LAYER: meta PACKAGE NAME: cronie PACKAGE VERSION: 1.7.2 CVE: CVE-2010-0424 CVE STATUS: Patched CVE SUMMARY: The edit_cmd function in crontab.c in (1) cronie before 1.4.4 and (2) Vixie cron (vixie-cron) allows local users to change the modification times of arbitrary files, and consequently cause a denial of service, via a symlink attack on a temporary file in the /tmp directory. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-0424 LAYER: meta PACKAGE NAME: cronie PACKAGE VERSION: 1.7.2 CVE: CVE-2012-6097 CVE STATUS: Patched CVE SUMMARY: File descriptor leak in cronie 1.4.8, when running in certain environments, might allow local users to read restricted files, as demonstrated by reading /etc/crontab. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6097 LAYER: meta PACKAGE NAME: ncurses PACKAGE VERSION: 6.4 CVE: CVE-2000-0963 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in ncurses library allows local users to execute arbitrary commands via long environmental information such as TERM or TERMINFO_DIRS. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2000-0963 LAYER: meta PACKAGE NAME: ncurses PACKAGE VERSION: 6.4 CVE: CVE-2002-0062 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package as used in Red Hat Linux, allows local users to gain privileges, related to "routines for moving the physical cursor and scrolling." CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-0062 LAYER: meta PACKAGE NAME: ncurses PACKAGE VERSION: 6.4 CVE: CVE-2017-10684 CVE STATUS: Patched CVE SUMMARY: In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-10684 LAYER: meta PACKAGE NAME: ncurses PACKAGE VERSION: 6.4 CVE: CVE-2017-10685 CVE STATUS: Patched CVE SUMMARY: In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-10685 LAYER: meta PACKAGE NAME: ncurses PACKAGE VERSION: 6.4 CVE: CVE-2017-11112 CVE STATUS: Patched CVE SUMMARY: In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11112 LAYER: meta PACKAGE NAME: ncurses PACKAGE VERSION: 6.4 CVE: CVE-2017-11113 CVE STATUS: Patched CVE SUMMARY: In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11113 LAYER: meta PACKAGE NAME: ncurses PACKAGE VERSION: 6.4 CVE: CVE-2017-13728 CVE STATUS: Patched CVE SUMMARY: There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13728 LAYER: meta PACKAGE NAME: ncurses PACKAGE VERSION: 6.4 CVE: CVE-2017-13729 CVE STATUS: Patched CVE SUMMARY: There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13729 LAYER: meta PACKAGE NAME: ncurses PACKAGE VERSION: 6.4 CVE: CVE-2017-13730 CVE STATUS: Patched CVE SUMMARY: There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13730 LAYER: meta PACKAGE NAME: ncurses PACKAGE VERSION: 6.4 CVE: CVE-2017-13731 CVE STATUS: Patched CVE SUMMARY: There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13731 LAYER: meta PACKAGE NAME: ncurses PACKAGE VERSION: 6.4 CVE: CVE-2017-13732 CVE STATUS: Patched CVE SUMMARY: There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13732 LAYER: meta PACKAGE NAME: ncurses PACKAGE VERSION: 6.4 CVE: CVE-2017-13733 CVE STATUS: Patched CVE SUMMARY: There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13733 LAYER: meta PACKAGE NAME: ncurses PACKAGE VERSION: 6.4 CVE: CVE-2017-13734 CVE STATUS: Patched CVE SUMMARY: There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13734 LAYER: meta PACKAGE NAME: ncurses PACKAGE VERSION: 6.4 CVE: CVE-2017-16879 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-16879 LAYER: meta PACKAGE NAME: ncurses PACKAGE VERSION: 6.4 CVE: CVE-2018-19211 CVE STATUS: Patched CVE SUMMARY: In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a "dubious character `*' in name or alias field" detection. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19211 LAYER: meta PACKAGE NAME: ncurses PACKAGE VERSION: 6.4 CVE: CVE-2018-19217 CVE STATUS: Patched CVE SUMMARY: In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19217 LAYER: meta PACKAGE NAME: ncurses PACKAGE VERSION: 6.4 CVE: CVE-2019-15547 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the ncurses crate through 5.99.0 for Rust. There are format string issues in printw functions because C format arguments are mishandled. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-15547 LAYER: meta PACKAGE NAME: ncurses PACKAGE VERSION: 6.4 CVE: CVE-2019-15548 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the ncurses crate through 5.99.0 for Rust. There are instr and mvwinstr buffer overflows because interaction with C functions is mishandled. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-15548 LAYER: meta PACKAGE NAME: ncurses PACKAGE VERSION: 6.4 CVE: CVE-2019-17594 CVE STATUS: Patched CVE SUMMARY: There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-17594 LAYER: meta PACKAGE NAME: ncurses PACKAGE VERSION: 6.4 CVE: CVE-2019-17595 CVE STATUS: Patched CVE SUMMARY: There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 5.4 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-17595 LAYER: meta PACKAGE NAME: ncurses PACKAGE VERSION: 6.4 CVE: CVE-2020-19185 CVE STATUS: Patched CVE SUMMARY: Buffer Overflow vulnerability in one_one_mapping function in progs/dump_entry.c:1373 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-19185 LAYER: meta PACKAGE NAME: ncurses PACKAGE VERSION: 6.4 CVE: CVE-2020-19186 CVE STATUS: Patched CVE SUMMARY: Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp_hash.c:66 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-19186 LAYER: meta PACKAGE NAME: ncurses PACKAGE VERSION: 6.4 CVE: CVE-2020-19187 CVE STATUS: Patched CVE SUMMARY: Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1100 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-19187 LAYER: meta PACKAGE NAME: ncurses PACKAGE VERSION: 6.4 CVE: CVE-2020-19188 CVE STATUS: Patched CVE SUMMARY: Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1116 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-19188 LAYER: meta PACKAGE NAME: ncurses PACKAGE VERSION: 6.4 CVE: CVE-2020-19189 CVE STATUS: Patched CVE SUMMARY: Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-19189 LAYER: meta PACKAGE NAME: ncurses PACKAGE VERSION: 6.4 CVE: CVE-2020-19190 CVE STATUS: Patched CVE SUMMARY: Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash.c:70 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-19190 LAYER: meta PACKAGE NAME: ncurses PACKAGE VERSION: 6.4 CVE: CVE-2021-39537 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-39537 LAYER: meta PACKAGE NAME: ncurses PACKAGE VERSION: 6.4 CVE: CVE-2022-29458 CVE STATUS: Patched CVE SUMMARY: ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 7.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-29458 LAYER: meta PACKAGE NAME: ncurses PACKAGE VERSION: 6.4 CVE: CVE-2023-29491 CVE STATUS: Patched CVE SUMMARY: ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-29491 LAYER: meta PACKAGE NAME: ncurses PACKAGE VERSION: 6.4 CVE: CVE-2023-50495 CVE STATUS: Patched CVE SUMMARY: NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry(). CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-50495 LAYER: meta PACKAGE NAME: libxfont2 PACKAGE VERSION: 2.0.6 CVE: CVE-2007-1351 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow. CVSS v2 BASE SCORE: 8.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:S/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-1351 LAYER: meta PACKAGE NAME: libxfont2 PACKAGE VERSION: 2.0.6 CVE: CVE-2007-1352 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow. CVSS v2 BASE SCORE: 3.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:S/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-1352 LAYER: meta PACKAGE NAME: libxfont2 PACKAGE VERSION: 2.0.6 CVE: CVE-2007-5199 CVE STATUS: Patched CVE SUMMARY: A single byte overflow in catalogue.c in X.Org libXfont 1.3.1 allows remote attackers to have unspecified impact. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-5199 LAYER: meta PACKAGE NAME: libxfont2 PACKAGE VERSION: 2.0.6 CVE: CVE-2011-2895 CVE STATUS: Patched CVE SUMMARY: The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-2895 LAYER: meta PACKAGE NAME: libxfont2 PACKAGE VERSION: 2.0.6 CVE: CVE-2013-6462 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont 1.1 through 1.4.6 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in a character name in a BDF font file. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-6462 LAYER: meta PACKAGE NAME: libxfont2 PACKAGE VERSION: 2.0.6 CVE: CVE-2014-0209 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0209 LAYER: meta PACKAGE NAME: libxfont2 PACKAGE VERSION: 2.0.6 CVE: CVE-2014-0210 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs protocol reply to the (1) _fs_recv_conn_setup, (2) fs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info, (5) fs_read_glyphs, (6) fs_read_list, or (7) fs_read_list_info function. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0210 LAYER: meta PACKAGE NAME: libxfont2 PACKAGE VERSION: 2.0.6 CVE: CVE-2014-0211 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0211 LAYER: meta PACKAGE NAME: libxfont2 PACKAGE VERSION: 2.0.6 CVE: CVE-2015-1802 CVE STATUS: Patched CVE SUMMARY: The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 allows remote authenticated users to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a (1) negative or (2) large property count in a BDF font file. CVSS v2 BASE SCORE: 8.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:S/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1802 LAYER: meta PACKAGE NAME: libxfont2 PACKAGE VERSION: 2.0.6 CVE: CVE-2015-1803 CVE STATUS: Patched CVE SUMMARY: The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly handle character bitmaps it cannot read, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a crafted BDF font file. CVSS v2 BASE SCORE: 8.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:S/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1803 LAYER: meta PACKAGE NAME: libxfont2 PACKAGE VERSION: 2.0.6 CVE: CVE-2015-1804 CVE STATUS: Patched CVE SUMMARY: The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote authenticated users to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via a crafted BDF font file. CVSS v2 BASE SCORE: 8.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:S/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1804 LAYER: meta PACKAGE NAME: libxfont2 PACKAGE VERSION: 2.0.6 CVE: CVE-2017-13720 CVE STATUS: Patched CVE SUMMARY: In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash (denial of service). This occurs because '\0' characters are incorrectly skipped in situations involving ? characters. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 7.1 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13720 LAYER: meta PACKAGE NAME: libxfont2 PACKAGE VERSION: 2.0.6 CVE: CVE-2017-13722 CVE STATUS: Patched CVE SUMMARY: In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check (for PCF files) could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X server. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 7.1 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13722 LAYER: meta PACKAGE NAME: libxfont2 PACKAGE VERSION: 2.0.6 CVE: CVE-2017-16611 CVE STATUS: Patched CVE SUMMARY: In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-16611 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2005-4807 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the as_bad function in messages.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050721 allows attackers to execute arbitrary code via a .c file with crafted inline assembly code. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-4807 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2005-4808 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in reset_vars in config/tc-crx.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050714 allows user-assisted attackers to have an unknown impact via a crafted .s file. CVSS v2 BASE SCORE: 7.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-4808 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2006-2362 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in getsym in tekhex.c in libbfd in Free Software Foundation GNU Binutils before 20060423, as used by GNU strings, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a file with a crafted Tektronix Hex Format (TekHex) record in which the length character is not a valid hexadecimal character. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 7.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-2362 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2012-3509 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in the (1) _objalloc_alloc function in objalloc.c and (2) objalloc_alloc macro in include/objalloc.h in GNU libiberty, as used by binutils 2.22, allow remote attackers to cause a denial of service (crash) via vectors related to the "addition of CHUNK_HEADER_SIZE to the length," which triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-3509 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2014-8484 CVE STATUS: Patched CVE SUMMARY: The srec_scan function in bfd/srec.c in libdbfd in GNU binutils before 2.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a small S-record. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8484 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2014-8485 CVE STATUS: Patched CVE SUMMARY: The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted section group headers in an ELF file. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8485 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2014-8501 CVE STATUS: Patched CVE SUMMARY: The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE executable. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8501 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2014-8502 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the pe_print_edata function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a truncated export table in a PE file. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8502 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2014-8503 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the ihex_scan function in bfd/ihex.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted ihex file. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8503 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2014-8504 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the srec_scan function in bfd/srec.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted file. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8504 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2014-8737 CVE STATUS: Patched CVE SUMMARY: Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. (dot dot) or full path name in an archive to (1) strip or (2) objcopy or create arbitrary files via (3) a .. (dot dot) or full path name in an archive to ar. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8737 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2014-8738 CVE STATUS: Patched CVE SUMMARY: The _bfd_slurp_extended_name_table function in bfd/archive.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (invalid write, segmentation fault, and crash) via a crafted extended name table in an archive. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8738 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2014-9939 CVE STATUS: Patched CVE SUMMARY: ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel Hex objects. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9939 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-12448 CVE STATUS: Patched CVE SUMMARY: The bfd_cache_close function in bfd/cache.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a heap use after free and possibly achieve code execution via a crafted nested archive file. This issue occurs because incorrect functions are called during an attempt to release memory. The issue can be addressed by better input validation in the bfd_generic_archive_p function in bfd/archive.c. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12448 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-12449 CVE STATUS: Patched CVE SUMMARY: The _bfd_vms_save_sized_string function in vms-misc.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12449 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-12450 CVE STATUS: Patched CVE SUMMARY: The alpha_vms_object_p function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap write and possibly achieve code execution via a crafted vms alpha file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12450 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-12451 CVE STATUS: Patched CVE SUMMARY: The _bfd_xcoff_read_ar_hdr function in bfd/coff-rs6000.c and bfd/coff64-rs6000.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds stack read via a crafted COFF image file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12451 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-12452 CVE STATUS: Patched CVE SUMMARY: The bfd_mach_o_i386_canonicalize_one_reloc function in bfd/mach-o-i386.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted mach-o file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12452 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-12453 CVE STATUS: Patched CVE SUMMARY: The _bfd_vms_slurp_eeom function in libbfd.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12453 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-12454 CVE STATUS: Patched CVE SUMMARY: The _bfd_vms_slurp_egsd function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an arbitrary memory read via a crafted vms alpha file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12454 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-12455 CVE STATUS: Patched CVE SUMMARY: The evax_bfd_print_emh function in vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12455 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-12456 CVE STATUS: Patched CVE SUMMARY: The read_symbol_stabs_debugging_info function in rddbg.c in GNU Binutils 2.29 and earlier allows remote attackers to cause an out of bounds heap read via a crafted binary file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12456 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-12457 CVE STATUS: Patched CVE SUMMARY: The bfd_make_section_with_flags function in section.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a NULL dereference via a crafted file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12457 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-12458 CVE STATUS: Patched CVE SUMMARY: The nlm_swap_auxiliary_headers_in function in bfd/nlmcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted nlm file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12458 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-12459 CVE STATUS: Patched CVE SUMMARY: The bfd_mach_o_read_symtab_strtab function in bfd/mach-o.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap write and possibly achieve code execution via a crafted mach-o file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12459 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-12799 CVE STATUS: Patched CVE SUMMARY: The elf_read_notesfunction in bfd/elf.c in GNU Binutils 2.29 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12799 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-12967 CVE STATUS: Patched CVE SUMMARY: The getsym function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a malformed tekhex binary. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12967 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-13710 CVE STATUS: Patched CVE SUMMARY: The setup_group function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a group section that is too small. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13710 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-13716 CVE STATUS: Patched CVE SUMMARY: The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd). CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13716 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-13757 CVE STATUS: Patched CVE SUMMARY: The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the PLT section size, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to elf_i386_get_synthetic_symtab in elf32-i386.c and elf_x86_64_get_synthetic_symtab in elf64-x86-64.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13757 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-14128 CVE STATUS: Patched CVE SUMMARY: The decode_line_info function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (read_1_byte heap-based buffer over-read and application crash) via a crafted ELF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14128 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-14129 CVE STATUS: Patched CVE SUMMARY: The read_section function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (parse_comp_unit heap-based buffer over-read and application crash) via a crafted ELF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14129 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-14130 CVE STATUS: Patched CVE SUMMARY: The _bfd_elf_parse_attributes function in elf-attrs.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (_bfd_elf_attr_strdup heap-based buffer over-read and application crash) via a crafted ELF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14130 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-14333 CVE STATUS: Patched CVE SUMMARY: The process_version_sections function in readelf.c in GNU Binutils 2.29 allows attackers to cause a denial of service (Integer Overflow, and hang because of a time-consuming loop) or possibly have unspecified other impact via a crafted binary file with invalid values of ent.vn_next, during "readelf -a" execution. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14333 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-14529 CVE STATUS: Patched CVE SUMMARY: The pe_print_idata function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles HintName vector entries, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PE file, related to the bfd_getl16 function. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14529 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-14729 CVE STATUS: Patched CVE SUMMARY: The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, do not ensure a unique PLT entry for a symbol, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14729 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-14745 CVE STATUS: Patched CVE SUMMARY: The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, interpret a -1 value as a sorting count instead of an error flag, which allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14745 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-14930 CVE STATUS: Patched CVE SUMMARY: Memory leak in decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14930 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-14932 CVE STATUS: Patched CVE SUMMARY: decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14932 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-14933 CVE STATUS: Patched CVE SUMMARY: read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14933 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-14934 CVE STATUS: Patched CVE SUMMARY: process_debug_info in dwarf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file that contains a negative size value in a CU structure. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14934 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-14938 CVE STATUS: Patched CVE SUMMARY: _bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14938 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-14939 CVE STATUS: Patched CVE SUMMARY: decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles a length calculation, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to read_1_byte. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14939 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-14940 CVE STATUS: Patched CVE SUMMARY: scan_unit_for_symbols in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14940 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-14974 CVE STATUS: Patched CVE SUMMARY: The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandle the failure of a certain canonicalization step, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14974 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-15020 CVE STATUS: Patched CVE SUMMARY: dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles pointers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file, related to parse_die and parse_line_table, as demonstrated by a parse_die heap-based buffer over-read. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15020 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-15021 CVE STATUS: Patched CVE SUMMARY: bfd_get_debug_link_info_1 in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to bfd_getl32. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15021 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-15022 CVE STATUS: Patched CVE SUMMARY: dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the DW_AT_name data type, which allows remote attackers to cause a denial of service (bfd_hash_hash NULL pointer dereference, or out-of-bounds access, and application crash) via a crafted ELF file, related to scan_unit_for_symbols and parse_comp_unit. