: libtiff-dev
Installed Version: 4.2.0-1+deb11u1
Fixed Version:

References: bugzilla.maptools.org www.securityfocus.com access.redhat.com bugzilla.novell.com bugzilla.redhat.com
LOW

CVE-2017-5563: libtiff: Heap-buffer overflow in LZWEncode tif_lzw.c

LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in DoS or code execution via a crafted bmp image to tools/bmp2tiff.

Package Name: libtiff-dev
Installed Version: 4.2.0-1+deb11u1
Fixed Version:

References: bugzilla.maptools.org www.securityfocus.com access.redhat.com cve.mitre.org security.gentoo.org ubuntu.com usn.ubuntu.com
LOW

CVE-2017-9117: libtiff: Heap-based buffer over-read in bmp2tiff

In LibTIFF 4.0.7, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, leading to a heap-based buffer over-read in bmp2tiff.

Package Name: libtiff-dev
Installed Version: 4.2.0-1+deb11u1
Fixed Version:

References: bugzilla.maptools.org www.securityfocus.com access.redhat.com cve.mitre.org ubuntu.com usn.ubuntu.com
LOW

CVE-2018-10126: libtiff: NULL pointer dereference in the jpeg_fdct_16x16 function in jfdctint.c

LibTIFF 4.0.9 has a NULL pointer dereference in the jpeg_fdct_16x16 function in jfdctint.c.

Package Name: libtiff-dev
Installed Version: 4.2.0-1+deb11u1
Fixed Version:

References: bugzilla.maptools.org access.redhat.com cve.mitre.org lists.apache.org
LOW

CVE-2022-1056: Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers ...

Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 46dc8fcd.

Package Name: libtiff-dev
Installed Version: 4.2.0-1+deb11u1
Fixed Version:

References: cve.mitre.org gitlab.com gitlab.com gitlab.com gitlab.com nvd.nist.gov
LOW

CVE-2022-1210: tiff: Malicious file leads to a denial of service in TIFF File Handler

A vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interaction. The exploit has been disclosed to the public and may be used.

Package Name: libtiff-dev
Installed Version: 4.2.0-1+deb11u1
Fixed Version:

References: access.redhat.com cve.mitre.org gitlab.com gitlab.com nvd.nist.gov security.netapp.com vuldb.com
LOW

CVE-2014-8130: libtiff: divide by zero in the tiffdither tool

The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither.

Package Name: libtiff5
Installed Version: 4.2.0-1+deb11u1
Fixed Version:

References: bugzilla.maptools.org lists.apple.com lists.apple.com openwall.com rhn.redhat.com rhn.redhat.com support.apple.com support.apple.com www.conostix.com www.securityfocus.com www.securitytracker.com access.redhat.com bugzilla.redhat.com cve.mitre.org github.com linux.oracle.com linux.oracle.com security.gentoo.org ubuntu.com
LOW

CVE-2017-16232: libtiff: Memory leaks in tif_open.c, tif_lzw.c, and tif_aux.c

** DISPUTED ** LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue.

Package Name: libtiff5
Installed Version: 4.2.0-1+deb11u1
Fixed Version:

References: lists.opensuse.org lists.opensuse.org packetstormsecurity.com seclists.org seclists.org www.openwall.com www.openwall.com www.openwall.com www.openwall.com www.securityfocus.com access.redhat.com
LOW

CVE-2017-17973: libtiff: heap-based use after free in tiff2pdf.c:t2p_writeproc

** DISPUTED ** In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-party report of inability to reproduce this issue.

Package Name: libtiff5
Installed Version: 4.2.0-1+deb11u1
Fixed Version:

References: bugzilla.maptools.org www.securityfocus.com access.redhat.com bugzilla.novell.com bugzilla.redhat.com
LOW

CVE-2017-5563: libtiff: Heap-buffer overflow in LZWEncode tif_lzw.c

LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in DoS or code execution via a crafted bmp image to tools/bmp2tiff.

Package Name: libtiff5
Installed Version: 4.2.0-1+deb11u1
Fixed Version:

References: bugzilla.maptools.org www.securityfocus.com access.redhat.com cve.mitre.org security.gentoo.org ubuntu.com usn.ubuntu.com
LOW

CVE-2017-9117: libtiff: Heap-based buffer over-read in bmp2tiff

In LibTIFF 4.0.7, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, leading to a heap-based buffer over-read in bmp2tiff.

Package Name: libtiff5
Installed Version: 4.2.0-1+deb11u1
Fixed Version:

References: bugzilla.maptools.org www.securityfocus.com access.redhat.com cve.mitre.org ubuntu.com usn.ubuntu.com
LOW

CVE-2018-10126: libtiff: NULL pointer dereference in the jpeg_fdct_16x16 function in jfdctint.c

LibTIFF 4.0.9 has a NULL pointer dereference in the jpeg_fdct_16x16 function in jfdctint.c.

Package Name: libtiff5
Installed Version: 4.2.0-1+deb11u1
Fixed Version:

References: bugzilla.maptools.org access.redhat.com cve.mitre.org lists.apache.org
LOW

CVE-2022-1056: Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers ...

Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 46dc8fcd.

Package Name: libtiff5
Installed Version: 4.2.0-1+deb11u1
Fixed Version:

References: cve.mitre.org gitlab.com gitlab.com gitlab.com gitlab.com nvd.nist.gov
LOW

CVE-2022-1210: tiff: Malicious file leads to a denial of service in TIFF File Handler

A vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interaction. The exploit has been disclosed to the public and may be used.

Package Name: libtiff5
Installed Version: 4.2.0-1+deb11u1
Fixed Version:

References: access.redhat.com cve.mitre.org gitlab.com gitlab.com nvd.nist.gov security.netapp.com vuldb.com
LOW

CVE-2014-8130: libtiff: divide by zero in the tiffdither tool

The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither.

Package Name: libtiffxx5
Installed Version: 4.2.0-1+deb11u1
Fixed Version:

References: bugzilla.maptools.org lists.apple.com lists.apple.com openwall.com rhn.redhat.com rhn.redhat.com support.apple.com support.apple.com www.conostix.com www.securityfocus.com www.securitytracker.com access.redhat.com bugzilla.redhat.com cve.mitre.org github.com linux.oracle.com linux.oracle.com security.gentoo.org ubuntu.com
LOW

CVE-2017-16232: libtiff: Memory leaks in tif_open.c, tif_lzw.c, and tif_aux.c

** DISPUTED ** LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue.

Package Name: libtiffxx5
Installed Version: 4.2.0-1+deb11u1
Fixed Version:

References: lists.opensuse.org lists.opensuse.org packetstormsecurity.com seclists.org seclists.org www.openwall.com www.openwall.com www.openwall.com www.openwall.com www.securityfocus.com access.redhat.com
LOW

CVE-2017-17973: libtiff: heap-based use after free in tiff2pdf.c:t2p_writeproc

** DISPUTED ** In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-party report of inability to reproduce this issue.

Package Name: libtiffxx5
Installed Version: 4.2.0-1+deb11u1
Fixed Version:

References: bugzilla.maptools.org www.securityfocus.com access.redhat.com bugzilla.novell.com bugzilla.redhat.com
LOW

CVE-2017-5563: libtiff: Heap-buffer overflow in LZWEncode tif_lzw.c

LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in DoS or code execution via a crafted bmp image to tools/bmp2tiff.

Package Name: libtiffxx5
Installed Version: 4.2.0-1+deb11u1
Fixed Version:

References: bugzilla.maptools.org www.securityfocus.com access.redhat.com cve.mitre.org security.gentoo.org ubuntu.com usn.ubuntu.com
LOW

CVE-2017-9117: libtiff: Heap-based buffer over-read in bmp2tiff

In LibTIFF 4.0.7, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, leading to a heap-based buffer over-read in bmp2tiff.

Package Name: libtiffxx5
Installed Version: 4.2.0-1+deb11u1
Fixed Version:

References: bugzilla.maptools.org www.securityfocus.com access.redhat.com cve.mitre.org ubuntu.com usn.ubuntu.com
LOW

CVE-2018-10126: libtiff: NULL pointer dereference in the jpeg_fdct_16x16 function in jfdctint.c

LibTIFF 4.0.9 has a NULL pointer dereference in the jpeg_fdct_16x16 function in jfdctint.c.

Package Name: libtiffxx5
Installed Version: 4.2.0-1+deb11u1
Fixed Version:

References: bugzilla.maptools.org access.redhat.com cve.mitre.org lists.apache.org
LOW

CVE-2022-1056: Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers ...

Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 46dc8fcd.

Package Name: libtiffxx5
Installed Version: 4.2.0-1+deb11u1
Fixed Version:

References: cve.mitre.org gitlab.com gitlab.com gitlab.com gitlab.com nvd.nist.gov
LOW

CVE-2022-1210: tiff: Malicious file leads to a denial of service in TIFF File Handler

A vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interaction. The exploit has been disclosed to the public and may be used.

Package Name: libtiffxx5
Installed Version: 4.2.0-1+deb11u1
Fixed Version:

References: access.redhat.com cve.mitre.org gitlab.com gitlab.com nvd.nist.gov security.netapp.com vuldb.com
LOW

CVE-2021-39537: ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.c

An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.

Package Name: libtinfo6
Installed Version: 6.2+20201114-2
Fixed Version:

References: cvsweb.netbsd.org access.redhat.com cve.mitre.org lists.gnu.org lists.gnu.org nvd.nist.gov ubuntu.com
LOW

CVE-2013-4392: systemd: TOCTOU race condition when updating file permissions and SELinux security contexts

systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.

Package Name: libudev1
Installed Version: 247.3-7
Fixed Version:

References: bugs.debian.org www.openwall.com access.redhat.com bugzilla.redhat.com
LOW

CVE-2020-13529: systemd: DHCP FORCERENEW authentication not implemented can cause a system running the DHCP client to have its network reconfigured

An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.

Package Name: libudev1
Installed Version: 247.3-7
Fixed Version:

References: www.openwall.com www.openwall.com www.openwall.com access.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com lists.fedoraproject.org security.gentoo.org security.netapp.com talosintelligence.com ubuntu.com ubuntu.com
LOW

CVE-2022-0563: util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline

A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.

Package Name: libuuid1
Installed Version: 2.36.1-8+deb11u1
Fixed Version:

References: access.redhat.com lore.kernel.org nvd.nist.gov security.netapp.com
LOW

CVE-2016-9085: libwebp: Several integer overflows

Multiple integer overflows in libwebp allows attackers to have unspecified impact via unknown vectors.

Package Name: libwebp-dev
Installed Version: 0.6.1-2.1
Fixed Version:

References: www.openwall.com www.securityfocus.com access.redhat.com bugzilla.redhat.com chromium.googlesource.com lists.apache.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org security.gentoo.org
LOW

CVE-2016-9085: libwebp: Several integer overflows

Multiple integer overflows in libwebp allows attackers to have unspecified impact via unknown vectors.

Package Name: libwebp6
Installed Version: 0.6.1-2.1
Fixed Version:

References: www.openwall.com www.securityfocus.com access.redhat.com bugzilla.redhat.com chromium.googlesource.com lists.apache.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org security.gentoo.org
LOW

CVE-2016-9085: libwebp: Several integer overflows

Multiple integer overflows in libwebp allows attackers to have unspecified impact via unknown vectors.

Package Name: libwebpdemux2
Installed Version: 0.6.1-2.1
Fixed Version:

References: www.openwall.com www.securityfocus.com access.redhat.com bugzilla.redhat.com chromium.googlesource.com lists.apache.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org security.gentoo.org
LOW

CVE-2016-9085: libwebp: Several integer overflows

Multiple integer overflows in libwebp allows attackers to have unspecified impact via unknown vectors.

Package Name: libwebpmux3
Installed Version: 0.6.1-2.1
Fixed Version:

References: www.openwall.com www.securityfocus.com access.redhat.com bugzilla.redhat.com chromium.googlesource.com lists.apache.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org security.gentoo.org
LOW

CVE-2007-3476: libgd Denial of service by corrupted GIF images

Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault.

Package Name: libwmf-dev
Installed Version: 0.2.8.4-17
Fixed Version:

References: ftp.slackware.com bugs.libgd.org fedoranews.org lists.fedoraproject.org lists.fedoraproject.org osvdb.org secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com security.gentoo.org security.gentoo.org security.gentoo.org www.debian.org www.libgd.org www.mandriva.com www.mandriva.com www.novell.com www.redhat.com www.redhat.com www.securityfocus.com www.securityfocus.com www.trustix.org www.vupen.com access.redhat.com bugzilla.redhat.com issues.rpath.com linux.oracle.com linux.oracle.com oval.cisecurity.org
LOW

CVE-2007-3477: gd: arc drawing functions can consume large amount of CPU time

The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allow attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value.