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15022 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-15023 CVE STATUS: Patched CVE SUMMARY: read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not properly validate the format count, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15023 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-15024 CVE STATUS: Patched CVE SUMMARY: find_abstract_instance_name in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15024 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-15025 CVE STATUS: Patched CVE SUMMARY: decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted ELF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15025 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-15225 CVE STATUS: Patched CVE SUMMARY: _bfd_dwarf2_cleanup_debug_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory leak) via a crafted ELF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15225 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-15938 CVE STATUS: Patched CVE SUMMARY: dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, miscalculates DW_FORM_ref_addr die refs in the case of a relocatable object file, which allows remote attackers to cause a denial of service (find_abstract_instance_name invalid memory read, segmentation fault, and application crash). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15938 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-15939 CVE STATUS: Patched CVE SUMMARY: dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles NULL files in a .debug_line file table, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename. NOTE: this issue is caused by an incomplete fix for CVE-2017-15023. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15939 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-15996 CVE STATUS: Patched CVE SUMMARY: elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggers a "buffer overflow on fuzzed archive header," related to an uninitialized variable, an improper conditional jump, and the get_archive_member_name, process_archive_index_and_symbols, and setup_archive functions. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15996 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-16826 CVE STATUS: Patched CVE SUMMARY: The coff_slurp_line_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted PE file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-16826 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-16827 CVE STATUS: Patched CVE SUMMARY: The aout_get_external_symbols function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified other impact via a crafted ELF file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-16827 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-16828 CVE STATUS: Patched CVE SUMMARY: The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (integer overflow and heap-based buffer over-read, and application crash) or possibly have unspecified other impact via a crafted ELF file, related to print_debug_frame. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-16828 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-16829 CVE STATUS: Patched CVE SUMMARY: The _bfd_elf_parse_gnu_properties function in elf-properties.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not prevent negative pointers, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted ELF file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-16829 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-16830 CVE STATUS: Patched CVE SUMMARY: The print_gnu_property_note function in readelf.c in GNU Binutils 2.29.1 does not have integer-overflow protection on 32-bit platforms, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted ELF file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-16830 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-16831 CVE STATUS: Patched CVE SUMMARY: coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate the symbol count, which allows remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or possibly have unspecified other impact via a crafted PE file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-16831 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-16832 CVE STATUS: Patched CVE SUMMARY: The pe_bfd_read_buildid function in peicode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate size and offset values in the data dictionary, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted PE file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-16832 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-17080 CVE STATUS: Patched CVE SUMMARY: elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate sizes of core notes, which allows remote attackers to cause a denial of service (bfd_getl32 heap-based buffer over-read and application crash) via a crafted object file, related to elfcore_grok_netbsd_procinfo, elfcore_grok_openbsd_procinfo, and elfcore_grok_nto_status. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17080 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-17121 CVE STATUS: Patched CVE SUMMARY: The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (memory access violation) or possibly have unspecified other impact via a COFF binary in which a relocation refers to a location after the end of the to-be-relocated section. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17121 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-17122 CVE STATUS: Patched CVE SUMMARY: The dump_relocs_in_section function in objdump.c in GNU Binutils 2.29.1 does not check for reloc count integer overflows, which allows remote attackers to cause a denial of service (excessive memory allocation, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PE file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17122 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-17123 CVE STATUS: Patched CVE SUMMARY: The coff_slurp_reloc_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted COFF based file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17123 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-17124 CVE STATUS: Patched CVE SUMMARY: The _bfd_coff_read_string_table function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not properly validate the size of the external string table, which allows remote attackers to cause a denial of service (excessive memory consumption, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted COFF binary. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17124 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-17125 CVE STATUS: Patched CVE SUMMARY: nm.c and objdump.c in GNU Binutils 2.29.1 mishandle certain global symbols, which allows remote attackers to cause a denial of service (_bfd_elf_get_symbol_version_string buffer over-read and application crash) or possibly have unspecified other impact via a crafted ELF file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17125 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-17126 CVE STATUS: Patched CVE SUMMARY: The load_debug_section function in readelf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via an ELF file that lacks section headers. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17126 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-6965 CVE STATUS: Patched CVE SUMMARY: readelf in GNU Binutils 2.28 writes to illegal addresses while processing corrupt input files containing symbol-difference relocations, leading to a heap-based buffer overflow. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6965 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-6966 CVE STATUS: Patched CVE SUMMARY: readelf in GNU Binutils 2.28 has a use-after-free (specifically read-after-free) error while processing multiple, relocated sections in an MSP430 binary. This is caused by mishandling of an invalid symbol index, and mishandling of state across invocations. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6966 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-6969 CVE STATUS: Patched CVE SUMMARY: readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries. The vulnerability can trigger program crashes. It may lead to an information leak as well. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6969 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-7209 CVE STATUS: Patched CVE SUMMARY: The dump_section_as_bytes function in readelf in GNU Binutils 2.28 accesses a NULL pointer while reading section contents in a corrupt binary, leading to a program crash. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7209 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-7210 CVE STATUS: Patched CVE SUMMARY: objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS enum type strings in a crafted object file, leading to program crash. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7210 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-7223 CVE STATUS: Patched CVE SUMMARY: GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7223 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-7224 CVE STATUS: Patched CVE SUMMARY: The find_nearest_line function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write (of size 1) while disassembling a corrupt binary that contains an empty function name, leading to a program crash. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7224 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-7225 CVE STATUS: Patched CVE SUMMARY: The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7225 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-7226 CVE STATUS: Patched CVE SUMMARY: The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses the strlen function instead of strnlen, leading to program crashes in several utilities such as addr2line, size, and strings. It could lead to information disclosure as well. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7226 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-7227 CVE STATUS: Patched CVE SUMMARY: GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while processing a bogus input script, leading to a program crash. This relates to lack of '\0' termination of a name field in ldlex.l. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7227 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-7299 CVE STATUS: Patched CVE SUMMARY: The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an invalid read (of size 8) because the code to emit relocs (bfd_elf_final_link function in bfd/elflink.c) does not check the format of the input file before trying to read the ELF reloc section header. The vulnerability leads to a GNU linker (ld) program crash. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7299 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-7300 CVE STATUS: Patched CVE SUMMARY: The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read (off-by-one) because of an incomplete check for invalid string offsets while loading symbols, leading to a GNU linker (ld) program crash. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7300 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-7301 CVE STATUS: Patched CVE SUMMARY: The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that has an off-by-one vulnerability because it does not carefully check the string offset. The vulnerability could lead to a GNU linker (ld) program crash. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7301 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-7302 CVE STATUS: Patched CVE SUMMARY: The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an invalid read (of size 4) because of missing checks for relocs that could not be recognised. This vulnerability causes Binutils utilities like strip to crash. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7302 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-7303 CVE STATUS: Patched CVE SUMMARY: The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 4) because of missing a check (in the find_link function) for null headers before attempting to match them. This vulnerability causes Binutils utilities like strip to crash. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7303 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-7304 CVE STATUS: Patched CVE SUMMARY: The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 8) because of missing a check (in the copy_special_section_fields function) for an invalid sh_link field before attempting to follow it. This vulnerability causes Binutils utilities like strip to crash. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7304 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-7614 CVE STATUS: Patched CVE SUMMARY: elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a "member access within null pointer" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an "int main() {return 0;}" program. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7614 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-8392 CVE STATUS: Patched CVE SUMMARY: The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 8 because of missing a check to determine whether symbols are NULL in the _bfd_dwarf2_find_nearest_line function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8392 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-8393 CVE STATUS: Patched CVE SUMMARY: The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcopy and strip, that SHT_REL/SHR_RELA sections are always named starting with a .rel/.rela prefix. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy and strip, to crash. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8393 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-8394 CVE STATUS: Patched CVE SUMMARY: The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 4 due to NULL pointer dereferencing of _bfd_elf_large_com_section. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8394 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-8395 CVE STATUS: Patched CVE SUMMARY: The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid write of size 8 because of missing a malloc() return-value check to see if memory had actually been allocated in the _bfd_generic_get_section_contents function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8395 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-8396 CVE STATUS: Patched CVE SUMMARY: The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 because the existing reloc offset range tests didn't catch small negative offsets less than the size of the reloc field. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8396 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-8397 CVE STATUS: Patched CVE SUMMARY: The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 and an invalid write of size 1 during processing of a corrupt binary containing reloc(s) with negative addresses. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8397 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-8398 CVE STATUS: Patched CVE SUMMARY: dwarf.c in GNU Binutils 2.28 is vulnerable to an invalid read of size 1 during dumping of debug information from a corrupt binary. This vulnerability causes programs that conduct an analysis of binary programs, such as objdump and readelf, to crash. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8398 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-8421 CVE STATUS: Patched CVE SUMMARY: The function coff_set_alignment_hook in coffcode.h in Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a memory leak vulnerability which can cause memory exhaustion in objdump via a crafted PE file. Additional validation in dump_relocs_in_section in objdump.c can resolve this. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8421 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-9038 CVE STATUS: Patched CVE SUMMARY: GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to the byte_get_little_endian function in elfcomm.c, the get_unwind_section_word function in readelf.c, and ARM unwind information that contains invalid word offsets. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9038 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-9039 CVE STATUS: Patched CVE SUMMARY: GNU Binutils 2.28 allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file with many program headers, related to the get_program_headers function in readelf.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9039 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-9040 CVE STATUS: Patched CVE SUMMARY: GNU Binutils 2017-04-03 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash), related to the process_mips_specific function in readelf.c, via a crafted ELF file that triggers a large memory-allocation attempt. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9040 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-9041 CVE STATUS: Patched CVE SUMMARY: GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to MIPS GOT mishandling in the process_mips_specific function in readelf.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9041 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-9042 CVE STATUS: Patched CVE SUMMARY: readelf.c in GNU Binutils 2017-04-12 has a "cannot be represented in type long" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9042 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-9043 CVE STATUS: Patched CVE SUMMARY: readelf.c in GNU Binutils 2017-04-12 has a "shift exponent too large for type unsigned long" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9043 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-9044 CVE STATUS: Patched CVE SUMMARY: The print_symbol_for_build_attribute function in readelf.c in GNU Binutils 2017-04-12 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted ELF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9044 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-9742 CVE STATUS: Patched CVE SUMMARY: The score_opcodes function in opcodes/score7-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9742 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-9743 CVE STATUS: Patched CVE SUMMARY: The print_insn_score32 function in opcodes/score7-dis.c:552 in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9743 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-9744 CVE STATUS: Patched CVE SUMMARY: The sh_elf_set_mach_from_flags function in bfd/elf32-sh.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9744 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-9745 CVE STATUS: Patched CVE SUMMARY: The _bfd_vms_slurp_etir function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9745 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-9746 CVE STATUS: Patched CVE SUMMARY: The disassemble_bytes function in objdump.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of rae insns printing for this file during "objdump -D" execution. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9746 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-9747 CVE STATUS: Patched CVE SUMMARY: The ieee_archive_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. NOTE: this may be related to a compiler bug. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9747 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-9748 CVE STATUS: Patched CVE SUMMARY: The ieee_object_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. NOTE: this may be related to a compiler bug. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9748 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-9749 CVE STATUS: Patched CVE SUMMARY: The *regs* macros in opcodes/bfin-dis.c in GNU Binutils 2.28 allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9749 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-9750 CVE STATUS: Patched CVE SUMMARY: opcodes/rx-decode.opc in GNU Binutils 2.28 lacks bounds checks for certain scale arrays, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9750 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-9751 CVE STATUS: Patched CVE SUMMARY: opcodes/rl78-decode.opc in GNU Binutils 2.28 has an unbounded GETBYTE macro, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9751 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-9752 CVE STATUS: Patched CVE SUMMARY: bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file in the _bfd_vms_get_value and _bfd_vms_slurp_etir functions during "objdump -D" execution. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9752 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-9753 CVE STATUS: Patched CVE SUMMARY: The versados_mkobject function in bfd/versados.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, does not initialize a certain data structure, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9753 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-9754 CVE STATUS: Patched CVE SUMMARY: The process_otr function in bfd/versados.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, does not validate a certain offset, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9754 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-9755 CVE STATUS: Patched CVE SUMMARY: opcodes/i386-dis.c in GNU Binutils 2.28 does not consider the number of registers for bnd mode, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9755 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-9756 CVE STATUS: Patched CVE SUMMARY: The aarch64_ext_ldst_reglist function in opcodes/aarch64-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9756 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-9954 CVE STATUS: Patched CVE SUMMARY: The getvalue function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted tekhex file, as demonstrated by mishandling within the nm program. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9954 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-9955 CVE STATUS: Patched CVE SUMMARY: The get_build_id function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file in which a certain size field is larger than a corresponding data field, as demonstrated by mishandling within the objdump program. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9955 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-1000876 CVE STATUS: Patched CVE SUMMARY: binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000876 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-10372 CVE STATUS: Patched CVE SUMMARY: process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-10372 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-10373 CVE STATUS: Patched CVE SUMMARY: concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by nm-new. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-10373 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-10534 CVE STATUS: Patched CVE SUMMARY: The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, processes a negative Data Directory size with an unbounded loop that increases the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so that the address exceeds its own memory region, resulting in an out-of-bounds memory write, as demonstrated by objcopy copying private info with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-10534 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-10535 CVE STATUS: Patched CVE SUMMARY: The ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, does not validate the output_section pointer in the case of a symtab entry with a "SECTION" type that has a "0" value, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file, as demonstrated by objcopy. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-10535 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-12641 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type, do_arg, demangle_args, and demangle_nested_args. This can occur during execution of nm-new. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-12641 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-12697 CVE STATUS: Patched CVE SUMMARY: A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-12697 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-12698 CVE STATUS: Patched CVE SUMMARY: demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the "Create an array for saving the template argument values" XNEWVEC call. This can occur during execution of objdump. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-12698 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-12699 CVE STATUS: Patched CVE SUMMARY: finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-12699 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-12934 CVE STATUS: Patched CVE SUMMARY: remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-12934 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-13033 CVE STATUS: Patched CVE SUMMARY: The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc in libbfd.c. This can occur during execution of nm. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-13033 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-17358 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in _bfd_stab_section_find_nearest_line in syms.c. Attackers could leverage this vulnerability to cause a denial of service (application crash) via a crafted ELF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-17358 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-17359 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in bfd_zalloc in opncls.c. Attackers could leverage this vulnerability to cause a denial of service (application crash) via a crafted ELF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-17359 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-17360 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. a heap-based buffer over-read in bfd_getl32 in libbfd.c allows an attacker to cause a denial of service through a crafted PE file. This vulnerability can be triggered by the executable objdump. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-17360 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-17794 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in work_stuff_copy_to_from when called from iterate_demangle_function. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-17794 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-17985 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption problem caused by the cplus_demangle_type function making recursive calls to itself in certain scenarios involving many 'P' characters. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-17985 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-18309 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory address dereference was discovered in read_reloc in reloc.c. The vulnerability causes a segmentation fault and application crash, which leads to denial of service, as demonstrated by objdump, because of missing _bfd_clear_contents bounds checking. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18309 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-18483 CVE STATUS: Patched CVE SUMMARY: The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18483 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-18484 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there is a stack consumption problem caused by recursive stack frames: cplus_demangle_type, d_bare_function_type, d_function_type. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18484 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-18605 CVE STATUS: Patched CVE SUMMARY: A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, because _bfd_add_merge_section mishandles section merges when size is not a multiple of entsize. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18605 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-18606 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18606 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-18607 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18607 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-18700 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions d_name(), d_encoding(), and d_local_name() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18700 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-18701 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions next_is_type_qual() and cplus_demangle_type() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18701 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-19931 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h because the number of program headers is not restricted. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19931 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-19932 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19932 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-20002 CVE STATUS: Patched CVE SUMMARY: The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20002 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-20623 CVE STATUS: Patched CVE SUMMARY: In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the process_archive function in readelf.c via a crafted ELF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20623 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-20651 CVE STATUS: Patched CVE SUMMARY: A NULL pointer dereference was discovered in elf_link_add_object_symbols in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31.1. This occurs for a crafted ET_DYN with no program headers. A specially crafted ELF file allows remote attackers to cause a denial of service, as demonstrated by ld. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20651 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-20657 CVE STATUS: Patched CVE SUMMARY: The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20657 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-20671 CVE STATUS: Patched CVE SUMMARY: load_specific_debug_section in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow vulnerability that can trigger a heap-based buffer overflow via a crafted section size. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20671 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-20673 CVE STATUS: Patched CVE SUMMARY: The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for "Create an array for saving the template argument values") that can trigger a heap-based buffer overflow, as demonstrated by nm. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20673 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-20712 CVE STATUS: Patched CVE SUMMARY: A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20712 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-6323 CVE STATUS: Patched CVE SUMMARY: The elf_object_p function in elfcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, has an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-6323 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-6543 CVE STATUS: Patched CVE SUMMARY: In GNU Binutils 2.30, there's an integer overflow in the function load_specific_debug_section() in objdump.c, which results in `malloc()` with 0 size. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-6543 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-6759 CVE STATUS: Patched CVE SUMMARY: The bfd_get_debug_link_info_1 function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, has an unchecked strnlen operation. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) via a crafted ELF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-6759 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-6872 CVE STATUS: Patched CVE SUMMARY: The elf_parse_notes function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (out-of-bounds read and segmentation violation) via a note with a large alignment. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-6872 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-7208 CVE STATUS: Patched CVE SUMMARY: In the coff_pointerize_aux function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, an index is not validated, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as demonstrated by objcopy of a COFF object. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7208 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-7568 CVE STATUS: Patched CVE SUMMARY: The parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7568 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-7569 CVE STATUS: Patched CVE SUMMARY: dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated by nm. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7569 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-7570 CVE STATUS: Patched CVE SUMMARY: The assign_file_positions_for_non_load_sections function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an ELF file with a RELRO segment that lacks a matching LOAD segment, as demonstrated by objcopy. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7570 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-7642 CVE STATUS: Patched CVE SUMMARY: The swap_std_reloc_in function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference and application crash) via a crafted ELF file, as demonstrated by objcopy. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7642 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-7643 CVE STATUS: Patched CVE SUMMARY: The display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7643 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-8945 CVE STATUS: Patched CVE SUMMARY: The bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (segmentation fault) via a large attribute section. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-8945 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-9138 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_nested_args, demangle_args, do_arg, and do_type. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9138 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-9996 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_template_value_parm, demangle_integral_value, and demangle_expression. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9996 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2019-1010204 CVE STATUS: Patched CVE SUMMARY: GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-1010204 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2019-12972 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing '\0' character. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-12972 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2019-14250 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-14250 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2019-14444 CVE STATUS: Patched CVE SUMMARY: apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attackers to trigger a write access violation (in byte_put_little_endian function in elfcomm.c) via an ELF file, as demonstrated by readelf. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-14444 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2019-17450 CVE STATUS: Patched CVE SUMMARY: find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-17450 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2019-17451 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-17451 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2019-9070 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c after many recursive calls. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9070 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2019-9071 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a stack consumption issue in d_count_templates_scopes in cp-demangle.c after many recursive calls. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9071 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2019-9072 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in setup_group in elf.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9072 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2019-9073 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in _bfd_elf_slurp_version_tables in elf.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9073 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2019-9074 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c, when called from pex64_get_runtime_function in pei-x86_64.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9074 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2019-9075 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9075 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2019-9076 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in elf_read_notes in elf.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9076 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2019-9077 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9077 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2020-16590 CVE STATUS: Patched CVE SUMMARY: A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.35 in the process_symbol_table, as demonstrated in readelf, via a crafted file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-16590 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2020-16591 CVE STATUS: Patched CVE SUMMARY: A Denial of Service vulnerability exists in the Binary File Descriptor (BFD) in GNU Binutils 2.35 due to an invalid read in process_symbol_table, as demonstrated in readeif. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-16591 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2020-16592 CVE STATUS: Patched CVE SUMMARY: A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-16592 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2020-16593 CVE STATUS: Patched CVE SUMMARY: A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in scan_unit_for_symbols, as demonstrated in addr2line, that can cause a denial of service via a crafted file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-16593 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2020-16599 CVE STATUS: Patched CVE SUMMARY: A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new, that can cause a denial of service via a crafted file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-16599 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2020-19724 CVE STATUS: Patched CVE SUMMARY: A memory consumption issue in get_data function in binutils/nm.c in GNU nm before 2.34 allows attackers to cause a denial of service via crafted command. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-19724 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2020-19726 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to system memory or cause a denial of service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-19726 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2020-21490 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in GNU Binutils 2.34. It is a memory leak when process microblaze-dis.c. This one will consume memory on each insn disassembled. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-21490 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2020-35342 CVE STATUS: Patched CVE SUMMARY: GNU Binutils before 2.34 has an uninitialized-heap vulnerability in function tic4x_print_cond (file opcodes/tic4x-dis.c) which could allow attackers to make an information leak. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-35342 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2020-35448 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 3.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-35448 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2020-35493 CVE STATUS: Patched CVE SUMMARY: A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-35493 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2020-35494 CVE STATUS: Patched CVE SUMMARY: There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils versions prior to 2.34. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 6.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-35494 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2020-35495 CVE STATUS: Patched CVE SUMMARY: There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-35495 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2020-35496 CVE STATUS: Patched CVE SUMMARY: There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-35496 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2020-35507 CVE STATUS: Patched CVE SUMMARY: There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-35507 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2021-20197 CVE STATUS: Patched CVE SUMMARY: There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 6.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-20197 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2021-20284 CVE STATUS: Patched CVE SUMMARY: A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-20284 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2021-20294 CVE STATUS: Patched CVE SUMMARY: A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confidentiality, integrity, and availability. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-20294 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2021-32256 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangle_type in rust-demangle.c. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-32256 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2021-3530 CVE STATUS: Patched CVE SUMMARY: A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3530 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2021-3549 CVE STATUS: Patched CVE SUMMARY: An out of bounds flaw was found in GNU binutils objdump utility version 2.36. An attacker could use this flaw and pass a large section to avr_elf32_load_records_from_section() probably resulting in a crash or in some cases memory corruption. The highest threat from this vulnerability is to integrity as well as system availability. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 7.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3549 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2021-37322 CVE STATUS: Patched CVE SUMMARY: GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via the component cplus-dem.c. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-37322 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2021-45078 CVE STATUS: Patched CVE SUMMARY: stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-45078 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2021-46174 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in function bfd_getl32 in Binutils objdump 3.37. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-46174 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2022-35205 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function display_debug_names allows attackers to cause a denial of service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-35205 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2022-35206 CVE STATUS: Patched CVE SUMMARY: Null pointer dereference vulnerability in Binutils readelf 2.38.50 via function read_and_display_attr_value in file dwarf.c. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-35206 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2022-38533 CVE STATUS: Patched CVE SUMMARY: In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-38533 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2022-4285 CVE STATUS: Patched CVE SUMMARY: An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-4285 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2022-44840 CVE STATUS: Patched CVE SUMMARY: Heap buffer overflow vulnerability in binutils readelf before 2.40 via function find_section_in_set in file readelf.c. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-44840 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2022-45703 CVE STATUS: Patched CVE SUMMARY: Heap buffer overflow vulnerability in binutils readelf before 2.40 via function display_debug_section in file readelf.c. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-45703 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2022-47007 CVE STATUS: Patched CVE SUMMARY: An issue was discovered function stab_demangle_v3_arg in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-47007 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2022-47008 CVE STATUS: Patched CVE SUMMARY: An issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-47008 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2022-47010 CVE STATUS: Patched CVE SUMMARY: An issue was discovered function pr_function_type in prdbg.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-47010 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2022-47011 CVE STATUS: Patched CVE SUMMARY: An issue was discovered function parse_stab_struct_fields in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-47011 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2022-47673 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Binutils addr2line before 2.39.3, function parse_module contains multiple out of bound reads which may cause a denial of service or other unspecified impacts. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-47673 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2022-47695 CVE STATUS: Patched CVE SUMMARY: An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function bfd_mach_o_get_synthetic_symtab in match-o.c. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-47695 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2022-47696 CVE STATUS: Patched CVE SUMMARY: An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function compare_symbols. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-47696 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2022-48063 CVE STATUS: Patched CVE SUMMARY: GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function load_separate_debug_files at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-48063 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2022-48064 CVE STATUS: Patched CVE SUMMARY: GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-48064 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2022-48065 CVE STATUS: Patched CVE SUMMARY: GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-48065 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2023-1579 CVE STATUS: Patched CVE SUMMARY: Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-1579 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2023-1972 CVE STATUS: Patched CVE SUMMARY: A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-1972 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2023-25584 CVE STATUS: Ignored CVE DETAIL: cpe-incorrect CVE DESCRIPTION: Applies only for version 2.40 and earlier CVE SUMMARY: An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-25584 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2023-25585 CVE STATUS: Patched CVE SUMMARY: A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.7 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-25585 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2023-25586 CVE STATUS: Patched CVE SUMMARY: A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.7 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-25586 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2023-25588 CVE STATUS: Patched CVE SUMMARY: A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.7 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-25588 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2024-53589 CVE STATUS: Patched CVE SUMMARY: GNU objdump 2.43 is vulnerable to Buffer Overflow in the BFD (Binary File Descriptor) library's handling of tekhex format files. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.4 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-53589 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2025-0840 CVE STATUS: Patched CVE SUMMARY: A vulnerability, which was classified as problematic, was found in GNU Binutils up to 2.43. This affects the function disassemble_bytes of the file binutils/objdump.c. The manipulation of the argument buf leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 2.44 is able to address this issue. The identifier of the patch is baac6c221e9d69335bf41366a1c7d87d8ab2f893. It is recommended to upgrade the affected component. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 5.0 CVSS v4 BASE SCORE: 6.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-0840 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2025-1147 CVE STATUS: Patched CVE SUMMARY: A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 3.1 CVSS v4 BASE SCORE: 2.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-1147 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2025-1148 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master." CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 3.1 CVSS v4 BASE SCORE: 2.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-1148 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2025-1149 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in GNU Binutils 2.43. It has been classified as problematic. This affects the function xstrdup of the file libiberty/xmalloc.c of the component ld. The manipulation leads to memory leak. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master." CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 3.1 CVSS v4 BASE SCORE: 2.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-1149 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2025-1150 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. This vulnerability affects the function bfd_malloc of the file libbfd.c of the component ld. The manipulation leads to memory leak. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master." CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 3.1 CVSS v4 BASE SCORE: 2.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-1150 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2025-1151 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in GNU Binutils 2.43. It has been rated as problematic. This issue affects the function xmemdup of the file xmemdup.c of the component ld. The manipulation leads to memory leak. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master." CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 3.1 CVSS v4 BASE SCORE: 2.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-1151 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2025-1152 CVE STATUS: Patched CVE SUMMARY: A vulnerability classified as problematic has been found in GNU Binutils 2.43. Affected is the function xstrdup of the file xstrdup.c of the component ld. The manipulation leads to memory leak. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master." CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 3.1 CVSS v4 BASE SCORE: 2.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-1152 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2025-1153 CVE STATUS: Patched CVE SUMMARY: A vulnerability classified as problematic was found in GNU Binutils 2.43/2.44. Affected by this vulnerability is the function bfd_set_format of the file format.c. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 2.45 is able to address this issue. The identifier of the patch is 8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150. It is recommended to upgrade the affected component. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 3.1 CVSS v4 BASE SCORE: 2.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-1153 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2025-1176 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in GNU Binutils 2.43 and classified as critical. This issue affects the function _bfd_elf_gc_mark_rsec of the file elflink.c of the component ld. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The patch is named f9978defb6fab0bd8583942d97c112b0932ac814. It is recommended to apply a patch to fix this issue. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 5.0 CVSS v4 BASE SCORE: 2.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-1176 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2025-1179 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in GNU Binutils 2.43. It has been rated as critical. Affected by this issue is the function bfd_putl64 of the file bfd/libbfd.c of the component ld. The manipulation leads to memory corruption. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 2.44 is able to address this issue. It is recommended to upgrade the affected component. The code maintainer explains, that "[t]his bug has been fixed at some point between the 2.43 and 2.44 releases". CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 5.0 CVSS v4 BASE SCORE: 2.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-1179 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2025-3198 CVE STATUS: Patched CVE SUMMARY: A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue. CVSS v2 BASE SCORE: 1.7 CVSS v3 BASE SCORE: 3.3 CVSS v4 BASE SCORE: 4.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-3198 LAYER: meta PACKAGE NAME: libffi PACKAGE VERSION: 3.4.6 CVE: CVE-2017-1000376 CVE STATUS: Patched CVE SUMMARY: libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vulnerable, and upstream is believed to have fixed this issue in version 3.1. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 7.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-1000376 LAYER: meta PACKAGE NAME: zstd PACKAGE VERSION: 1.5.5 CVE: CVE-2019-11922 CVE STATUS: Patched CVE SUMMARY: A race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-11922 LAYER: meta PACKAGE NAME: zstd PACKAGE VERSION: 1.5.5 CVE: CVE-2021-24031 CVE STATUS: Patched CVE SUMMARY: In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions (matching the input) would only be set at completion time. Output files could therefore be readable or writable to unintended parties. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-24031 LAYER: meta PACKAGE NAME: zstd PACKAGE VERSION: 1.5.5 CVE: CVE-2021-24032 CVE STATUS: Patched CVE SUMMARY: Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 4.7 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-24032 LAYER: meta PACKAGE NAME: zstd PACKAGE VERSION: 1.5.5 CVE: CVE-2022-4899 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-4899 LAYER: meta PACKAGE NAME: libpcre2 PACKAGE VERSION: 10.43 CVE: CVE-2015-3210 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 allows remote attackers to execute arbitrary code via a crafted regular expression, as demonstrated by /^(?P=B)((?P=B)(?J:(?Pc)(?Pa(?P=B)))>WGXCREDITS)/, a different vulnerability than CVE-2015-8384. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3210 LAYER: meta PACKAGE NAME: libpcre2 PACKAGE VERSION: 10.43 CVE: CVE-2015-3217 CVE STATUS: Patched CVE SUMMARY: PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\.|([^\\\\W_])?)+)+$/. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3217 LAYER: meta PACKAGE NAME: libpcre2 PACKAGE VERSION: 10.43 CVE: CVE-2016-3191 CVE STATUS: Patched CVE SUMMARY: The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3191 LAYER: meta PACKAGE NAME: libpcre2 PACKAGE VERSION: 10.43 CVE: CVE-2017-7186 CVE STATUS: Patched CVE SUMMARY: libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7186 LAYER: meta PACKAGE NAME: libpcre2 PACKAGE VERSION: 10.43 CVE: CVE-2017-8399 CVE STATUS: Patched CVE SUMMARY: PCRE2 before 10.30 has an out-of-bounds write caused by a stack-based buffer overflow in pcre2_match.c, related to a "pattern with very many captures." CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8399 LAYER: meta PACKAGE NAME: libpcre2 PACKAGE VERSION: 10.43 CVE: CVE-2017-8786 CVE STATUS: Patched CVE SUMMARY: pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8786 LAYER: meta PACKAGE NAME: libpcre2 PACKAGE VERSION: 10.43 CVE: CVE-2019-20454 CVE STATUS: Patched CVE SUMMARY: An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-20454 LAYER: meta PACKAGE NAME: libpcre2 PACKAGE VERSION: 10.43 CVE: CVE-2022-1586 CVE STATUS: Patched CVE SUMMARY: An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1586 LAYER: meta PACKAGE NAME: libpcre2 PACKAGE VERSION: 10.43 CVE: CVE-2022-1587 CVE STATUS: Patched CVE SUMMARY: An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1587 LAYER: meta PACKAGE NAME: libpcre2 PACKAGE VERSION: 10.43 CVE: CVE-2022-41409 CVE STATUS: Patched CVE SUMMARY: Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-41409 LAYER: meta PACKAGE NAME: dosfstools PACKAGE VERSION: 4.2 CVE: CVE-2015-8872 CVE STATUS: Patched CVE SUMMARY: The set_fat function in fat.c in dosfstools before 4.0 might allow attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of clusters to the third to last entry on a FAT12 filesystem, which triggers an "off-by-two error." CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.2 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8872 LAYER: meta PACKAGE NAME: dosfstools PACKAGE VERSION: 4.2 CVE: CVE-2016-4804 CVE STATUS: Patched CVE SUMMARY: The read_boot function in boot.c in dosfstools before 4.0 allows attackers to cause a denial of service (crash) via a crafted filesystem, which triggers a heap-based buffer overflow in the (1) read_fat function or an out-of-bounds heap read in (2) get_fat function. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.2 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4804 LAYER: meta-oe PACKAGE NAME: graphviz PACKAGE VERSION: 8.1.0 CVE: CVE-2005-4803 CVE STATUS: Patched CVE SUMMARY: graphviz before 2.2.1 allows local users to overwrite arbitrary files via a symlink attack on temporary files. NOTE: this issue was originally associated with a different CVE identifier, CVE-2005-2965, which had been used for multiple different issues. This is the correct identifier. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-4803 LAYER: meta-oe PACKAGE NAME: graphviz PACKAGE VERSION: 8.1.0 CVE: CVE-2008-4555 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the push_subg function in parser.y (lib/graph/parser.c) in Graphviz 2.20.2, and possibly earlier versions, allows user-assisted remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a DOT file with a large number of Agraph_t elements. CVSS v2 BASE SCORE: 8.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:S/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-4555 LAYER: meta-oe PACKAGE NAME: graphviz PACKAGE VERSION: 8.1.0 CVE: CVE-2014-0978 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via a long line in a dot file. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0978 LAYER: meta-oe PACKAGE NAME: graphviz PACKAGE VERSION: 8.1.0 CVE: CVE-2014-1235 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the "yyerror" function in Graphviz 2.34.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-0978. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-1235 LAYER: meta-oe PACKAGE NAME: graphviz PACKAGE VERSION: 8.1.0 CVE: CVE-2014-1236 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the chkNum function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via vectors related to a "badly formed number" and a "long digit list." CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-1236 LAYER: meta-oe PACKAGE NAME: graphviz PACKAGE VERSION: 8.1.0 CVE: CVE-2014-9157 CVE STATUS: Patched CVE SUMMARY: Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9157 LAYER: meta-oe PACKAGE NAME: graphviz PACKAGE VERSION: 8.1.0 CVE: CVE-2018-10196 CVE STATUS: Patched CVE SUMMARY: NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application crash) via a crafted file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-10196 LAYER: meta-oe PACKAGE NAME: graphviz PACKAGE VERSION: 8.1.0 CVE: CVE-2019-11023 CVE STATUS: Patched CVE SUMMARY: The agroot() function in cgraph\obj.c in libcgraph.a in Graphviz 2.39.20160612.1140 has a NULL pointer dereference, as demonstrated by graphml2gv. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-11023 LAYER: meta-oe PACKAGE NAME: graphviz PACKAGE VERSION: 8.1.0 CVE: CVE-2019-9904 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphviz 2.40.1. Stack consumption occurs because of recursive agclose calls in lib\cgraph\graph.c in libcgraph.a, related to agfstsubg in lib\cgraph\subg.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9904 LAYER: meta-oe PACKAGE NAME: graphviz PACKAGE VERSION: 8.1.0 CVE: CVE-2020-18032 CVE STATUS: Patched CVE SUMMARY: Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by loading a crafted file into the "lib/common/shapes.c" component. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-18032 LAYER: meta-oe PACKAGE NAME: graphviz PACKAGE VERSION: 8.1.0 CVE: CVE-2023-46045 CVE STATUS: Patched CVE SUMMARY: Graphviz 2.36.0 through 9.x before 10.0.1 has an out-of-bounds read via a crafted config6a file. NOTE: exploitability may be uncommon because this file is typically owned by root. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-46045 LAYER: meta PACKAGE NAME: gcc PACKAGE VERSION: 13.3.0 CVE: CVE-1999-1439 CVE STATUS: Patched CVE SUMMARY: gcc 2.7.2 allows local users to overwrite arbitrary files via a symlink attack on temporary .i, .s, or .o files. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-1999-1439 LAYER: meta PACKAGE NAME: gcc PACKAGE VERSION: 13.3.0 CVE: CVE-2000-1219 CVE STATUS: Patched CVE SUMMARY: The -ftrapv compiler option in gcc and g++ 3.3.3 and earlier does not handle all types of integer overflows, which may leave applications vulnerable to vulnerabilities related to overflows. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2000-1219 LAYER: meta PACKAGE NAME: gcc PACKAGE VERSION: 13.3.0 CVE: CVE-2002-2439 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the new[] operator in gcc before 4.8.0 allows attackers to have unspecified impacts. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-2439 LAYER: meta PACKAGE NAME: gcc PACKAGE VERSION: 13.3.0 CVE: CVE-2006-1902 CVE STATUS: Patched CVE SUMMARY: fold_binary in fold-const.c in GNU Compiler Collection (gcc) 4.1 improperly handles pointer overflow when folding a certain expr comparison to a corresponding offset comparison in cases other than EQ_EXPR and NE_EXPR, which might introduce buffer overflow vulnerabilities into applications that could be exploited by context-dependent attackers.NOTE: the vendor states that the essence of the issue is "not correctly interpreting an offset to a pointer as a signed value." CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-1902 LAYER: meta PACKAGE NAME: gcc PACKAGE VERSION: 13.3.0 CVE: CVE-2008-1367 CVE STATUS: Patched CVE SUMMARY: gcc 4.3.x does not generate a cld instruction while compiling functions used for string manipulation such as memcpy and memmove on x86 and i386, which can prevent the direction flag (DF) from being reset in violation of ABI conventions and cause data to be copied in the wrong direction during signal handling in the Linux kernel, which might allow context-dependent attackers to trigger memory corruption. NOTE: this issue was originally reported for CPU consumption in SBCL. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1367 LAYER: meta PACKAGE NAME: gcc PACKAGE VERSION: 13.3.0 CVE: CVE-2008-1685 CVE STATUS: Patched CVE SUMMARY: gcc 4.2.0 through 4.3.0 in GNU Compiler Collection, when casts are not used, considers the sum of a pointer and an int to be greater than or equal to the pointer, which might lead to removal of length testing code that was intended as a protection mechanism against integer overflow and buffer overflow attacks, and provide no diagnostic message about this removal. NOTE: the vendor has determined that this compiler behavior is correct according to section 6.5.6 of the C99 standard (aka ISO/IEC 9899:1999) CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1685 LAYER: meta PACKAGE NAME: gcc PACKAGE VERSION: 13.3.0 CVE: CVE-2013-4598 CVE STATUS: Patched CVE SUMMARY: The Groups, Communities and Co (GCC) module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permission, which allows remote attackers to access the configuration pages via unspecified vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4598 LAYER: meta PACKAGE NAME: gcc PACKAGE VERSION: 13.3.0 CVE: CVE-2015-5276 CVE STATUS: Patched CVE SUMMARY: The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5276 LAYER: meta PACKAGE NAME: gcc PACKAGE VERSION: 13.3.0 CVE: CVE-2017-11671 CVE STATUS: Patched CVE SUMMARY: Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 4.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11671 LAYER: meta PACKAGE NAME: gcc PACKAGE VERSION: 13.3.0 CVE: CVE-2018-12886 CVE STATUS: Patched CVE SUMMARY: stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-12886 LAYER: meta PACKAGE NAME: gcc PACKAGE VERSION: 13.3.0 CVE: CVE-2019-15847 CVE STATUS: Patched CVE SUMMARY: The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-15847 LAYER: meta PACKAGE NAME: gcc PACKAGE VERSION: 13.3.0 CVE: CVE-2021-37322 CVE STATUS: Ignored CVE DETAIL: cpe-incorrect CVE DESCRIPTION: Is a binutils 2.26 issue, not gcc CVE SUMMARY: GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via the component cplus-dem.c. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-37322 LAYER: meta PACKAGE NAME: gcc PACKAGE VERSION: 13.3.0 CVE: CVE-2021-3826 CVE STATUS: Patched CVE SUMMARY: Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3826 LAYER: meta PACKAGE NAME: gcc PACKAGE VERSION: 13.3.0 CVE: CVE-2021-46195 CVE STATUS: Patched CVE SUMMARY: GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-46195 LAYER: meta PACKAGE NAME: gcc PACKAGE VERSION: 13.3.0 CVE: CVE-2022-27943 CVE STATUS: Patched CVE SUMMARY: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-27943 LAYER: meta PACKAGE NAME: gcc PACKAGE VERSION: 13.3.0 CVE: CVE-2023-4039 CVE STATUS: Patched CVE DETAIL: fixed-version CVE DESCRIPTION: Fixed via CVE-2023-4039.patch included here. Set the status explictly to deal with all recipes that share the gcc-source CVE SUMMARY: **DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables. The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4039 LAYER: meta PACKAGE NAME: libksba PACKAGE VERSION: 1.6.6 CVE: CVE-2014-9087 CVE STATUS: Patched CVE SUMMARY: Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer overflow. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9087 LAYER: meta PACKAGE NAME: libksba PACKAGE VERSION: 1.6.6 CVE: CVE-2016-4353 CVE STATUS: Patched CVE SUMMARY: ber-decoder.c in Libksba before 1.3.3 does not properly handle decoder stack overflows, which allows remote attackers to cause a denial of service (abort) via crafted BER data. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4353 LAYER: meta PACKAGE NAME: libksba PACKAGE VERSION: 1.6.6 CVE: CVE-2016-4354 CVE STATUS: Patched CVE SUMMARY: ber-decoder.c in Libksba before 1.3.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4354 LAYER: meta PACKAGE NAME: libksba PACKAGE VERSION: 1.6.6 CVE: CVE-2016-4355 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in ber-decoder.c in Libksba before 1.3.3 allow remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4355 LAYER: meta PACKAGE NAME: libksba PACKAGE VERSION: 1.6.6 CVE: CVE-2016-4356 CVE STATUS: Patched CVE SUMMARY: The append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.3 allows remote attackers to cause a denial of service (out-of-bounds read) by clearing the high bit of the byte after invalid utf-8 encoded data. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4356 LAYER: meta PACKAGE NAME: libksba PACKAGE VERSION: 1.6.6 CVE: CVE-2016-4574 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read) via invalid utf-8 encoded data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-4356. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4574 LAYER: meta PACKAGE NAME: libksba PACKAGE VERSION: 1.6.6 CVE: CVE-2016-4579 CVE STATUS: Patched CVE SUMMARY: Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via unspecified vectors, related to the "returned length of the object from _ksba_ber_parse_tl." CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4579 LAYER: meta PACKAGE NAME: libksba PACKAGE VERSION: 1.6.6 CVE: CVE-2022-3515 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3515 LAYER: meta PACKAGE NAME: libksba PACKAGE VERSION: 1.6.6 CVE: CVE-2022-47629 CVE STATUS: Patched CVE SUMMARY: Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-47629 LAYER: meta PACKAGE NAME: grep PACKAGE VERSION: 3.11 CVE: CVE-2012-5667 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execute arbitrary code via vectors involving a long input line that triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-5667 LAYER: meta PACKAGE NAME: grep PACKAGE VERSION: 3.11 CVE: CVE-2015-1345 CVE STATUS: Patched CVE SUMMARY: The bmexec_trans function in kwset.c in grep 2.19 through 2.21 allows local users to cause a denial of service (out-of-bounds heap read and crash) via crafted input when using the -F option. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1345 LAYER: meta-oe PACKAGE NAME: iperf3 PACKAGE VERSION: 3.16 CVE: CVE-2016-4303 CVE STATUS: Patched CVE SUMMARY: The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4303 LAYER: meta-oe PACKAGE NAME: iperf3 PACKAGE VERSION: 3.16 CVE: CVE-2023-38403 CVE STATUS: Patched CVE SUMMARY: iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-38403 LAYER: meta-oe PACKAGE NAME: iperf3 PACKAGE VERSION: 3.16 CVE: CVE-2023-7250 CVE STATUS: Patched CVE SUMMARY: A flaw was found in iperf, a utility for testing network performance using TCP, UDP, and SCTP. A malicious or malfunctioning client can send less than the expected amount of data to the iperf server, which can cause the server to hang indefinitely waiting for the remainder or until the connection gets closed. This will prevent other connections to the server, leading to a denial of service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-7250 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.78.6 CVE: CVE-2008-4316 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in glib/gbase64.c in GLib before 2.20 allow context-dependent attackers to execute arbitrary code via a long string that is converted either (1) from or (2) to a base64 representation. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-4316 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.78.6 CVE: CVE-2009-3289 CVE STATUS: Patched CVE SUMMARY: The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link (777), which allows user-assisted local users to modify files of other users, as demonstrated by using Nautilus to modify the permissions of the user home directory. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-3289 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.78.6 CVE: CVE-2012-0039 CVE STATUS: Patched CVE SUMMARY: GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this issue may be disputed by the vendor; the existence of the g_str_hash function is not a vulnerability in the library, because callers of g_hash_table_new and g_hash_table_new_full can specify an arbitrary hash function that is appropriate for the application. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0039 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.78.6 CVE: CVE-2018-16428 CVE STATUS: Patched CVE SUMMARY: In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16428 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.78.6 CVE: CVE-2018-16429 CVE STATUS: Patched CVE SUMMARY: GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str(). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16429 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.78.6 CVE: CVE-2019-12450 CVE STATUS: Patched CVE SUMMARY: file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-12450 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.78.6 CVE: CVE-2019-13012 CVE STATUS: Patched CVE SUMMARY: The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL). Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories, 0777 permissions are used; for files, default file permissions are used. This is similar to CVE-2019-12450. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-13012 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.78.6 CVE: CVE-2019-9633 CVE STATUS: Patched CVE SUMMARY: gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent GTask remains alive during the execution of a connection-attempting enumeration, which allows remote attackers to cause a denial of service (g_socket_client_connected_callback mishandling and application crash) via a crafted web site, as demonstrated by GNOME Web (aka Epiphany). CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9633 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.78.6 CVE: CVE-2020-35457 CVE STATUS: Patched CVE SUMMARY: GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in g_option_group_add_entries. NOTE: the vendor's position is "Realistically this is not a security issue. The standard pattern is for callers to provide a static list of option entries in a fixed number of calls to g_option_group_add_entries()." The researcher states that this pattern is undocumented CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-35457 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.78.6 CVE: CVE-2020-6750 CVE STATUS: Patched CVE SUMMARY: GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxy_addr field is mishandled. This bug is timing-dependent and may occur only sporadically depending on network delays. The greatest security relevance is in use cases where a proxy is used to help with privacy/anonymity, even though there is no technical barrier to a direct connection. NOTE: versions before 2.60 are unaffected. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-6750 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.78.6 CVE: CVE-2021-27218 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-27218 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.78.6 CVE: CVE-2021-27219 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-27219 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.78.6 CVE: CVE-2021-28153 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.) CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-28153 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.78.6 CVE: CVE-2021-3800 CVE STATUS: Patched CVE SUMMARY: A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3800 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.78.6 CVE: CVE-2023-29499 CVE STATUS: Patched CVE SUMMARY: A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-29499 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.78.6 CVE: CVE-2023-32611 CVE STATUS: Patched CVE SUMMARY: A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-32611 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.78.6 CVE: CVE-2023-32636 CVE STATUS: Patched CVE SUMMARY: A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.7 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-32636 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.78.6 CVE: CVE-2023-32643 CVE STATUS: Patched CVE SUMMARY: A flaw was found in GLib. The GVariant deserialization code is vulnerable to a heap buffer overflow introduced by the fix for CVE-2023-32665. This bug does not affect any released version of GLib, but does affect GLib distributors who followed the guidance of GLib developers to backport the initial fix for CVE-2023-32665. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-32643 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.78.6 CVE: CVE-2023-32665 CVE STATUS: Patched CVE SUMMARY: A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-32665 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.78.6 CVE: CVE-2024-52533 CVE STATUS: Patched CVE SUMMARY: gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-52533 LAYER: meta PACKAGE NAME: libxfixes PACKAGE VERSION: 1_6.0.1 CVE: CVE-2013-1983 CVE STATUS: Patched CVE SUMMARY: Integer overflow in X.org libXfixes 5.0 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XFixesGetCursorImage function. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1983 LAYER: meta PACKAGE NAME: libxfixes PACKAGE VERSION: 1_6.0.1 CVE: CVE-2016-7944 CVE STATUS: Patched CVE SUMMARY: Integer overflow in X.org libXfixes before 5.0.3 on 32-bit platforms might allow remote X servers to gain privileges via a length value of INT_MAX, which triggers the client to stop reading data and get out of sync. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7944 LAYER: meta PACKAGE NAME: libseccomp PACKAGE VERSION: 2.5.5 CVE: CVE-2019-9893 CVE STATUS: Patched CVE SUMMARY: libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators (LT, GT, LE, GE), which might able to lead to bypassing seccomp filters and potential privilege escalations. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9893 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2000-0973 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in curl earlier than 6.0-1.1, and curl-ssl earlier than 6.0-1.2, allows remote attackers to execute arbitrary commands by forcing a long error message to be generated. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2000-0973 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2003-1605 CVE STATUS: Patched CVE SUMMARY: curl 7.x before 7.10.7 sends CONNECT proxy credentials to the remote server. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-1605 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2005-0490 CVE STATUS: Patched CVE SUMMARY: Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded, which is not properly handled by (1) the Curl_input_ntlm function in http_ntlm.c during NTLM authentication or (2) the Curl_krb_kauth and krb4_auth functions in krb4.c during Kerberos authentication. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-0490 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2005-3185 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the ntlm_output function in http-ntlm.c for (1) wget 1.10, (2) curl 7.13.2, and (3) libcurl 7.13.2, and other products that use libcurl, when NTLM authentication is enabled, allows remote servers to execute arbitrary code via a long NTLM username. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-3185 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2005-4077 CVE STATUS: Patched CVE SUMMARY: Multiple off-by-one errors in the cURL library (libcurl) 7.11.2 through 7.15.0 allow local users to trigger a buffer overflow and cause a denial of service or bypass PHP security restrictions via certain URLs that (1) are malformed in a way that prevents a terminating null byte from being added to either a hostname or path buffer, or (2) contain a "?" separator in the hostname portion, which causes a "/" to be prepended to the resulting string. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-4077 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2006-1061 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in cURL and libcURL 7.15.0 through 7.15.2 allows remote attackers to execute arbitrary commands via a TFTP URL (tftp://) with a valid hostname and a long path. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-1061 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2007-3564 CVE STATUS: Patched CVE SUMMARY: libcurl 7.14.0 through 7.16.3, when built with GnuTLS support, does not check SSL/TLS certificate expiration or activation dates, which allows remote attackers to bypass certain access restrictions. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-3564 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2009-0037 CVE STATUS: Patched CVE SUMMARY: The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-0037 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2009-2417 CVE STATUS: Patched CVE SUMMARY: lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-2417 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2010-0734 CVE STATUS: Patched CVE SUMMARY: content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-0734 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2010-3842 CVE STATUS: Patched CVE SUMMARY: Absolute path traversal vulnerability in curl 7.20.0 through 7.21.1, when the --remote-header-name or -J option is used, allows remote servers to create or overwrite arbitrary files by using \ (backslash) as a separator of path components within the Content-disposition HTTP header. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-3842 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2011-2192 CVE STATUS: Patched CVE SUMMARY: The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-2192 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2011-3389 CVE STATUS: Patched CVE SUMMARY: The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3389 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2012-0036 CVE STATUS: Patched CVE SUMMARY: curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3) SMTP protocol. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0036 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2013-0249 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the Curl_sasl_create_digest_md5_message function in lib/curl_sasl.c in curl and libcurl 7.26.0 through 7.28.1, when negotiating SASL DIGEST-MD5 authentication, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the realm parameter in a (1) POP3, (2) SMTP or (3) IMAP message. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0249 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2013-1944 CVE STATUS: Patched CVE SUMMARY: The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1944 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2013-2174 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a "%" (percent) character. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2174 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2013-4545 CVE STATUS: Patched CVE SUMMARY: cURL and libcurl 7.18.0 through 7.32.0, when built with OpenSSL, disables the certificate CN and SAN name field verification (CURLOPT_SSL_VERIFYHOST) when the digital signature verification (CURLOPT_SSL_VERIFYPEER) is disabled, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4545 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2013-6422 CVE STATUS: Patched CVE SUMMARY: The GnuTLS backend in libcurl 7.21.4 through 7.33.0, when disabling digital signature verification (CURLOPT_SSL_VERIFYPEER), also disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle (MITM) attacks. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-6422 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2014-0015 CVE STATUS: Patched CVE SUMMARY: cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0015 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2014-0138 CVE STATUS: Patched CVE SUMMARY: The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0138 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2014-0139 CVE STATUS: Patched CVE SUMMARY: cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0139 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2014-2522 CVE STATUS: Patched CVE SUMMARY: curl and libcurl 7.27.0 through 7.35.0, when running on Windows and using the SChannel/Winssl TLS backend, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when accessing a URL that uses a numerical IP address, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2522 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2014-3613 CVE STATUS: Patched CVE SUMMARY: cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site at 127.168.0.1. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3613 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2014-3620 CVE STATUS: Patched CVE SUMMARY: cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3620 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2014-3707 CVE STATUS: Patched CVE SUMMARY: The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3707 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2014-8150 CVE STATUS: Patched CVE SUMMARY: CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8150 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2014-8151 CVE STATUS: Patched CVE SUMMARY: The darwinssl_connect_step1 function in lib/vtls/curl_darwinssl.c in libcurl 7.31.0 through 7.39.0, when using the DarwinSSL (aka SecureTransport) back-end for TLS, does not check if a cached TLS session validated the certificate when reusing the session, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8151 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2015-3143 CVE STATUS: Patched CVE SUMMARY: cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3143 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2015-3144 CVE STATUS: Patched CVE SUMMARY: The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via a zero-length host name, as demonstrated by "http://:80" and ":80." CVSS v2 BASE SCORE: 9.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3144 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2015-3145 CVE STATUS: Patched CVE SUMMARY: The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3145 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2015-3148 CVE STATUS: Patched CVE SUMMARY: cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3148 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2015-3153 CVE STATUS: Patched CVE SUMMARY: The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3153 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2015-3236 CVE STATUS: Patched CVE SUMMARY: cURL and libcurl 7.40.0 through 7.42.1 send the HTTP Basic authentication credentials for a previous connection when reusing a reset (curl_easy_reset) connection handle to send a request to the same host name, which allows remote attackers to obtain sensitive information via unspecified vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3236 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2015-3237 CVE STATUS: Patched CVE SUMMARY: The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3237 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2016-0754 CVE STATUS: Patched CVE SUMMARY: cURL before 7.47.0 on Windows allows attackers to write to arbitrary files in the current working directory on a different drive via a colon in a remote file name. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-0754 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2016-0755 CVE STATUS: Patched CVE SUMMARY: The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-0755 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2016-3739 CVE STATUS: Patched CVE SUMMARY: The (1) mbed_connect_step1 function in lib/vtls/mbedtls.c and (2) polarssl_connect_step1 function in lib/vtls/polarssl.c in cURL and libcurl before 7.49.0, when using SSLv3 or making a TLS connection to a URL that uses a numerical IP address, allow remote attackers to spoof servers via an arbitrary valid certificate. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3739 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2016-4606 CVE STATUS: Patched CVE SUMMARY: Curl before 7.49.1 in Apple OS X before macOS Sierra prior to 10.12 allows remote or local attackers to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4606 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2016-4802 CVE STATUS: Patched CVE SUMMARY: Multiple untrusted search path vulnerabilities in cURL and libcurl before 7.49.1, when built with SSPI or telnet is enabled, allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) security.dll, (2) secur32.dll, or (3) ws2_32.dll in the application or current working directory. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4802 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2016-5419 CVE STATUS: Patched CVE SUMMARY: curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5419 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2016-5420 CVE STATUS: Patched CVE SUMMARY: curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5420 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2016-5421 CVE STATUS: Patched CVE SUMMARY: Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5421 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2016-7141 CVE STATUS: Patched CVE SUMMARY: curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7141 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2016-7167 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7167 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2016-8615 CVE STATUS: Patched CVE SUMMARY: A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-8615 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2016-8616 CVE STATUS: Patched CVE SUMMARY: A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 3.7 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-8616 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2016-8617 CVE STATUS: Patched CVE SUMMARY: The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 3.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-8617 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2016-8618 CVE STATUS: Patched CVE SUMMARY: The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-8618 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2016-8619 CVE STATUS: Patched CVE SUMMARY: The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-8619 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2016-8620 CVE STATUS: Patched CVE SUMMARY: The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-8620 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2016-8621 CVE STATUS: Patched CVE SUMMARY: The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-8621 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2016-8622 CVE STATUS: Patched CVE SUMMARY: The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get either just truncated or both truncated and turned negative. That could then lead to libcurl writing outside of its heap based buffer. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 3.7 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-8622 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2016-8623 CVE STATUS: Patched CVE SUMMARY: A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 3.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-8623 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2016-8624 CVE STATUS: Patched CVE SUMMARY: curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC to check for allowed domains before using curl to request them. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-8624 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2016-8625 CVE STATUS: Patched CVE SUMMARY: curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-8625 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2016-9586 CVE STATUS: Patched CVE SUMMARY: curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9586 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2016-9594 CVE STATUS: Patched CVE SUMMARY: curl before version 7.52.1 is vulnerable to an uninitialized random in libcurl's internal function that returns a good 32bit random value. Having a weak or virtually non-existent random value makes the operations that use it vulnerable. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9594 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2016-9952 CVE STATUS: Patched CVE SUMMARY: The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted wildcard SAN in a server certificate, as demonstrated by "*.com." CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9952 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2016-9953 CVE STATUS: Patched CVE SUMMARY: The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly have unspecified other impact via a wildcard certificate name, which triggers an out-of-bounds read. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9953 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2017-1000099 CVE STATUS: Patched CVE SUMMARY: When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user (stdout or the application's provide callback), which could lead to other private data from the heap to get inadvertently displayed. The wrong buffer was an uninitialized memory area allocated on the heap and if it turned out to not contain any zero byte, it would continue and display the data following that buffer in memory. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-1000099 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2017-1000100 CVE STATUS: Patched CVE SUMMARY: When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-1000100 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2017-1000101 CVE STATUS: Patched CVE SUMMARY: curl supports "globbing" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a carefully crafted, or just wrongly written, URL. The URL is stored in a heap based buffer, so it could then be made to wrongly read something else instead of crashing. An example of a URL that triggers the flaw would be `http://ur%20[0-60000000000000000000`. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-1000101 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2017-1000254 CVE STATUS: Patched CVE SUMMARY: libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-1000254 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2017-1000257 CVE STATUS: Patched CVE SUMMARY: An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that (non-existing) data with a pointer and the size (zero) to the deliver-data function. libcurl's deliver-data function treats zero as a magic number and invokes strlen() on the data to figure out the length. The strlen() is called on a heap based buffer that might not be zero terminated so libcurl might read beyond the end of it into whatever memory lies after (or just crash) and then deliver that to the application as if it was actually downloaded. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-1000257 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2017-2628 CVE STATUS: Patched CVE SUMMARY: curl, as shipped in Red Hat Enterprise Linux 6 before version 7.19.7-53, did not correctly backport the fix for CVE-2015-3148 because it did not reflect the fact that the HAVE_GSSAPI define was meanwhile substituted by USE_HTTP_NEGOTIATE. This issue was introduced in RHEL 6.7 and affects RHEL 6 curl only. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-2628 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2017-2629 CVE STATUS: Patched CVE SUMMARY: curl before 7.53.0 has an incorrect TLS Certificate Status Request extension feature that asks for a fresh proof of the server's certificate's validity in the code that checks for a test success or failure. It ends up always thinking there's valid proof, even when there is none or if the server doesn't support the TLS extension in question. This could lead to users not detecting when a server's certificate goes invalid or otherwise be mislead that the server is in a better shape than it is in reality. This flaw also exists in the command line tool (--cert-status). CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 4.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-2629 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2017-7407 CVE STATUS: Patched CVE SUMMARY: The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 2.4 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7407 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2017-7468 CVE STATUS: Patched CVE SUMMARY: In curl and libcurl 7.52.0 to and including 7.53.1, libcurl would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the old identity which was established by the previous certificate (or no certificate). libcurl supports by default the use of TLS session id/ticket to resume previous TLS sessions to speed up subsequent TLS handshakes. They are used when for any reason an existing TLS connection couldn't be kept alive to make the next handshake faster. This flaw is a regression and identical to CVE-2016-5419 reported on August 3rd 2016, but affecting a different version range. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 4.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7468 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2017-8816 CVE STATUS: Patched CVE SUMMARY: The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service (integer overflow and resultant buffer overflow, and application crash) or possibly have unspecified other impact via vectors involving long user and password fields. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8816 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2017-8817 CVE STATUS: Patched CVE SUMMARY: The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8817 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2017-8818 CVE STATUS: Patched CVE SUMMARY: curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact because too little memory is allocated for interfacing to an SSL library. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8818 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2017-9502 CVE STATUS: Patched CVE SUMMARY: In curl before 7.54.1 on Windows and DOS, libcurl's default protocol function, which is the logic that allows an application to set which protocol libcurl should attempt to use when given a URL without a scheme part, had a flaw that could lead to it overwriting a heap based memory buffer with seven bytes. If the default protocol is specified to be FILE or a file: URL lacks two slashes, the given "URL" starts with a drive letter, and libcurl is built for Windows or DOS, then libcurl would copy the path 7 bytes off, so that the end of the given path would write beyond the malloc buffer (7 bytes being the length in bytes of the ascii string "file://"). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9502 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2018-0500 CVE STATUS: Patched CVE SUMMARY: Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits over SMTP with certain settings (i.e., use of a nonstandard --limit-rate argument or CURLOPT_BUFFERSIZE value). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-0500 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2018-1000005 CVE STATUS: Patched CVE SUMMARY: libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported (https://github.com/curl/curl/pull/2231) that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The problem is that the code that creates HTTP/1-like headers from the HTTP/2 trailer data once appended a string like `:` to the target buffer, while this was recently changed to `: ` (a space was added after the colon) but the following math wasn't updated correspondingly. When accessed, the data is read out of bounds and causes either a crash or that the (too large) data gets passed to client write. This could lead to a denial-of-service situation or an information disclosure if someone has a service that echoes back or uses the trailers for something. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000005 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2018-1000007 CVE STATUS: Patched CVE SUMMARY: libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the `Location:` response header value. Sending the same set of headers to subsequent hosts is in particular a problem for applications that pass on custom `Authorization:` headers, as this header often contains privacy sensitive information or data that could allow others to impersonate the libcurl-using client's request. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000007 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2018-1000120 CVE STATUS: Patched CVE SUMMARY: A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000120 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2018-1000121 CVE STATUS: Patched CVE SUMMARY: A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000121 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2018-1000122 CVE STATUS: Patched CVE SUMMARY: A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000122 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2018-1000300 CVE STATUS: Patched CVE SUMMARY: curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies.. This vulnerability appears to have been fixed in curl < 7.54.1 and curl >= 7.60.0. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000300 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2018-1000301 CVE STATUS: Patched CVE SUMMARY: curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000301 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2018-14618 CVE STATUS: Patched CVE SUMMARY: curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.) CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14618 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2018-16839 CVE STATUS: Patched CVE SUMMARY: Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 4.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16839 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2018-16840 CVE STATUS: Patched CVE SUMMARY: A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 4.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16840 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2018-16842 CVE STATUS: Patched CVE SUMMARY: Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 4.4 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16842 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2018-16890 CVE STATUS: Patched CVE SUMMARY: libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.4 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16890 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2019-3822 CVE STATUS: Patched CVE SUMMARY: libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the local buffer if very large 'nt response' data is extracted from a previous NTLMv2 header provided by the malicious or broken HTTP server. Such a 'large value' needs to be around 1000 bytes or more. The actual payload data copied to the target buffer comes from the NTLMv2 type-2 response header. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 7.