Package Name: libwmf-dev
Installed Version: 0.2.8.4-17
Fixed Version:

References: ftp.slackware.com bugs.libgd.org bugs.libgd.org fedoranews.org lists.fedoraproject.org lists.fedoraproject.org osvdb.org secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com security.gentoo.org security.gentoo.org security.gentoo.org www.debian.org www.libgd.org www.mandriva.com www.mandriva.com www.novell.com www.redhat.com www.securityfocus.com www.securityfocus.com www.trustix.org www.vupen.com access.redhat.com bugzilla.redhat.com issues.rpath.com
LOW

CVE-2007-3996: php multiple integer overflows in gd

Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH value to the (a) gdImageCopyResized function, or a large (3) sy (height) or (4) sx (width) value to the (b) gdImageCreate or the (c) gdImageCreateTrueColor function.

Package Name: libwmf-dev
Installed Version: 0.2.8.4-17
Fixed Version:

References: bugs.gentoo.org lists.opensuse.org rhn.redhat.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com security.gentoo.org securityreason.com secweb.se secweb.se support.avaya.com www.debian.org www.gentoo.org www.mandriva.com www.php.net www.php.net www.redhat.com www.redhat.com www.redhat.com www.trustix.org www.ubuntu.com www.vupen.com access.redhat.com exchange.xforce.ibmcloud.com exchange.xforce.ibmcloud.com issues.rpath.com issues.rpath.com linux.oracle.com linux.oracle.com oval.cisecurity.org www.redhat.com
LOW

CVE-2009-3546: gd: insufficient input validation in _gdGetColors()

The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information.

Package Name: libwmf-dev
Installed Version: 0.2.8.4-17
Fixed Version:

References: marc.info secunia.com secunia.com secunia.com svn.php.net www.mandriva.com www.openwall.com www.redhat.com www.securityfocus.com www.vupen.com www.vupen.com access.redhat.com linux.oracle.com linux.oracle.com oval.cisecurity.org
LOW

CVE-2007-3476: libgd Denial of service by corrupted GIF images

Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault.

Package Name: libwmf0.2-7
Installed Version: 0.2.8.4-17
Fixed Version:

References: ftp.slackware.com bugs.libgd.org fedoranews.org lists.fedoraproject.org lists.fedoraproject.org osvdb.org secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com security.gentoo.org security.gentoo.org security.gentoo.org www.debian.org www.libgd.org www.mandriva.com www.mandriva.com www.novell.com www.redhat.com www.redhat.com www.securityfocus.com www.securityfocus.com www.trustix.org www.vupen.com access.redhat.com bugzilla.redhat.com issues.rpath.com linux.oracle.com linux.oracle.com oval.cisecurity.org
LOW

CVE-2007-3477: gd: arc drawing functions can consume large amount of CPU time

The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allow attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value.

Package Name: libwmf0.2-7
Installed Version: 0.2.8.4-17
Fixed Version:

References: ftp.slackware.com bugs.libgd.org bugs.libgd.org fedoranews.org lists.fedoraproject.org lists.fedoraproject.org osvdb.org secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com security.gentoo.org security.gentoo.org security.gentoo.org www.debian.org www.libgd.org www.mandriva.com www.mandriva.com www.novell.com www.redhat.com www.securityfocus.com www.securityfocus.com www.trustix.org www.vupen.com access.redhat.com bugzilla.redhat.com issues.rpath.com
LOW

CVE-2007-3996: php multiple integer overflows in gd

Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH value to the (a) gdImageCopyResized function, or a large (3) sy (height) or (4) sx (width) value to the (b) gdImageCreate or the (c) gdImageCreateTrueColor function.

Package Name: libwmf0.2-7
Installed Version: 0.2.8.4-17
Fixed Version:

References: bugs.gentoo.org lists.opensuse.org rhn.redhat.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com security.gentoo.org securityreason.com secweb.se secweb.se support.avaya.com www.debian.org www.gentoo.org www.mandriva.com www.php.net www.php.net www.redhat.com www.redhat.com www.redhat.com www.trustix.org www.ubuntu.com www.vupen.com access.redhat.com exchange.xforce.ibmcloud.com exchange.xforce.ibmcloud.com issues.rpath.com issues.rpath.com linux.oracle.com linux.oracle.com oval.cisecurity.org www.redhat.com
LOW

CVE-2009-3546: gd: insufficient input validation in _gdGetColors()

The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information.

Package Name: libwmf0.2-7
Installed Version: 0.2.8.4-17
Fixed Version:

References: marc.info secunia.com secunia.com secunia.com svn.php.net www.mandriva.com www.openwall.com www.redhat.com www.securityfocus.com www.vupen.com www.vupen.com access.redhat.com linux.oracle.com linux.oracle.com oval.cisecurity.org
LOW

CVE-2015-9019: libxslt: math.random() in xslt uses unseeded randomness

In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs.

Package Name: libxslt1-dev
Installed Version: 1.1.34-4
Fixed Version:

References: access.redhat.com bugzilla.gnome.org bugzilla.suse.com cve.mitre.org
LOW

CVE-2015-9019: libxslt: math.random() in xslt uses unseeded randomness

In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs.

Package Name: libxslt1.1
Installed Version: 1.1.34-4
Fixed Version:

References: access.redhat.com bugzilla.gnome.org bugzilla.suse.com cve.mitre.org
LOW

CVE-2004-0230: TCP, when using a large Window Size, makes it easier for remote attack ...

TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: ftp.netbsd.org ftp.sco.com ftp.sco.com ftp.sco.com patches.sgi.com kb.juniper.net marc.info marc.info secunia.com secunia.com secunia.com www.cisco.com www.kb.cert.org www.oracle.com www.osvdb.org www.securityfocus.com www.securityfocus.com www.uniras.gov.uk www.us-cert.gov www.vupen.com docs.microsoft.com docs.microsoft.com exchange.xforce.ibmcloud.com kc.mcafee.com oval.cisecurity.org oval.cisecurity.org oval.cisecurity.org oval.cisecurity.org oval.cisecurity.org
LOW

CVE-2005-3660: Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service ...

Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service (memory exhaustion and panic) by creating a large number of connected file descriptors or socketpairs and setting a large data transfer buffer, then preventing Linux from being able to finish the transfer by causing the process to become a zombie, or closing the file descriptor without closing an associated reference.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: secunia.com securityreason.com securitytracker.com www.idefense.com www.securityfocus.com www.vupen.com exchange.xforce.ibmcloud.com
LOW

CVE-2007-3719: kernel: secretly Monopolizing the CPU Without Superuser Privileges

The process scheduler in the Linux kernel 2.6.16 gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges."

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: osvdb.org www.cs.huji.ac.il access.redhat.com
LOW

CVE-2008-2544: kernel: mounting proc readonly on a different mount point silently mounts it rw if the /proc mount is rw

Mounting /proc filesystem via chroot command silently mounts it in read-write mode. The user could bypass the chroot environment and gain write access to files, he would never have otherwise.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: access.redhat.com bugzilla.redhat.com
LOW

CVE-2008-4609: kernel: TCP protocol vulnerabilities from Outpost24

The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: blog.robertlee.name insecure.org lists.immunitysec.com marc.info searchsecurity.techtarget.com.au www.cisco.com www.cisco.com www.cpni.gov.uk www.mandriva.com www.oracle.com www.outpost24.com www.us-cert.gov access.redhat.com docs.microsoft.com nvd.nist.gov oval.cisecurity.org www.cert.fi
LOW

CVE-2010-4563: kernel: ipv6: sniffer detection

The Linux kernel, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: seclists.org seclists.org access.redhat.com nvd.nist.gov
LOW

CVE-2010-5321: kernel: v4l: videobuf: hotfix a bug on multiple calls to mmap()

Memory leak in drivers/media/video/videobuf-core.c in the videobuf subsystem in the Linux kernel 2.6.x through 4.x allows local users to cause a denial of service (memory consumption) by leveraging /dev/video access for a series of mmap calls that require new allocations, a different vulnerability than CVE-2007-6761. NOTE: as of 2016-06-18, this affects only 11 drivers that have not been updated to use videobuf2 instead of videobuf.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: linuxtv.org www.openwall.com access.redhat.com bugs.debian.org bugzilla.kernel.org bugzilla.redhat.com
LOW

CVE-2011-4915: fs/proc/base.c in the Linux kernel through 3.1 allows local users to o ...

fs/proc/base.c in the Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /proc/interrupts.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: git.kernel.org git.kernel.org people.canonical.com www.openwall.com lkml.org seclists.org security-tracker.debian.org vigilance.fr
LOW

CVE-2011-4916: Linux kernel through 3.1 allows local users to obtain sensitive keystr ...

Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /dev/pts/ and /dev/tty*.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: lkml.org www.openwall.com
LOW

CVE-2011-4917: In the Linux kernel through 3.1 there is an information disclosure iss ...

In the Linux kernel through 3.1 there is an information disclosure issue via /proc/stat.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: lkml.org www.openwall.com
LOW

CVE-2012-4542: kernel: block: default SCSI command filter does not accomodate commands overlap across device classes

block/scsi_ioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restrictions via an SG_IO ioctl call that leverages overlapping opcodes.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: marc.info marc.info rhn.redhat.com rhn.redhat.com rhn.redhat.com rhn.redhat.com access.redhat.com bugzilla.redhat.com linux.oracle.com linux.oracle.com oss.oracle.com
LOW

CVE-2014-9892: The snd_compr_tstamp function in sound/core/compress_offload.c in the ...

The snd_compr_tstamp function in sound/core/compress_offload.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize a timestamp data structure, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28770164 and Qualcomm internal bug CR568717.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: source.android.com www.securityfocus.com source.codeaurora.org
LOW

CVE-2014-9900: kernel: Info leak in uninitialized structure ethtool_wolinfo in ethtool_get_wol()

The ethtool_get_wol function in net/core/ethtool.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not initialize a certain data structure, which allows local users to obtain sensitive information via a crafted application, aka Android internal bug 28803952 and Qualcomm internal bug CR570754.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: source.android.com www.securityfocus.com access.redhat.com cve.mitre.org source.codeaurora.org ubuntu.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com
LOW

CVE-2015-2877: Kernel: Cross-VM ASL INtrospection (CAIN)

** DISPUTED ** Kernel Samepage Merging (KSM) in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection (CAIN) attack. NOTE: the vendor states "Basically if you care about this attack vector, disable deduplication." Share-until-written approaches for memory conservation among mutually untrusting tenants are inherently detectable for information disclosure, and can be classified as potentially misunderstood behaviors rather than vulnerabilities.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: www.antoniobarresi.com www.kb.cert.org www.securityfocus.com access.redhat.com bugzilla.redhat.com www.kb.cert.org www.kb.cert.org www.usenix.org
LOW

CVE-2016-10723: ** DISPUTED ** An issue was discovered in the Linux kernel through 4.1 ...

** DISPUTED ** An issue was discovered in the Linux kernel through 4.17.2. Since the page allocator does not yield CPU resources to the owner of the oom_lock mutex, a local unprivileged user can trivially lock up the system forever by wasting CPU resources from the page allocator (e.g., via concurrent page fault events) when the global OOM killer is invoked. NOTE: the software maintainer has not accepted certain proposed patches, in part because of a viewpoint that "the underlying problem is non-trivial to handle."

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: cve.mitre.org lore.kernel.org lore.kernel.org patchwork.kernel.org patchwork.kernel.org www.spinics.net
LOW

CVE-2016-8660: kernel: xfs: local DoS due to a page lock order bug in the XFS seek hole/data implementation

The XFS subsystem in the Linux kernel through 4.8.2 allows local users to cause a denial of service (fdatasync failure and system hang) by using the vfs syscall group in the trinity program, related to a "page lock order bug in the XFS seek hole/data implementation."

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: www.openwall.com www.securityfocus.com access.redhat.com bugzilla.redhat.com cve.mitre.org lore.kernel.org marc.info marc.info
LOW

CVE-2017-0630: kernel: Information disclosure vulnerability in kernel trace subsystem

An information disclosure vulnerability in the kernel trace subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34277115.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: www.securityfocus.com access.redhat.com source.android.com source.android.com
LOW

CVE-2017-13693: kernel: ACPI operand cache leak in dsutils.c

The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: www.securityfocus.com access.redhat.com cve.mitre.org github.com patchwork.kernel.org
LOW

CVE-2017-13694: kernel: ACPI node and node_ext cache leak

The acpi_ps_complete_final_op() function in drivers/acpi/acpica/psobject.c in the Linux kernel through 4.12.9 does not flush the node and node_ext caches and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: www.securityfocus.com access.redhat.com github.com patchwork.kernel.org
LOW

CVE-2018-1121: procps-ng, procps: process hiding through race condition enumerating /proc

procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower PID, thus avoiding enumeration. An unprivileged attacker can hide a process from procps-ng's utilities by exploiting a race condition in reading /proc/PID entries. This vulnerability affects procps and procps-ng up to version 3.3.15, newer versions might be affected also.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: seclists.org www.securityfocus.com access.redhat.com bugzilla.redhat.com cve.mitre.org www.exploit-db.com www.qualys.com
LOW

CVE-2018-12928: kernel: NULL pointer dereference in hfs_ext_read_extent in hfs.ko

In the Linux kernel 4.15.0, a NULL pointer dereference was discovered in hfs_ext_read_extent in hfs.ko. This can occur during a mount of a crafted hfs filesystem.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: www.securityfocus.com access.redhat.com bugs.launchpad.net cve.mitre.org groups.google.com lore.kernel.org marc.info
LOW