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-3822 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2019-3823 CVE STATUS: Patched CVE SUMMARY: libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. The read contents will not be returned to the caller. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 4.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-3823 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2019-5435 CVE STATUS: Patched CVE SUMMARY: An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 3.7 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-5435 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2019-5436 CVE STATUS: Patched CVE SUMMARY: A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-5436 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2019-5443 CVE STATUS: Patched CVE SUMMARY: A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation. If that curl is invoked by a privileged user it can do anything it wants. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-5443 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2019-5481 CVE STATUS: Patched CVE SUMMARY: Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-5481 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2019-5482 CVE STATUS: Patched CVE SUMMARY: Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-5482 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2020-19909 CVE STATUS: Patched CVE SUMMARY: Integer overflow vulnerability in tool_operate.c in curl 7.65.2 via a large value as the retry delay. NOTE: many parties report that this has no direct security impact on the curl user; however, it may (in theory) cause a denial of service to associated systems or networks if, for example, --retry-delay is misinterpreted as a value much smaller than what was intended. This is not especially plausible because the overflow only happens if the user was trying to specify that curl should wait weeks (or longer) before trying to recover from a transient error. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 3.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-19909 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2020-8169 CVE STATUS: Patched CVE SUMMARY: curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-8169 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2020-8177 CVE STATUS: Patched CVE SUMMARY: curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-8177 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2020-8231 CVE STATUS: Patched CVE SUMMARY: Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-8231 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2020-8284 CVE STATUS: Patched CVE SUMMARY: A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 3.7 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-8284 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2020-8285 CVE STATUS: Patched CVE SUMMARY: curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-8285 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2020-8286 CVE STATUS: Patched CVE SUMMARY: curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-8286 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2021-22876 CVE STATUS: Patched CVE SUMMARY: curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-22876 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2021-22890 CVE STATUS: Patched CVE SUMMARY: curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly "short-cut" the host handshake. When confusing the tickets, a HTTPS proxy can trick libcurl to use the wrong session ticket resume for the host and thereby circumvent the server TLS certificate check and make a MITM attack to be possible to perform unnoticed. Note that such a malicious HTTPS proxy needs to provide a certificate that curl will accept for the MITMed server for an attack to work - unless curl has been told to ignore the server certificate check. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 3.7 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-22890 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2021-22897 CVE STATUS: Patched CVE SUMMARY: curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this weakens transport security significantly. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-22897 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2021-22898 CVE STATUS: Patched CVE SUMMARY: curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 3.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-22898 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2021-22901 CVE STATUS: Patched CVE SUMMARY: curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client. When libcurl at run-time sets up support for TLS 1.3 session tickets on a connection using OpenSSL, it stores pointers to the transfer in-memory object for later retrieval when a session ticket arrives. If the connection is used by multiple transfers (like with a reused HTTP/1.1 connection or multiplexed HTTP/2 connection) that first transfer object might be freed before the new session is established on that connection and then the function will access a memory buffer that might be freed. When using that memory, libcurl might even call a function pointer in the object, making it possible for a remote code execution if the server could somehow manage to get crafted memory content into the correct place in memory. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-22901 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2021-22922 CVE STATUS: Patched CVE SUMMARY: When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them. In a serial orparallel manner.If one of the servers hosting the contents has been breached and the contentsof the specific file on that server is replaced with a modified payload, curlshould detect this when the hash of the file mismatches after a completeddownload. It should remove the contents and instead try getting the contentsfrom another URL. This is not done, and instead such a hash mismatch is onlymentioned in text and the potentially malicious content is kept in the file ondisk. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-22922 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2021-22923 CVE STATUS: Patched CVE SUMMARY: When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often contrary to the user's expectations and intentions and without telling the user it happened. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-22923 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2021-22924 CVE STATUS: Patched CVE SUMMARY: libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 3.7 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-22924 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2021-22925 CVE STATUS: Patched CVE SUMMARY: curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-22925 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2021-22926 CVE STATUS: Patched CVE SUMMARY: libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the `CURLOPT_SSLCERT` option (`--cert` with the command line tool).When libcurl is built to use the macOS native TLS library Secure Transport, an application can ask for the client certificate by name or with a file name - using the same option. If the name exists as a file, it will be used instead of by name.If the appliction runs with a current working directory that is writable by other users (like `/tmp`), a malicious user can create a file name with the same name as the app wants to use by name, and thereby trick the application to use the file based cert instead of the one referred to by name making libcurl send the wrong client certificate in the TLS connection handshake. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-22926 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2021-22945 CVE STATUS: Patched CVE SUMMARY: When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 9.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-22945 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2021-22946 CVE STATUS: Patched CVE SUMMARY: A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-22946 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2021-22947 CVE STATUS: Patched CVE SUMMARY: When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker's injected data comes from the TLS-protected server. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-22947 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2022-22576 CVE STATUS: Patched CVE SUMMARY: An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only). CVSS v2 BASE SCORE: 5.5 CVSS v3 BASE SCORE: 8.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-22576 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2022-27774 CVE STATUS: Patched CVE SUMMARY: An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers. CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 5.7 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:S/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-27774 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2022-27775 CVE STATUS: Patched CVE SUMMARY: An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-27775 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2022-27776 CVE STATUS: Patched CVE SUMMARY: A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-27776 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2022-27778 CVE STATUS: Patched CVE SUMMARY: A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 8.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-27778 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2022-27779 CVE STATUS: Patched CVE SUMMARY: libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl's "cookie engine" can bebuilt with or without [Public Suffix List](https://publicsuffix.org/)awareness. If PSL support not provided, a more rudimentary check exists to atleast prevent cookies from being set on TLDs. This check was broken if thehost name in the URL uses a trailing dot.This can allow arbitrary sites to set cookies that then would get sent to adifferent and unrelated site or domain. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-27779 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2022-27780 CVE STATUS: Patched CVE SUMMARY: The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like `http://example.com%2F127.0.0.1/`, would be allowed bythe parser and get transposed into `http://example.com/127.0.0.1/`. This flawcan be used to circumvent filters, checks and more. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-27780 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2022-27781 CVE STATUS: Patched CVE SUMMARY: libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-27781 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2022-27782 CVE STATUS: Patched CVE SUMMARY: libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-27782 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2022-30115 CVE STATUS: Patched CVE SUMMARY: Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given URL used atrailing dot while not using one when it built the HSTS cache. Or the otherway around - by having the trailing dot in the HSTS cache and *not* using thetrailing dot in the URL. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 4.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-30115 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2022-32205 CVE STATUS: Patched CVE SUMMARY: A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven't expired. Due to cookie matching rules, a server on `foo.example.com` can set cookies that also would match for `bar.example.com`, making it it possible for a "sister server" to effectively cause a denial of service for a sibling site on the same second level domain using this method. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 4.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-32205 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2022-32206 CVE STATUS: Patched CVE SUMMARY: curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-32206 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2022-32207 CVE STATUS: Patched CVE SUMMARY: When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-32207 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2022-32208 CVE STATUS: Patched CVE SUMMARY: When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-32208 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2022-32221 CVE STATUS: Patched CVE SUMMARY: When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-32221 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2022-35252 CVE STATUS: Patched CVE SUMMARY: When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 3.7 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-35252 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2022-35260 CVE STATUS: Patched CVE SUMMARY: curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based buffer, and if the readworks, write a zero byte beyond its boundary.This will in most cases cause a segfault or similar, but circumstances might also cause different outcomes.If a malicious user can provide a custom netrc file to an application or otherwise affect its contents, this flaw could be used as denial-of-service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-35260 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2022-42915 CVE STATUS: Patched CVE SUMMARY: curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request (HTTP proxies often only allow outgoing connections to specific port numbers, like 443 for HTTPS) and instead return a non-200 status code to the client. Due to flaws in the error/cleanup handling, this could trigger a double free in curl if one of the following schemes were used in the URL for the transfer: dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, or telnet. The earliest affected version is 7.77.0. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-42915 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2022-42916 CVE STATUS: Patched CVE SUMMARY: In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion, e.g., using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop of U+002E (.). The earliest affected version is 7.77.0 2021-05-26. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-42916 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2022-43551 CVE STATUS: Patched CVE SUMMARY: A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypassed if the host name in the given URL first uses IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. Like using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop (U+002E) `.`. Then in a subsequent request, it does not detect the HSTS state and makes a clear text transfer. Because it would store the info IDN encoded but look for it IDN decoded. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-43551 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2022-43552 CVE STATUS: Patched CVE SUMMARY: A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-43552 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2023-23914 CVE STATUS: Patched CVE SUMMARY: A cleartext transmission of sensitive information vulnerability exists in curl ::set and hb_set_copy). CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-45931 LAYER: meta PACKAGE NAME: harfbuzz PACKAGE VERSION: 8.3.0 CVE: CVE-2022-33068 CVE STATUS: Patched CVE SUMMARY: An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS) via unspecified vectors. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-33068 LAYER: meta PACKAGE NAME: harfbuzz PACKAGE VERSION: 8.3.0 CVE: CVE-2023-25193 CVE STATUS: Patched CVE SUMMARY: hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-25193 LAYER: meta PACKAGE NAME: libxtst PACKAGE VERSION: 1_1.2.4 CVE: CVE-2013-2063 CVE STATUS: Patched CVE SUMMARY: Integer overflow in X.org libXtst 1.2.1 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XRecordGetContext function. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2063 LAYER: meta PACKAGE NAME: libxtst PACKAGE VERSION: 1_1.2.4 CVE: CVE-2016-7951 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in X.org libXtst before 1.2.3 allow remote X servers to trigger out-of-bounds memory access operations by leveraging the lack of range checks. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7951 LAYER: meta PACKAGE NAME: libxtst PACKAGE VERSION: 1_1.2.4 CVE: CVE-2016-7952 CVE STATUS: Patched CVE SUMMARY: X.org libXtst before 1.2.3 allows remote X servers to cause a denial of service (infinite loop) via a reply in the (1) XRecordStartOfData, (2) XRecordEndOfData, or (3) XRecordClientDied category without a client sequence and with attached data. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7952 LAYER: meta PACKAGE NAME: base-files PACKAGE VERSION: 3.0.14 CVE: CVE-2018-6557 CVE STATUS: Patched CVE SUMMARY: The MOTD update script in the base-files package in Ubuntu 18.04 LTS before 10.1ubuntu2.2, and Ubuntu 18.10 before 10.1ubuntu6 incorrectly handled temporary files. A local attacker could use this issue to cause a denial of service, or possibly escalate privileges if kernel symlink restrictions were disabled. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 7.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-6557 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2010-3315 CVE STATUS: Patched CVE SUMMARY: authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands. CVSS v2 BASE SCORE: 6.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-3315 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2010-4539 CVE STATUS: Patched CVE SUMMARY: The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-4539 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2010-4644 CVE STATUS: Patched CVE SUMMARY: Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command. CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-4644 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2011-0715 CVE STATUS: Patched CVE SUMMARY: The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-0715 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2011-1752 CVE STATUS: Patched CVE SUMMARY: The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1752 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2011-1783 CVE STATUS: Patched CVE SUMMARY: The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1783 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2011-1921 CVE STATUS: Patched CVE SUMMARY: The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1921 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2013-1845 CVE STATUS: Patched CVE SUMMARY: The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1845 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2013-1846 CVE STATUS: Patched CVE SUMMARY: The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1846 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2013-1847 CVE STATUS: Patched CVE SUMMARY: The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1847 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2013-1849 CVE STATUS: Patched CVE SUMMARY: The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1849 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2013-1884 CVE STATUS: Patched CVE SUMMARY: The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1884 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2013-1968 CVE STATUS: Patched CVE SUMMARY: Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository corruption) via a newline character in a file name. CVSS v2 BASE SCORE: 5.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1968 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2013-2088 CVE STATUS: Patched CVE SUMMARY: contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:S/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2088 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2013-2112 CVE STATUS: Patched CVE SUMMARY: The svnserve server in Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote attackers to cause a denial of service (exit) by aborting a connection. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2112 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2013-4131 CVE STATUS: Patched CVE SUMMARY: The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4131 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2013-4246 CVE STATUS: Patched CVE SUMMARY: libsvn_fs_fs/fs_fs.c in Apache Subversion 1.8.x before 1.8.2 might allow remote authenticated users with commit access to corrupt FSFS repositories and cause a denial of service or obtain sensitive information by editing packed revision properties. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4246 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2013-4262 CVE STATUS: Patched CVE SUMMARY: svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option and running in foreground mode, allows local users to gain privileges via a symlink attack on the pid file. NOTE: this issue was SPLIT due to different affected versions (ADT3). The irkerbridge.py issue is covered by CVE-2013-7393. CVSS v2 BASE SCORE: 2.4 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:S/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4262 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2013-4277 CVE STATUS: Patched CVE SUMMARY: Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by the --pid-file option. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4277 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2013-4505 CVE STATUS: Patched CVE SUMMARY: The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a denial of service (resource consumption) via a relative URL in a REPORT request. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4505 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2013-4558 CVE STATUS: Patched CVE SUMMARY: The get_parent_resource function in repos.c in mod_dav_svn Apache HTTPD server module in Subversion 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4, when built with assertions enabled and SVNAutoversioning is enabled, allows remote attackers to cause a denial of service (assertion failure and Apache process abort) via a non-canonical URL in a request, as demonstrated using a trailing /. CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4558 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2013-7393 CVE STATUS: Patched CVE SUMMARY: The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py or (2) irkerbridge.py when the --pidfile option is used. NOTE: this issue was SPLIT from CVE-2013-4262 based on different affected versions (ADT3). CVSS v2 BASE SCORE: 2.4 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:S/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-7393 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2014-0032 CVE STATUS: Patched CVE SUMMARY: The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service (crash) via vectors related to the server root and request methods other than GET, as demonstrated by the "svn ls http://svn.example.com" command. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0032 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2014-3504 CVE STATUS: Patched CVE SUMMARY: The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3504 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2014-3522 CVE STATUS: Patched CVE SUMMARY: The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3522 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2014-3528 CVE STATUS: Patched CVE SUMMARY: Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3528 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2014-3580 CVE STATUS: Patched CVE SUMMARY: The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3580 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2014-8108 CVE STATUS: Patched CVE SUMMARY: The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request for a URI that triggers a lookup for a virtual transaction name that does not exist. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8108 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2015-0202 CVE STATUS: Patched CVE SUMMARY: The mod_dav_svn server in Subversion 1.8.0 through 1.8.11 allows remote attackers to cause a denial of service (memory consumption) via a large number of REPORT requests, which trigger the traversal of FSFS repository nodes. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0202 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2015-0248 CVE STATUS: Patched CVE SUMMARY: The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted parameter combinations related to dynamically evaluated revision numbers. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0248 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2015-0251 CVE STATUS: Patched CVE SUMMARY: The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0251 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2015-3184 CVE STATUS: Patched CVE SUMMARY: mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3184 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2015-3187 CVE STATUS: Patched CVE SUMMARY: The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3187 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2015-5259 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the read_string function in libsvn_ra_svn/marshal.c in Apache Subversion 1.9.x before 1.9.3 allows remote attackers to execute arbitrary code via an svn:// protocol string, which triggers a heap-based buffer overflow and an out-of-bounds read. CVSS v2 BASE SCORE: 9.0 CVSS v3 BASE SCORE: 8.6 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5259 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2015-5343 CVE STATUS: Patched CVE SUMMARY: Integer overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x before 1.9.3 allows remote authenticated users to cause a denial of service (subversion server crash or memory consumption) and possibly execute arbitrary code via a skel-encoded request body, which triggers an out-of-bounds read and heap-based buffer overflow. CVSS v2 BASE SCORE: 8.0 CVSS v3 BASE SCORE: 7.6 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5343 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2016-2167 CVE STATUS: Patched CVE SUMMARY: The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 6.