CVE-2018-17977: kernel: Mishandled interactions among XFRM Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets resulting in a denial of service

The Linux kernel 4.14.67 mishandles certain interaction among XFRM Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets, which allows local users to cause a denial of service (memory consumption and system hang) by leveraging root access to execute crafted applications, as demonstrated on CentOS 7.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: www.securityfocus.com access.redhat.com bugzilla.suse.com cve.mitre.org www.openwall.com
LOW

CVE-2019-11191: kernel: race condition in load_aout_binary() allows local users to bypass ASLR on setuid a.out programs

** DISPUTED ** The Linux kernel through 5.0.7, when CONFIG_IA32_AOUT is enabled and ia32_aout is loaded, allows local users to bypass ASLR on setuid a.out programs (if any exist) because install_exec_creds() is called too late in load_aout_binary() in fs/binfmt_aout.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat. NOTE: the software maintainer disputes that this is a vulnerability because ASLR for a.out format executables has never been supported.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: lists.opensuse.org www.openwall.com www.openwall.com www.securityfocus.com access.redhat.com cve.mitre.org ubuntu.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com www.openwall.com www.openwall.com
LOW

CVE-2019-12378: kernel: unchecked kmalloc of new_ra in ip6_ra_control leads to denial of service

** DISPUTED ** An issue was discovered in ip6_ra_control in net/ipv6/ipv6_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: This has been disputed as not an issue.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: www.securityfocus.com access.redhat.com git.kernel.org linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org lkml.org
LOW

CVE-2019-12379: kernel: memory leak in con_insert_unipair in drivers/tty/vt/consolemap.c

** DISPUTED ** An issue was discovered in con_insert_unipair in drivers/tty/vt/consolemap.c in the Linux kernel through 5.1.5. There is a memory leak in a certain case of an ENOMEM outcome of kmalloc. NOTE: This id is disputed as not being an issue.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: www.securityfocus.com access.redhat.com git.kernel.org git.kernel.org lists.fedoraproject.org lists.fedoraproject.org security.netapp.com
LOW

CVE-2019-12380: kernel: memory allocation failure in the efi subsystem leads to denial of service

**DISPUTED** An issue was discovered in the efi subsystem in the Linux kernel through 5.1.5. phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures. NOTE: This id is disputed as not being an issue because “All the code touched by the referenced commit runs only at boot, before any user processes are started. Therefore, there is no possibility for an unprivileged user to control it.”.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: lists.opensuse.org lists.opensuse.org lists.opensuse.org www.securityfocus.com access.redhat.com cve.mitre.org git.kernel.org linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org security.netapp.com ubuntu.com ubuntu.com ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com
LOW

CVE-2019-12381: kernel: unchecked kmalloc of new_ra in ip_ra_control leads to denial of service

** DISPUTED ** An issue was discovered in ip_ra_control in net/ipv4/ip_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: this is disputed because new_ra is never used if it is NULL.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: www.securityfocus.com access.redhat.com bugzilla.redhat.com git.kernel.org linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org lkml.org
LOW

CVE-2019-12382: kernel: unchecked kstrdup of fwstr in drm_load_edid_firmware leads to denial of service

** DISPUTED ** An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel through 5.1.5. There is an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: The vendor disputes this issues as not being a vulnerability because kstrdup() returning NULL is handled sufficiently and there is no chance for a NULL pointer dereference.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: lists.opensuse.org lists.opensuse.org lists.opensuse.org www.securityfocus.com access.redhat.com cgit.freedesktop.org linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org lkml.org lore.kernel.org salsa.debian.org
LOW

CVE-2019-12455: kernel: null pointer dereference in sunxi_divs_clk_setup in drivers/clk/sunxi/clk-sunxi.c causing denial of service

** DISPUTED ** An issue was discovered in sunxi_divs_clk_setup in drivers/clk/sunxi/clk-sunxi.c in the Linux kernel through 5.1.5. There is an unchecked kstrndup of derived_name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: This id is disputed as not being an issue because “The memory allocation that was not checked is part of a code that only runs at boot time, before user processes are started. Therefore, there is no possibility for an unprivileged user to control it, and no denial of service.”.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: access.redhat.com git.kernel.org lists.fedoraproject.org security.netapp.com www.mail-archive.com
LOW

CVE-2019-12456: kernel: double fetch in the MPT3COMMAND case in _ctl_ioctl_main in drivers/scsi/mpt3sas/mpt3sas_ctl.c

** DISPUTED ** An issue was discovered in the MPT3COMMAND case in _ctl_ioctl_main in drivers/scsi/mpt3sas/mpt3sas_ctl.c in the Linux kernel through 5.1.5. It allows local users to cause a denial of service or possibly have unspecified other impact by changing the value of ioc_number between two kernel reads of that value, aka a "double fetch" vulnerability. NOTE: a third party reports that this is unexploitable because the doubly fetched value is not used.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: lists.opensuse.org lists.opensuse.org lists.opensuse.org access.redhat.com bugzilla.redhat.com git.kernel.org lists.fedoraproject.org lists.fedoraproject.org lkml.org support.f5.com support.f5.com
LOW

CVE-2019-16229: kernel: null pointer dereference in drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c

** DISPUTED ** drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. NOTE: The security community disputes this issues as not being serious enough to be deserving a CVE id.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: access.redhat.com bugzilla.suse.com cve.mitre.org lkml.org security.netapp.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com
LOW

CVE-2019-16230: kernel: null pointer dereference in drivers/gpu/drm/radeon/radeon_display.c

** DISPUTED ** drivers/gpu/drm/radeon/radeon_display.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. NOTE: A third-party software maintainer states that the work queue allocation is happening during device initialization, which for a graphics card occurs during boot. It is not attacker controllable and OOM at that time is highly unlikely.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: access.redhat.com bugzilla.suse.com cve.mitre.org lkml.org security.netapp.com
LOW

CVE-2019-16231: kernel: null-pointer dereference in drivers/net/fjes/fjes_main.c

drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: lists.opensuse.org lists.opensuse.org access.redhat.com cve.mitre.org git.kernel.org linux.oracle.com linux.oracle.com lkml.org lore.kernel.org security.netapp.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com
LOW

CVE-2019-16232: kernel: null-pointer dereference in drivers/net/wireless/marvell/libertas/if_sdio.c

drivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: lists.opensuse.org lists.opensuse.org access.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org lkml.org security.netapp.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com
LOW

CVE-2019-16233: kernel: null pointer dereference in drivers/scsi/qla2xxx/qla_os.c

drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: lists.opensuse.org lists.opensuse.org access.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com lkml.org security.netapp.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com
LOW

CVE-2019-16234: kernel: null pointer dereference in drivers/net/wireless/intel/iwlwifi/pcie/trans.c

drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: lists.opensuse.org lists.opensuse.org access.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com lkml.org lore.kernel.org security.netapp.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com
LOW

CVE-2019-19070: kernel: A memory leak in the spi_gpio_probe() function in drivers/spi/spi-gpio.c allows for a DoS

** DISPUTED ** A memory leak in the spi_gpio_probe() function in drivers/spi/spi-gpio.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering devm_add_action_or_reset() failures, aka CID-d3b0ffa1d75d. NOTE: third parties dispute the relevance of this because the system must have already been out of memory before the probe began.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: access.redhat.com bugzilla.suse.com github.com lists.fedoraproject.org lists.fedoraproject.org
LOW

CVE-2020-11725: kernel: improper handling of private_size*count multiplication due to count=info->owner typo

** DISPUTED ** snd_ctl_elem_add in sound/core/control.c in the Linux kernel through 5.6.3 has a count=info->owner line, which later affects a private_size*count multiplication for unspecified "interesting side effects." NOTE: kernel engineers dispute this finding, because it could be relevant only if new callers were added that were unfamiliar with the misuse of the info->owner field to represent data unrelated to the "owner" concept. The existing callers, SNDRV_CTL_IOCTL_ELEM_ADD and SNDRV_CTL_IOCTL_ELEM_REPLACE, have been designed to misuse the info->owner field in a safe way.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: access.redhat.com cve.mitre.org github.com lore.kernel.org nvd.nist.gov twitter.com
LOW

CVE-2020-35501: kernel: audit not logging access to syscall open_by_handle_at for users with CAP_DAC_READ_SEARCH capability

A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystem

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org listman.redhat.com nvd.nist.gov www.openwall.com
LOW

CVE-2021-26934: An issue was discovered in the Linux kernel 4.18 through 5.10.16, as u ...

An issue was discovered in the Linux kernel 4.18 through 5.10.16, as used by Xen. The backend allocation (aka be-alloc) mode of the drm_xen_front drivers was not meant to be a supported configuration, but this wasn't stated accordingly in its support status entry.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: xenbits.xen.org cve.mitre.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com www.openwall.com xenbits.xen.org
LOW

CVE-2021-32078: kernel: out-of-bounds read in arch/arm/mach-footbridge/personal-pci.c due to improper input validation

An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/personal-pci.c in the Linux kernel through 5.12.11 because of the lack of a check for a value that shouldn't be negative, e.g., access to element -2 of an array, aka CID-298a58e165e4.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: access.redhat.com cve.mitre.org git.kernel.org git.kernel.org github.com kirtikumarar.com nvd.nist.gov security.netapp.com
LOW

CVE-2022-25265: kernel: Executable Space Protection Bypass

In the Linux kernel through 5.16.10, certain binary files may have the exec-all attribute if they were built in approximately 2003 (e.g., with GCC 3.2.2 and Linux kernel 2.4.20). This can cause execution of bytes located in supposedly non-executable regions of a file.

Package Name: linux-libc-dev
Installed Version: 5.10.127-1
Fixed Version:

References: access.redhat.com github.com github.com nvd.nist.gov security.netapp.com
LOW

CVE-2007-5686: initscripts in rPath Linux 1 sets insecure permissions for the /var/lo ...

initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.

Package Name: login
Installed Version: 1:4.8.1-1
Fixed Version:

References: secunia.com www.securityfocus.com www.securityfocus.com www.securityfocus.com www.vupen.com issues.rpath.com
LOW

CVE-2013-4235: shadow-utils: TOCTOU race conditions by copying and removing directory trees

shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees

Package Name: login
Installed Version: 1:4.8.1-1
Fixed Version:

References: access.redhat.com access.redhat.com bugzilla.redhat.com cve.mitre.org lists.apache.org security-tracker.debian.org
LOW

CVE-2019-19882: shadow-utils: local users can obtain root access because setuid programs are misconfigured

shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affects shadow 4.8 when compiled using --with-libpam but without explicitly passing --disable-account-tools-setuid, and without a PAM configuration suitable for use with setuid account management tools. This combination leads to account management tools (groupadd, groupdel, groupmod, useradd, userdel, usermod) that can easily be used by unprivileged local users to escalate privileges to root in multiple ways. This issue became much more relevant in approximately December 2019 when an unrelated bug was fixed (i.e., the chmod calls to suidusbins were fixed in the upstream Makefile which is now included in the release version 4.8).

Package Name: login
Installed Version: 1:4.8.1-1
Fixed Version:

References: access.redhat.com bugs.archlinux.org bugs.gentoo.org github.com github.com github.com security.gentoo.org
LOW

CVE-2008-1687: m4: unquoted output of maketemp and mkstemp

The (1) maketemp and (2) mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion, leading to unspecified use of an incorrect filename.

Package Name: m4
Installed Version: 1.4.18-5
Fixed Version:

References: secunia.com secunia.com slackware.com www.openwall.com www.openwall.com www.openwall.com www.openwall.com www.securityfocus.com www.vupen.com access.redhat.com exchange.xforce.ibmcloud.com
LOW

CVE-2008-1688: m4: code execution via -F argument

Unspecified vulnerability in GNU m4 before 1.4.11 might allow context-dependent attackers to execute arbitrary code, related to improper handling of filenames specified with the -F option. NOTE: it is not clear when this issue crosses privilege boundaries.

Package Name: m4
Installed Version: 1.4.18-5
Fixed Version:

References: osvdb.org secunia.com secunia.com slackware.com www.openwall.com www.openwall.com www.securityfocus.com www.vupen.com access.redhat.com exchange.xforce.ibmcloud.com
LOW

CVE-2022-0563: util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline

A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.

Package Name: mount
Installed Version: 2.36.1-8+deb11u1
Fixed Version:

References: access.redhat.com lore.kernel.org nvd.nist.gov security.netapp.com
LOW

CVE-2021-39537: ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.c

An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.

Package Name: ncurses-base
Installed Version: 6.2+20201114-2
Fixed Version:

References: cvsweb.netbsd.org access.redhat.com cve.mitre.org lists.gnu.org lists.gnu.org nvd.nist.gov ubuntu.com
LOW

CVE-2021-39537: ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.c

An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.

Package Name: ncurses-bin
Installed Version: 6.2+20201114-2
Fixed Version:

References: cvsweb.netbsd.org access.redhat.com cve.mitre.org lists.gnu.org lists.gnu.org nvd.nist.gov ubuntu.com
LOW

CVE-2007-2243: OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabl ...

OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483.

Package Name: openssh-client
Installed Version: 1:8.4p1-5+deb11u1
Fixed Version:

References: lists.grok.org.uk lists.grok.org.uk securityreason.com www.osvdb.org www.securityfocus.com exchange.xforce.ibmcloud.com security.netapp.com
LOW

CVE-2007-2768: OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, a ...

OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243.

Package Name: openssh-client
Installed Version: 1:8.4p1-5+deb11u1
Fixed Version:

References: archives.neohapsis.com www.osvdb.org nvd.nist.gov security.netapp.com
LOW

CVE-2008-3234: sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapsh ...

sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username.

Package Name: openssh-client
Installed Version: 1:8.4p1-5+deb11u1
Fixed Version:

References: www.securityfocus.com exchange.xforce.ibmcloud.com www.exploit-db.com
LOW

CVE-2016-20012: openssh: Public key information leak

** DISPUTED ** OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product.

Package Name: openssh-client
Installed Version: 1:8.4p1-5+deb11u1
Fixed Version:

References: access.redhat.com github.com github.com github.com github.com nvd.nist.gov rushter.com security.netapp.com utcc.utoronto.ca www.openwall.com
LOW

CVE-2018-15919: openssh: User enumeration via malformed packets in authentication requests

Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability.'

Package Name: openssh-client
Installed Version: 1:8.4p1-5+deb11u1
Fixed Version:

References: seclists.org www.securityfocus.com access.redhat.com security.netapp.com
LOW

CVE-2019-6110: openssh: Acceptance and display of arbitrary stderr allows for spoofing of scp client output

In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.

Package Name: openssh-client
Installed Version: 1:8.4p1-5+deb11u1
Fixed Version:

References: access.redhat.com cvsweb.openbsd.org cvsweb.openbsd.org security.gentoo.org security.netapp.com sintonen.fi www.exploit-db.com
LOW

CVE-2020-14145: openssh: Observable discrepancy leading to an information leak in the algorithm negotiation

The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.

Package Name: openssh-client
Installed Version: 1:8.4p1-5+deb11u1
Fixed Version:

References: www.openwall.com access.redhat.com anongit.mindrot.org cve.mitre.org docs.ssh-mitm.at github.com github.com linux.oracle.com linux.oracle.com nvd.nist.gov security.gentoo.org security.netapp.com www.fzi.de www.fzi.de
LOW

CVE-2020-15778: openssh: scp allows command injection when using backtick characters in the destination argument

** DISPUTED ** scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."

Package Name: openssh-client
Installed Version: 1:8.4p1-5+deb11u1
Fixed Version:

References: access.redhat.com access.redhat.com github.com github.com news.ycombinator.com nvd.nist.gov security.netapp.com www.openssh.com
LOW

CVE-2021-36368: openssh: possible bypass of fido 2 devices and ssh-askpass

** DISPUTED ** An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to support the None authentication option, then the user cannot determine whether FIDO authentication is going to confirm that the user wishes to connect to that server, or that the user wishes to allow that server to connect to a different server on the user's behalf. NOTE: the vendor's position is "this is not an authentication bypass, since nothing is being bypassed."

Package Name: openssh-client
Installed Version: 1:8.4p1-5+deb11u1
Fixed Version:

References: access.redhat.com bugzilla.mindrot.org docs.ssh-mitm.at github.com nvd.nist.gov security-tracker.debian.org www.openssh.com
LOW

CVE-2007-6755: Dual_EC_DRBG: weak pseudo random number generator

The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.

Package Name: openssl
Installed Version: 1.1.1n-0+deb11u3
Fixed Version:

References: arstechnica.com blog.cryptographyengineering.com blog.cryptographyengineering.com rump2007.cr.yp.to stream.wsj.com threatpost.com www.securityfocus.com access.redhat.com www.schneier.com
LOW

CVE-2010-0928: openssl: RSA authentication weakness

OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a "fault-based attack."

Package Name: openssl
Installed Version: 1.1.1n-0+deb11u3
Fixed Version:

References: rdist.root.org www.eecs.umich.edu www.networkworld.com www.osvdb.org www.theregister.co.uk access.redhat.com exchange.xforce.ibmcloud.com
LOW

CVE-2007-5686: initscripts in rPath Linux 1 sets insecure permissions for the /var/lo ...

initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.

Package Name: passwd
Installed Version: 1:4.8.1-1
Fixed Version:

References: secunia.com www.securityfocus.com www.securityfocus.com www.securityfocus.com www.vupen.com issues.rpath.com
LOW

CVE-2013-4235: shadow-utils: TOCTOU race conditions by copying and removing directory trees

shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees

Package Name: passwd
Installed Version: 1:4.8.1-1
Fixed Version:

References: access.redhat.com access.redhat.com bugzilla.redhat.com cve.mitre.org lists.apache.org security-tracker.debian.org
LOW

CVE-2019-19882: shadow-utils: local users can obtain root access because setuid programs are misconfigured

shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affects shadow 4.8 when compiled using --with-libpam but without explicitly passing --disable-account-tools-setuid, and without a PAM configuration suitable for use with setuid account management tools. This combination leads to account management tools (groupadd, groupdel, groupmod, useradd, userdel, usermod) that can easily be used by unprivileged local users to escalate privileges to root in multiple ways. This issue became much more relevant in approximately December 2019 when an unrelated bug was fixed (i.e., the chmod calls to suidusbins were fixed in the upstream Makefile which is now included in the release version 4.8).

Package Name: passwd
Installed Version: 1:4.8.1-1
Fixed Version:

References: access.redhat.com bugs.archlinux.org bugs.gentoo.org github.com github.com github.com security.gentoo.org
LOW

CVE-2010-4651: patch: directory traversal flaw allows for arbitrary file creation

Directory traversal vulnerability in util.c in GNU patch 2.6.1 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a filename that is specified with a .. (dot dot) or full pathname, a related issue to CVE-2010-1679.

Package Name: patch
Installed Version: 2.7.6-7
Fixed Version:

References: git.savannah.gnu.org lists.apple.com lists.fedoraproject.org lists.fedoraproject.org lists.gnu.org openwall.com openwall.com openwall.com openwall.com secunia.com secunia.com support.apple.com www.securityfocus.com www.vupen.com access.redhat.com bugzilla.redhat.com cve.mitre.org ubuntu.com
LOW

CVE-2018-6951: patch: NULL pointer dereference in pch.c:intuit_diff_type() causes a crash

An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a "mangled rename" issue.

Package Name: patch
Installed Version: 2.7.6-7
Fixed Version:

References: www.securityfocus.com access.redhat.com cve.mitre.org git.savannah.gnu.org nvd.nist.gov savannah.gnu.org security.gentoo.org ubuntu.com usn.ubuntu.com
LOW

CVE-2018-6952: patch: Double free of memory in pch.c:another_hunk() causes a crash

A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.

Package Name: patch
Installed Version: 2.7.6-7
Fixed Version:

References: www.securityfocus.com access.redhat.com access.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com nvd.nist.gov savannah.gnu.org security.gentoo.org
LOW

CVE-2021-45261: patch: Invalid Pointer via another_hunk function

An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.

Package Name: patch
Installed Version: 2.7.6-7
Fixed Version:

References: access.redhat.com cve.mitre.org savannah.gnu.org
LOW

CVE-2011-4116: perl: File::Temp insecure temporary file handling

_is_safe in the File::Temp module for Perl does not properly handle symlinks.

Package Name: perl
Installed Version: 5.32.1-4+deb11u2
Fixed Version:

References: www.openwall.com www.openwall.com access.redhat.com github.com rt.cpan.org seclists.org
LOW

CVE-2011-4116: perl: File::Temp insecure temporary file handling

_is_safe in the File::Temp module for Perl does not properly handle symlinks.

Package Name: perl-base
Installed Version: 5.32.1-4+deb11u2
Fixed Version:

References: www.openwall.com www.openwall.com access.redhat.com github.com rt.cpan.org seclists.org
LOW

CVE-2011-4116: perl: File::Temp insecure temporary file handling

_is_safe in the File::Temp module for Perl does not properly handle symlinks.

Package Name: perl-modules-5.32
Installed Version: 5.32.1-4+deb11u2
Fixed Version:

References: www.openwall.com www.openwall.com access.redhat.com github.com rt.cpan.org seclists.org
LOW

CVE-2020-27619: python: Unsafe use of eval() on data retrieved via HTTP in the test suite

In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.

Package Name: python3.9
Installed Version: 3.9.2-1
Fixed Version:

References: access.redhat.com bugs.python.org cve.mitre.org errata.almalinux.org github.com github.com github.com github.com github.com linux.oracle.com linux.oracle.com lists.apache.org lists.apache.org lists.apache.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com ubuntu.com ubuntu.com
LOW

CVE-2020-27619: python: Unsafe use of eval() on data retrieved via HTTP in the test suite

In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.

Package Name: python3.9-minimal
Installed Version: 3.9.2-1
Fixed Version:

References: access.redhat.com bugs.python.org cve.mitre.org errata.almalinux.org github.com github.com github.com github.com github.com linux.oracle.com linux.oracle.com lists.apache.org lists.apache.org lists.apache.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com ubuntu.com ubuntu.com
LOW

CVE-2005-2541: tar: does not properly warn the user when extracting setuid or setgid files

Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.

Package Name: tar
Installed Version: 1.34+dfsg-1
Fixed Version:

References: marc.info access.redhat.com lists.apache.org
LOW

CVE-2021-4217: unzip: Null pointer dereference in Unicode strings code

A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.

Package Name: unzip
Installed Version: 6.0-26
Fixed Version:

References: access.redhat.com cve.mitre.org
LOW

CVE-2022-0563: util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline

A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.

Package Name: util-linux
Installed Version: 2.36.1-8+deb11u1
Fixed Version:

References: access.redhat.com lore.kernel.org nvd.nist.gov security.netapp.com
LOW

CVE-2022-0563: util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline

A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.

Package Name: uuid-dev
Installed Version: 2.36.1-8+deb11u1
Fixed Version:

References: access.redhat.com lore.kernel.org nvd.nist.gov security.netapp.com
Target: Node.js
CRITICAL

CVE-2019-10744: nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying properties

Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.

Package Name: lodash
Installed Version: 4.17.0
Fixed Version: 4.17.12

References: access.redhat.com access.redhat.com github.com github.com nvd.nist.gov security.netapp.com snyk.io support.f5.com www.npmjs.com www.oracle.com www.oracle.com
HIGH

CVE-2018-16487: lodash: Prototype pollution in utilities function

A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.

Package Name: lodash
Installed Version: 4.17.0
Fixed Version: >=4.17.11

References: access.redhat.com cve.mitre.org github.com hackerone.com nvd.nist.gov security.netapp.com www.npmjs.com
HIGH

CVE-2020-8203: nodejs-lodash: prototype pollution in zipObjectDeep function

Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.

Package Name: lodash
Installed Version: 4.17.0
Fixed Version: 4.17.20

References: access.redhat.com github.com github.com github.com github.com hackerone.com nvd.nist.gov security.netapp.com www.npmjs.com www.oracle.com www.oracle.com www.oracle.com www.oracle.com www.oracle.com
HIGH

CVE-2021-23337: nodejs-lodash: command injection via template

Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.

Package Name: lodash
Installed Version: 4.17.0
Fixed Version: 4.17.21

References: access.redhat.com cve.mitre.org github.com github.com github.com github.com nvd.nist.gov security.netapp.com snyk.io snyk.io snyk.io snyk.io snyk.io snyk.io www.oracle.com www.oracle.com www.oracle.com
MEDIUM

CVE-2019-1010266: lodash: uncontrolled resource consumption in Data handler causing denial of service

lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is: 4.17.11.

Package Name: lodash
Installed Version: 4.17.0
Fixed Version: 4.17.11

References: access.redhat.com cve.mitre.org github.com github.com github.com github.com nvd.nist.gov security.netapp.com snyk.io
MEDIUM

CVE-2020-28500: nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions

Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.

Package Name: lodash
Installed Version: 4.17.0
Fixed Version: 4.17.21

References: access.redhat.com cve.mitre.org github.com github.com github.com github.com github.com nvd.nist.gov security.netapp.com snyk.io snyk.io snyk.io snyk.io snyk.io snyk.io www.oracle.com www.oracle.com www.oracle.com
LOW

CVE-2018-3721: lodash: Prototype pollution in utilities function

lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.

Package Name: lodash
Installed Version: 4.17.0
Fixed Version: >=4.17.5

References: access.redhat.com cve.mitre.org github.com github.com hackerone.com nvd.nist.gov security.netapp.com snyk.io www.npmjs.com
Loading...

These instructions assume you have setup the repository first (or read it).

To pull example @ reference/tag latest:

docker pull docker.cloudsmith.io/cloudsmith/examples/example:latest

To refer to this image after pulling in a Dockerfile, specify the following:

FROM docker.cloudsmith.io/cloudsmith/examples/example:latest
Previous Version
Next Version
Top