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:S/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2167 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2016-2168 CVE STATUS: Patched CVE SUMMARY: The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2168 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2016-8734 CVE STATUS: Patched CVE SUMMARY: Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack can cause the targeted process to consume an excessive amount of CPU resources or memory. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-8734 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2017-9800 CVE STATUS: Patched CVE SUMMARY: A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server's repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9800 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2018-11782 CVE STATUS: Patched CVE SUMMARY: In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer. This can lead to disruption for users of the server. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11782 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2018-11803 CVE STATUS: Patched CVE SUMMARY: Subversion's mod_dav_svn Apache HTTPD module versions 1.11.0 and 1.10.0 to 1.10.3 will crash after dereferencing an uninitialized pointer if the client omits the root path in a recursive directory listing operation. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11803 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2019-0203 CVE STATUS: Patched CVE SUMMARY: In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a client sends certain sequences of protocol commands. This can lead to disruption for users of the server. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-0203 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2020-17525 CVE STATUS: Patched CVE SUMMARY: Subversion's mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in mod_dav_svn+mod_authz_svn servers 1.14.1 and mod_dav_svn+mod_authz_svn servers 1.10.7 CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-17525 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2021-28544 CVE STATUS: Patched CVE SUMMARY: Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable. CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 4.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:S/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-28544 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2022-24070 CVE STATUS: Patched CVE SUMMARY: Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-24070 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2024-45720 CVE STATUS: Ignored CVE DETAIL: not-applicable-platform CVE DESCRIPTION: Issue only applies on Windows CVE SUMMARY: On Windows platforms, a "best fit" character encoding conversion of command line arguments to Subversion's executables (e.g., svn.exe, etc.) may lead to unexpected command line argument interpretation, including argument injection and execution of other programs, if a specially crafted command line argument string is processed. All versions of Subversion up to and including Subversion 1.14.3 are affected on Windows platforms only. Users are recommended to upgrade to version Subversion 1.14.4, which fixes this issue. Subversion is not affected on UNIX-like platforms. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.2 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-45720 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2024-46901 CVE STATUS: Patched CVE SUMMARY: Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod_dav_svn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository. All versions of Subversion up to and including Subversion 1.14.4 are affected if serving repositories via mod_dav_svn. Users are recommended to upgrade to version 1.14.5, which fixes this issue. Repositories served via other access methods are not affected. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 3.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-46901 LAYER: meta PACKAGE NAME: libsoup PACKAGE VERSION: 3.4.4 CVE: CVE-2006-5876 CVE STATUS: Patched CVE SUMMARY: The soup_headers_parse function in soup-headers.c for libsoup HTTP library before 2.2.99 allows remote attackers to cause a denial of service (crash) via malformed HTTP headers, probably involving missing fields or values. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-5876 LAYER: meta PACKAGE NAME: libsoup PACKAGE VERSION: 3.4.4 CVE: CVE-2009-0585 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the soup_base64_encode function in soup-misc.c in libsoup 2.x.x before 2.2.x, and 2.x before 2.24, allows context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-0585 LAYER: meta PACKAGE NAME: libsoup PACKAGE VERSION: 3.4.4 CVE: CVE-2011-2524 CVE STATUS: Patched CVE SUMMARY: Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in a URI. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-2524 LAYER: meta PACKAGE NAME: libsoup PACKAGE VERSION: 3.4.4 CVE: CVE-2012-2132 CVE STATUS: Patched CVE SUMMARY: libsoup 2.32.2 and earlier does not validate certificates or clear the trust flag when the ssl-ca-file does not exist, which allows remote attackers to bypass authentication by connecting with a SSL connection. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2132 LAYER: meta PACKAGE NAME: libsoup PACKAGE VERSION: 3.4.4 CVE: CVE-2017-2885 CVE STATUS: Patched CVE SUMMARY: An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-2885 LAYER: meta PACKAGE NAME: libsoup PACKAGE VERSION: 3.4.4 CVE: CVE-2018-11713 CVE STATUS: Patched CVE SUMMARY: WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without libsoup 2.62.0, unexpectedly failed to use system proxy settings for WebSocket connections. As a result, users could be deanonymized by crafted web sites via a WebSocket connection. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11713 LAYER: meta PACKAGE NAME: libsoup PACKAGE VERSION: 3.4.4 CVE: CVE-2018-12910 CVE STATUS: Patched CVE SUMMARY: The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-12910 LAYER: meta PACKAGE NAME: libsoup PACKAGE VERSION: 3.4.4 CVE: CVE-2019-17266 CVE STATUS: Patched CVE SUMMARY: libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer over-read because soup_ntlm_parse_challenge() in soup-auth-ntlm.c does not properly check an NTLM message's length before proceeding with a memcpy. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-17266 LAYER: meta PACKAGE NAME: libsoup PACKAGE VERSION: 3.4.4 CVE: CVE-2024-52530 CVE STATUS: Patched CVE SUMMARY: GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-52530 LAYER: meta PACKAGE NAME: libsoup PACKAGE VERSION: 3.4.4 CVE: CVE-2024-52531 CVE STATUS: Patched CVE SUMMARY: GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. There is a plausible way to reach this remotely via soup_message_headers_get_content_type (e.g., an application may want to retrieve the content type of a request or response). CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-52531 LAYER: meta PACKAGE NAME: libsoup PACKAGE VERSION: 3.4.4 CVE: CVE-2024-52532 CVE STATUS: Patched CVE SUMMARY: GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-52532 LAYER: meta-python PACKAGE NAME: python3-pillow PACKAGE VERSION: 10.3.0 CVE: CVE-2014-1932 CVE STATUS: Patched CVE SUMMARY: The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 do not properly create temporary files, which allow local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on the temporary file. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-1932 LAYER: meta-python PACKAGE NAME: python3-pillow PACKAGE VERSION: 10.3.0 CVE: CVE-2014-1933 CVE STATUS: Patched CVE SUMMARY: The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the processes. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-1933 LAYER: meta-python PACKAGE NAME: python3-pillow PACKAGE VERSION: 10.3.0 CVE: CVE-2014-3007 CVE STATUS: Patched CVE SUMMARY: Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might allow remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors related to CVE-2014-1932, possibly JpegImagePlugin.py. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3007 LAYER: meta-python PACKAGE NAME: python3-pillow PACKAGE VERSION: 10.3.0 CVE: CVE-2014-3589 CVE STATUS: Patched CVE SUMMARY: PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3589 LAYER: meta-python PACKAGE NAME: python3-pillow PACKAGE VERSION: 10.3.0 CVE: CVE-2014-3598 CVE STATUS: Patched CVE SUMMARY: The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3598 LAYER: meta-python PACKAGE NAME: python3-pillow PACKAGE VERSION: 10.3.0 CVE: CVE-2014-9601 CVE STATUS: Patched CVE SUMMARY: Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9601 LAYER: meta-python PACKAGE NAME: python3-pillow PACKAGE VERSION: 10.3.0 CVE: CVE-2016-0740 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-0740 LAYER: meta-python PACKAGE NAME: python3-pillow PACKAGE VERSION: 10.3.0 CVE: CVE-2016-0775 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-0775 LAYER: meta-python PACKAGE NAME: python3-pillow PACKAGE VERSION: 10.3.0 CVE: CVE-2016-2533 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2533 LAYER: meta-python PACKAGE NAME: python3-pillow PACKAGE VERSION: 10.3.0 CVE: CVE-2016-3076 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3076 LAYER: meta-python PACKAGE NAME: python3-pillow PACKAGE VERSION: 10.3.0 CVE: CVE-2016-4009 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the ImagingResampleHorizontal function in libImaging/Resample.c in Pillow before 3.1.1 allows remote attackers to have unspecified impact via negative values of the new size, which triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4009 LAYER: meta-python PACKAGE NAME: python3-pillow PACKAGE VERSION: 10.3.0 CVE: CVE-2016-9189 CVE STATUS: Patched CVE SUMMARY: Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.map_buffer in map.c component. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9189 LAYER: meta-python PACKAGE NAME: python3-pillow PACKAGE VERSION: 10.3.0 CVE: CVE-2016-9190 CVE STATUS: Patched CVE SUMMARY: Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9190 LAYER: meta-python PACKAGE NAME: python3-pillow PACKAGE VERSION: 10.3.0 CVE: CVE-2019-16865 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-16865 LAYER: meta-python PACKAGE NAME: python3-pillow PACKAGE VERSION: 10.3.0 CVE: CVE-2019-19911 CVE STATUS: Patched CVE SUMMARY: There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows running 32-bit Python, this results in an OverflowError or MemoryError due to the 2 GB limit. However, on Linux running 64-bit Python this results in the process being terminated by the OOM killer. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-19911 LAYER: meta-python PACKAGE NAME: python3-pillow PACKAGE VERSION: 10.3.0 CVE: CVE-2020-10177 CVE STATUS: Patched CVE SUMMARY: Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/FliDecode.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-10177 LAYER: meta-python PACKAGE NAME: python3-pillow PACKAGE VERSION: 10.3.0 CVE: CVE-2020-10378 CVE STATUS: Patched CVE SUMMARY: In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-10378 LAYER: meta-python PACKAGE NAME: python3-pillow PACKAGE VERSION: 10.3.0 CVE: CVE-2020-10379 CVE STATUS: Patched CVE SUMMARY: In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-10379 LAYER: meta-python PACKAGE NAME: python3-pillow PACKAGE VERSION: 10.3.0 CVE: CVE-2020-10994 CVE STATUS: Patched CVE SUMMARY: In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multiple out-of-bounds reads via a crafted JP2 file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-10994 LAYER: meta-python PACKAGE NAME: python3-pillow PACKAGE VERSION: 10.3.0 CVE: CVE-2020-11538 CVE STATUS: Patched CVE SUMMARY: In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-11538 LAYER: meta-python PACKAGE NAME: python3-pillow PACKAGE VERSION: 10.3.0 CVE: CVE-2020-35653 CVE STATUS: Patched CVE SUMMARY: In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 7.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-35653 LAYER: meta-python PACKAGE NAME: python3-pillow PACKAGE VERSION: 10.3.0 CVE: CVE-2020-35654 CVE STATUS: Patched CVE SUMMARY: In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-35654 LAYER: meta-python PACKAGE NAME: python3-pillow PACKAGE VERSION: 10.3.0 CVE: CVE-2020-35655 CVE STATUS: Patched CVE SUMMARY: In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 5.4 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-35655 LAYER: meta-python PACKAGE NAME: python3-pillow PACKAGE VERSION: 10.3.0 CVE: CVE-2020-5310 CVE STATUS: Patched CVE SUMMARY: libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-5310 LAYER: meta-python PACKAGE NAME: python3-pillow PACKAGE VERSION: 10.3.0 CVE: CVE-2020-5311 CVE STATUS: Patched CVE SUMMARY: libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-5311 LAYER: meta-python PACKAGE NAME: python3-pillow PACKAGE VERSION: 10.3.0 CVE: CVE-2020-5312 CVE STATUS: Patched CVE SUMMARY: libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-5312 LAYER: meta-python PACKAGE NAME: python3-pillow PACKAGE VERSION: 10.3.0 CVE: CVE-2020-5313 CVE STATUS: Patched CVE SUMMARY: libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 7.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-5313 LAYER: meta-python PACKAGE NAME: python3-pillow PACKAGE VERSION: 10.3.0 CVE: CVE-2021-23437 CVE STATUS: Patched CVE SUMMARY: The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-23437 LAYER: meta-python PACKAGE NAME: python3-pillow PACKAGE VERSION: 10.3.0 CVE: CVE-2021-25287 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_graya_la. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-25287 LAYER: meta-python PACKAGE NAME: python3-pillow PACKAGE VERSION: 10.3.0 CVE: CVE-2021-25288 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_gray_i. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-25288 LAYER: meta-python PACKAGE NAME: python3-pillow PACKAGE VERSION: 10.3.0 CVE: CVE-2021-25289 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-25289 LAYER: meta-python PACKAGE NAME: python3-pillow PACKAGE VERSION: 10.3.0 CVE: CVE-2021-25290 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-25290 LAYER: meta-python PACKAGE NAME: python3-pillow PACKAGE VERSION: 10.3.0 CVE: CVE-2021-25291 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-25291 LAYER: meta-python PACKAGE NAME: python3-pillow PACKAGE VERSION: 10.3.0 CVE: CVE-2021-25292 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-25292 LAYER: meta-python PACKAGE NAME: python3-pillow PACKAGE VERSION: 10.3.0 CVE: CVE-2021-25293 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-25293 LAYER: meta-python PACKAGE NAME: python3-pillow PACKAGE VERSION: 10.3.0 CVE: CVE-2021-27921 CVE STATUS: Patched CVE SUMMARY: Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-27921 LAYER: meta-python PACKAGE NAME: python3-pillow PACKAGE VERSION: 10.3.0 CVE: CVE-2021-27922 CVE STATUS: Patched CVE SUMMARY: Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-27922 LAYER: meta-python PACKAGE NAME: python3-pillow PACKAGE VERSION: 10.3.0 CVE: CVE-2021-27923 CVE STATUS: Patched CVE SUMMARY: Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-27923 LAYER: meta-python PACKAGE NAME: python3-pillow PACKAGE VERSION: 10.3.0 CVE: CVE-2021-28675 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open prior to Image.load. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-28675 LAYER: meta-python PACKAGE NAME: python3-pillow PACKAGE VERSION: 10.3.0 CVE: CVE-2021-28676 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-28676 LAYER: meta-python PACKAGE NAME: python3-pillow PACKAGE VERSION: 10.3.0 CVE: CVE-2021-28677 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could use this to perform a DoS of Pillow in the open phase, before an image was accepted for opening. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-28677 LAYER: meta-python PACKAGE NAME: python3-pillow PACKAGE VERSION: 10.3.0 CVE: CVE-2021-28678 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads (after jumping to file offsets) returned data. This could lead to a DoS where the decoder could be run a large number of times on empty data. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-28678 LAYER: meta-python PACKAGE NAME: python3-pillow PACKAGE VERSION: 10.3.0 CVE: CVE-2021-34552 CVE STATUS: Patched CVE SUMMARY: Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-34552 LAYER: meta-python PACKAGE NAME: python3-pillow PACKAGE VERSION: 10.3.0 CVE: CVE-2022-22815 CVE STATUS: Patched CVE SUMMARY: path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-22815 LAYER: meta-python PACKAGE NAME: python3-pillow PACKAGE VERSION: 10.3.0 CVE: CVE-2022-22816 CVE STATUS: Patched CVE SUMMARY: path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-22816 LAYER: meta-python PACKAGE NAME: python3-pillow PACKAGE VERSION: 10.3.0 CVE: CVE-2022-22817 CVE STATUS: Patched CVE SUMMARY: PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-22817 LAYER: meta-python PACKAGE NAME: python3-pillow PACKAGE VERSION: 10.3.0 CVE: CVE-2022-24303 CVE STATUS: Patched CVE SUMMARY: Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-24303 LAYER: meta-python PACKAGE NAME: python3-pillow PACKAGE VERSION: 10.3.0 CVE: CVE-2022-30595 CVE STATUS: Patched CVE SUMMARY: libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-30595 LAYER: meta-python PACKAGE NAME: python3-pillow PACKAGE VERSION: 10.3.0 CVE: CVE-2022-45198 CVE STATUS: Patched CVE SUMMARY: Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification). CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-45198 LAYER: meta-python PACKAGE NAME: python3-pillow PACKAGE VERSION: 10.3.0 CVE: CVE-2022-45199 CVE STATUS: Patched CVE SUMMARY: Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-45199 LAYER: meta-python PACKAGE NAME: python3-pillow PACKAGE VERSION: 10.3.0 CVE: CVE-2023-44271 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-44271 LAYER: meta-python PACKAGE NAME: python3-pillow PACKAGE VERSION: 10.3.0 CVE: CVE-2023-50447 CVE STATUS: Patched CVE SUMMARY: Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter). CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-50447 LAYER: meta PACKAGE NAME: man-db PACKAGE VERSION: 2.12.0 CVE: CVE-2015-1336 CVE STATUS: Patched CVE SUMMARY: The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1336 LAYER: meta PACKAGE NAME: man-db PACKAGE VERSION: 2.12.0 CVE: CVE-2018-25078 CVE STATUS: Patched CVE SUMMARY: man-db before 2.8.5 on Gentoo allows local users (with access to the man user account) to gain root privileges because /usr/bin/mandb is executed by root but not owned by root. (Also, the owner can strip the setuid and setgid bits.) CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-25078 LAYER: meta PACKAGE NAME: automake PACKAGE VERSION: 1.16.5 CVE: CVE-2009-4029 CVE STATUS: Patched CVE SUMMARY: The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-4029 LAYER: meta PACKAGE NAME: automake PACKAGE VERSION: 1.16.5 CVE: CVE-2012-3386 CVE STATUS: Patched CVE SUMMARY: The "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-3386 LAYER: meta PACKAGE NAME: gtk+3 PACKAGE VERSION: 3.24.41 CVE: CVE-2001-0084 CVE STATUS: Patched CVE SUMMARY: GTK+ library allows local users to specify arbitrary modules via the GTK_MODULES environmental variable, which could allow local users to gain privileges if GTK+ is used by a setuid/setgid program. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2001-0084 LAYER: meta PACKAGE NAME: gtk+3 PACKAGE VERSION: 3.24.41 CVE: CVE-2004-0753 CVE STATUS: Patched CVE SUMMARY: The BMP image processor for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted BMP file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0753 LAYER: meta PACKAGE NAME: gtk+3 PACKAGE VERSION: 3.24.41 CVE: CVE-2004-0782 CVE STATUS: Patched CVE SUMMARY: Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, allows remote attackers to execute arbitrary code via certain n_col and cpp values that enable a heap-based buffer overflow. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0687). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0782 LAYER: meta PACKAGE NAME: gtk+3 PACKAGE VERSION: 3.24.41 CVE: CVE-2004-0783 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in xpm_extract_color (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, may allow remote attackers to execute arbitrary code via a certain color string. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0688). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0783 LAYER: meta PACKAGE NAME: gtk+3 PACKAGE VERSION: 3.24.41 CVE: CVE-2004-0788 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the ICO image decoder for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted ICO file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0788 LAYER: meta PACKAGE NAME: gtk+3 PACKAGE VERSION: 3.24.41 CVE: CVE-2005-0372 CVE STATUS: Patched CVE SUMMARY: Directory traversal vulnerability in gftp before 2.0.18 for GTK+ allows remote malicious FTP servers to read arbitrary files via .. (dot dot) sequences in filenames returned from a LIST command. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-0372 LAYER: meta PACKAGE NAME: gtk+3 PACKAGE VERSION: 3.24.41 CVE: CVE-2005-0891 CVE STATUS: Patched CVE SUMMARY: Double free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote attackers to cause a denial of service (crash) via a crafted BMP image. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-0891 LAYER: meta PACKAGE NAME: gtk+3 PACKAGE VERSION: 3.24.41 CVE: CVE-2005-2975 CVE STATUS: Patched CVE SUMMARY: io-xpm.c in the gdk-pixbuf XPM image rendering library in GTK+ before 2.8.7 allows attackers to cause a denial of service (infinite loop) via a crafted XPM image with a large number of colors. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-2975 LAYER: meta PACKAGE NAME: gtk+3 PACKAGE VERSION: 3.24.41 CVE: CVE-2005-2976 CVE STATUS: Patched CVE SUMMARY: Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 allows attackers to cause a denial of service (crash) or execute arbitrary code via an XPM file with large height, width, and colour values, a different vulnerability than CVE-2005-3186. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-2976 LAYER: meta PACKAGE NAME: gtk+3 PACKAGE VERSION: 3.24.41 CVE: CVE-2007-0010 CVE STATUS: Patched CVE SUMMARY: The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) before 2.4.13 allows context-dependent attackers to cause a denial of service (crash) via a malformed image file. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-0010 LAYER: meta PACKAGE NAME: gtk+3 PACKAGE VERSION: 3.24.41 CVE: CVE-2010-0732 CVE STATUS: Patched CVE SUMMARY: gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times. CVSS v2 BASE SCORE: 6.2 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-0732 LAYER: meta PACKAGE NAME: gtk+3 PACKAGE VERSION: 3.24.41 CVE: CVE-2010-4831 CVE STATUS: Patched CVE SUMMARY: Untrusted search path vulnerability in gdk/win32/gdkinput-win32.c in GTK+ before 2.21.8 allows local users to gain privileges via a Trojan horse Wintab32.dll file in the current working directory. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-4831 LAYER: meta PACKAGE NAME: gtk+3 PACKAGE VERSION: 3.24.41 CVE: CVE-2010-4833 CVE STATUS: Patched CVE SUMMARY: Untrusted search path vulnerability in modules/engines/ms-windows/xp_theme.c in GTK+ before 2.24.0 allows local users to gain privileges via a Trojan horse uxtheme.dll file in the current working directory, a different vulnerability than CVE-2010-4831. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-4833 LAYER: meta PACKAGE NAME: gtk+3 PACKAGE VERSION: 3.24.41 CVE: CVE-2012-0828 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in Xchat-WDK before 1499-4 (2012-01-18) xchat 2.8.6 on Maemo architecture could allow remote attackers to cause a denial of service (xchat client crash) or execute arbitrary code via a UTF-8 line from server containing characters outside of the Basic Multilingual Plane (BMP). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0828 LAYER: meta PACKAGE NAME: gtk+3 PACKAGE VERSION: 3.24.41 CVE: CVE-2014-1949 CVE STATUS: Patched CVE SUMMARY: GTK+ 3.10.9 and earlier, as used in cinnamon-screensaver, gnome-screensaver, and other applications, allows physically proximate attackers to bypass the lock screen by pressing the menu button. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-1949 LAYER: meta PACKAGE NAME: libcomps PACKAGE VERSION: 0.1.20 CVE: CVE-2019-3817 CVE STATUS: Patched CVE SUMMARY: A use-after-free flaw has been discovered in libcomps before version 0.1.10 in the way ObjMRTrees are merged. An attacker, who is able to make an application read a crafted comps XML file, may be able to crash the application or execute malicious code. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-3817 LAYER: meta PACKAGE NAME: libgcrypt PACKAGE VERSION: 1.10.3 CVE: CVE-2013-4242 CVE STATUS: Patched CVE SUMMARY: GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4242 LAYER: meta PACKAGE NAME: libgcrypt PACKAGE VERSION: 1.10.3 CVE: CVE-2014-3591 CVE STATUS: Patched CVE SUMMARY: Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 4.2 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3591 LAYER: meta PACKAGE NAME: libgcrypt PACKAGE VERSION: 1.10.3 CVE: CVE-2014-5270 CVE STATUS: Patched CVE SUMMARY: Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed metal, a different vector than CVE-2013-4576. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-5270 LAYER: meta PACKAGE NAME: libgcrypt PACKAGE VERSION: 1.10.3 CVE: CVE-2015-0837 CVE STATUS: Patched CVE SUMMARY: The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack." CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0837 LAYER: meta PACKAGE NAME: libgcrypt PACKAGE VERSION: 1.10.3 CVE: CVE-2015-7511 CVE STATUS: Patched CVE SUMMARY: Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring electromagnetic emanations. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 2.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7511 LAYER: meta PACKAGE NAME: libgcrypt PACKAGE VERSION: 1.10.3 CVE: CVE-2016-6313 CVE STATUS: Patched CVE SUMMARY: The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6313 LAYER: meta PACKAGE NAME: libgcrypt PACKAGE VERSION: 1.10.3 CVE: CVE-2017-0379 CVE STATUS: Patched CVE SUMMARY: Libgcrypt before 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for attackers to discover a secret key, related to cipher/ecc.c and mpi/ec.c. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-0379 LAYER: meta PACKAGE NAME: libgcrypt PACKAGE VERSION: 1.10.3 CVE: CVE-2017-7526 CVE STATUS: Patched CVE SUMMARY: libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7526 LAYER: meta PACKAGE NAME: libgcrypt PACKAGE VERSION: 1.10.3 CVE: CVE-2017-9526 CVE STATUS: Patched CVE SUMMARY: In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key (from side-channel observation during the signing process) can easily recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this session key in secure memory, to ensure that constant-time point operations are used in the MPI library. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9526 LAYER: meta PACKAGE NAME: libgcrypt PACKAGE VERSION: 1.10.3 CVE: CVE-2018-0495 CVE STATUS: Patched CVE SUMMARY: Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 4.7 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-0495 LAYER: meta PACKAGE NAME: libgcrypt PACKAGE VERSION: 1.10.3 CVE: CVE-2018-6829 CVE STATUS: Patched CVE SUMMARY: cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-6829 LAYER: meta PACKAGE NAME: libgcrypt PACKAGE VERSION: 1.10.3 CVE: CVE-2019-12904 CVE STATUS: Patched CVE SUMMARY: In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.) NOTE: the vendor's position is that the issue report cannot be validated because there is no description of an attack CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-12904 LAYER: meta PACKAGE NAME: libgcrypt PACKAGE VERSION: 1.10.3 CVE: CVE-2021-3345 CVE STATUS: Patched CVE SUMMARY: _gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. It is recommended to upgrade to 1.9.1 or later. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3345 LAYER: meta PACKAGE NAME: libgcrypt PACKAGE VERSION: 1.10.3 CVE: CVE-2021-33560 CVE STATUS: Patched CVE SUMMARY: Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-33560 LAYER: meta PACKAGE NAME: libgcrypt PACKAGE VERSION: 1.10.3 CVE: CVE-2021-40528 CVE STATUS: Patched CVE SUMMARY: The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-40528 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2004-0691 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the BMP image format parser for the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0691 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2004-0692 CVE STATUS: Patched CVE SUMMARY: The XPM parser in the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) via a malformed image file that triggers a null dereference, a different vulnerability than CVE-2004-0693. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0692 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2004-0693 CVE STATUS: Patched CVE SUMMARY: The GIF parser in the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) via a malformed image file that triggers a null dereference, a different vulnerability than CVE-2004-0692. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0693 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2005-0627 CVE STATUS: Patched CVE SUMMARY: Qt before 3.3.4 searches the BUILD_PREFIX directory, which could be world-writable, to load shared libraries regardless of the LD_LIBRARY_PATH environment variable, which allows local users to execute arbitrary programs. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-0627 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2006-4811 CVE STATUS: Patched CVE SUMMARY: Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 before 4.2.1, as used in the KDE khtml library, kdelibs 3.1.3, and possibly other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted pixmap image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-4811 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2007-0242 CVE STATUS: Patched CVE SUMMARY: The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-0242 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2007-3388 CVE STATUS: Patched CVE SUMMARY: Multiple format string vulnerabilities in (1) qtextedit.cpp, (2) qdatatable.cpp, (3) qsqldatabase.cpp, (4) qsqlindex.cpp, (5) qsqlrecord.cpp, (6) qglobal.cpp, and (7) qsvgdevice.cpp in QTextEdit in Trolltech Qt 3 before 3.3.8 20070727 allow remote attackers to execute arbitrary code via format string specifiers in text used to compose an error message. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-3388 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2007-4137 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of service (crash) via a crafted Unicode string that triggers a heap-based buffer overflow. NOTE: Qt 4 has the same error in the QUtf8Codec::convertToUnicode function, but it is not exploitable. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-4137 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2009-2700 CVE STATUS: Patched CVE SUMMARY: src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-2700 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2010-1766 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the WebSocketHandshake::readServerHandshake function in websockets/WebSocketHandshake.cpp in WebCore in WebKit before r56380, as used in Qt and other products, allows remote websockets servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an upgrade header that is long and invalid. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-1766 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2010-2621 CVE STATUS: Patched CVE SUMMARY: The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2621 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2010-5076 CVE STATUS: Patched CVE SUMMARY: QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-5076 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2011-3193 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3193 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2011-3194 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the TIFF reader in gui/image/qtiffhandler.cpp in Qt 4.7.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the TIFFTAG_SAMPLESPERPIXEL tag in a greyscale TIFF image with multiple samples per pixel. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3194 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2012-5624 CVE STATUS: Patched CVE SUMMARY: The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-5624 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2012-6093 CVE STATUS: Patched CVE SUMMARY: The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an "incompatible structure layout" that can read memory from the wrong location, which causes Qt to report an incorrect error when certificate validation fails and might cause users to make unsafe security decisions to accept a certificate. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6093 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2013-0254 CVE STATUS: Patched CVE SUMMARY: The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0254 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2013-4549 CVE STATUS: Patched CVE SUMMARY: QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4549 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2014-0190 CVE STATUS: Patched CVE SUMMARY: The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0190 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-0295 CVE STATUS: Patched CVE SUMMARY: The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0295 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-1290 CVE STATUS: Patched CVE SUMMARY: The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1290 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-1858 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1858 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-1859 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1859 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-1860 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1860 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-7298 CVE STATUS: Patched CVE SUMMARY: ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote attackers to conduct man-in-the-middle (MITM) attacks by leveraging a server using a self-signed certificate. NOTE: this vulnerability exists because of a partial CVE-2015-4456 regression. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7298 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-9541 CVE STATUS: Patched CVE SUMMARY: Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-9541 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2017-10904 CVE STATUS: Patched CVE SUMMARY: Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-10904 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2017-10905 CVE STATUS: Patched CVE SUMMARY: A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified vectors. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-10905 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2017-15011 CVE STATUS: Patched CVE SUMMARY: The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and SugarSync, are configured for remote access and allow remote attackers to cause a denial of service (application crash) via an unspecified string. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15011 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-15518 CVE STATUS: Patched CVE SUMMARY: QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-15518 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-19865 CVE STATUS: Patched CVE SUMMARY: A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19865 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-19869 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19869 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-19870 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19870 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-19871 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19871 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-19872 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19872 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-19873 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19873 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-21035 CVE STATUS: Patched CVE SUMMARY: In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 8.6 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-21035 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2019-18281 CVE STATUS: Patched CVE SUMMARY: An out-of-bounds memory access in the generateDirectionalRuns() function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an application via a text file containing many directional characters. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 4.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-18281 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2020-0569 CVE STATUS: Patched CVE SUMMARY: Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access. CVSS v2 BASE SCORE: 2.7 CVSS v3 BASE SCORE: 5.7 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-0569 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2020-0570 CVE STATUS: Patched CVE SUMMARY: Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 7.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-0570 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2020-12267 CVE STATUS: Patched CVE SUMMARY: setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-12267 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2020-13962 CVE STATUS: Patched CVE SUMMARY: Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.) CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-13962 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2020-17507 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-17507 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2020-24742 CVE STATUS: Patched CVE SUMMARY: An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-24742 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2021-28025 CVE STATUS: Patched CVE SUMMARY: Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS). CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-28025 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2021-3481 CVE STATUS: Patched CVE SUMMARY: A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access. The highest threat from this vulnerability is to data confidentiality and the application availability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.1 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3481 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2021-38593 CVE STATUS: Patched CVE SUMMARY: Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-38593 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2022-25255 CVE STATUS: Patched CVE SUMMARY: In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-25255 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2022-25634 CVE STATUS: Patched CVE SUMMARY: Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-25634 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2022-40983 CVE STATUS: Patched CVE SUMMARY: An integer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an integer overflow during memory allocation, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-40983 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2022-43591 CVE STATUS: Patched CVE SUMMARY: A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an out-of-bounds memory access, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-43591 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-24607 CVE STATUS: Patched CVE SUMMARY: Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-24607 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-32573 CVE STATUS: Unpatched CVE SUMMARY: In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-32573 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-32762 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-32762 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-32763 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-32763 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-33285 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-33285 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-34410 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-34410 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-37369 CVE STATUS: Patched CVE SUMMARY: In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-37369 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-38197 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-38197 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-43114 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFont{FromData], then it can cause the application to crash because of missing length checks. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-43114 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-51714 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-51714 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2024-25580 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.2 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-25580 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2024-39936 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed.. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.6 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-39936 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2025-30348 CVE STATUS: Unpatched CVE SUMMARY: encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with relocation of later data). CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-30348 LAYER: meta PACKAGE NAME: quota PACKAGE VERSION: 4.09 CVE: CVE-2012-3417 CVE STATUS: Patched CVE SUMMARY: The good_client function in rquotad (rquota_svc.c) in Linux DiskQuota (aka quota) before 3.17 invokes the hosts_ctl function the first time without a host name, which might allow remote attackers to bypass TCP Wrappers rules in hosts.deny. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-3417 LAYER: meta PACKAGE NAME: taglib PACKAGE VERSION: 2.0.1 CVE: CVE-2012-1107 CVE STATUS: Patched CVE SUMMARY: The analyzeCurrent function in ape/apeproperties.cpp in TagLib 1.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted sampleRate in an ape file, which triggers a divide-by-zero error. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1107 LAYER: meta PACKAGE NAME: taglib PACKAGE VERSION: 2.0.1 CVE: CVE-2012-1108 CVE STATUS: Patched CVE SUMMARY: The parse function in ogg/xiphcomment.cpp in TagLib 1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted vendorLength field in an ogg file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1108 LAYER: meta PACKAGE NAME: taglib PACKAGE VERSION: 2.0.1 CVE: CVE-2012-1584 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the mid function in toolkit/tbytevector.cpp in TagLib 1.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted file header field in a media file, which triggers a large memory allocation. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1584 LAYER: meta PACKAGE NAME: taglib PACKAGE VERSION: 2.0.1 CVE: CVE-2017-12678 CVE STATUS: Patched CVE SUMMARY: In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefactory.cpp has a pointer to cast vulnerability, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted audio file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12678 LAYER: meta PACKAGE NAME: taglib PACKAGE VERSION: 2.0.1 CVE: CVE-2018-11439 CVE STATUS: Patched CVE SUMMARY: The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11439 LAYER: meta PACKAGE NAME: less PACKAGE VERSION: 643 CVE: CVE-2004-2264 CVE STATUS: Patched CVE SUMMARY: Format string bug in the open_altfile function in filename.c for GNU less 382, 381, and 358 might allow local users to cause a denial of service or possibly execute arbitrary code via format strings in the LESSOPEN environment variable. NOTE: since less is not setuid or setgid, then this is not a vulnerability unless there are plausible scenarios under which privilege boundaries could be crossed CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-2264 LAYER: meta PACKAGE NAME: less PACKAGE VERSION: 643 CVE: CVE-2014-9488 CVE STATUS: Patched CVE SUMMARY: The is_utf8_well_formed function in GNU less before 475 allows remote attackers to have unspecified impact via malformed UTF-8 characters, which triggers an out-of-bounds read. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9488 LAYER: meta PACKAGE NAME: less PACKAGE VERSION: 643 CVE: CVE-2022-46663 CVE STATUS: Patched CVE SUMMARY: In GNU Less before 609, crafted data can result in "less -R" not filtering ANSI escape sequences sent to the terminal. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-46663 LAYER: meta PACKAGE NAME: less PACKAGE VERSION: 643 CVE: CVE-2022-48624 CVE STATUS: Patched CVE SUMMARY: close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-48624 LAYER: meta PACKAGE NAME: less PACKAGE VERSION: 643 CVE: CVE-2024-32487 CVE STATUS: Patched CVE SUMMARY: less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.6 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-32487 LAYER: meta PACKAGE NAME: pixman PACKAGE VERSION: 1_0.42.2 CVE: CVE-2013-6424 CVE STATUS: Patched CVE SUMMARY: Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-6424 LAYER: meta PACKAGE NAME: pixman PACKAGE VERSION: 1_0.42.2 CVE: CVE-2013-6425 CVE STATUS: Patched CVE SUMMARY: Integer underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman before 0.32.0, as used in X.Org server and cairo, allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-6425 LAYER: meta PACKAGE NAME: pixman PACKAGE VERSION: 1_0.42.2 CVE: CVE-2014-9766 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the create_bits function in pixman-bits-image.c in Pixman before 0.32.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via large height and stride values. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9766 LAYER: meta PACKAGE NAME: pixman PACKAGE VERSION: 1_0.42.2 CVE: CVE-2015-5297 CVE STATUS: Patched CVE SUMMARY: An integer overflow issue has been reported in the general_composite_rect() function in pixman prior to version 0.32.8. An attacker could exploit this issue to cause an application using pixman to crash or, potentially, execute arbitrary code. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 6.7 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5297 LAYER: meta PACKAGE NAME: pixman PACKAGE VERSION: 1_0.42.2 CVE: CVE-2022-44638 CVE STATUS: Patched CVE SUMMARY: In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-44638 LAYER: meta PACKAGE NAME: pixman PACKAGE VERSION: 1_0.42.2 CVE: CVE-2023-37769 CVE STATUS: Ignored CVE DETAIL: not-applicable-config CVE DESCRIPTION: stress-test is an uninstalled test CVE SUMMARY: stress-test master commit e4c878 was discovered to contain a FPE vulnerability via the component combine_inner at /pixman-combine-float.c. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-37769 LAYER: meta PACKAGE NAME: gmp PACKAGE VERSION: 6.3.0 CVE: CVE-2021-43618 CVE STATUS: Patched CVE SUMMARY: GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-43618 LAYER: meta PACKAGE NAME: minicom PACKAGE VERSION: 2.9 CVE: CVE-2000-0698 CVE STATUS: Patched CVE SUMMARY: Minicom 1.82.1 and earlier on some Linux systems allows local users to create arbitrary files owned by the uucp user via a symlink attack. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2000-0698 LAYER: meta PACKAGE NAME: minicom PACKAGE VERSION: 2.9 CVE: CVE-2001-0570 CVE STATUS: Patched CVE SUMMARY: minicom 1.83.1 and earlier allows a local attacker to gain additional privileges via numerous format string attacks. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2001-0570 LAYER: meta PACKAGE NAME: minicom PACKAGE VERSION: 2.9 CVE: CVE-2017-7467 CVE STATUS: Patched CVE SUMMARY: A buffer overflow flaw was found in the way minicom before version 2.7.1 handled VT100 escape sequences. A malicious terminal device could potentially use this flaw to crash minicom, or execute arbitrary code in the context of the minicom process. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 7.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7467 LAYER: meta PACKAGE NAME: libgcc PACKAGE VERSION: 13.3.0 CVE: CVE-1999-1439 CVE STATUS: Patched CVE SUMMARY: gcc 2.7.2 allows local users to overwrite arbitrary files via a symlink attack on temporary .i, .s, or .o files. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-1999-1439 LAYER: meta PACKAGE NAME: libgcc PACKAGE VERSION: 13.3.0 CVE: CVE-2000-1219 CVE STATUS: Patched CVE SUMMARY: The -ftrapv compiler option in gcc and g++ 3.3.3 and earlier does not handle all types of integer overflows, which may leave applications vulnerable to vulnerabilities related to overflows. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2000-1219 LAYER: meta PACKAGE NAME: libgcc PACKAGE VERSION: 13.3.0 CVE: CVE-2002-2439 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the new[] operator in gcc before 4.8.0 allows attackers to have unspecified impacts. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-2439 LAYER: meta PACKAGE NAME: libgcc PACKAGE VERSION: 13.3.0 CVE: CVE-2006-1902 CVE STATUS: Patched CVE SUMMARY: fold_binary in fold-const.c in GNU Compiler Collection (gcc) 4.1 improperly handles pointer overflow when folding a certain expr comparison to a corresponding offset comparison in cases other than EQ_EXPR and NE_EXPR, which might introduce buffer overflow vulnerabilities into applications that could be exploited by context-dependent attackers.NOTE: the vendor states that the essence of the issue is "not correctly interpreting an offset to a pointer as a signed value." CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-1902 LAYER: meta PACKAGE NAME: libgcc PACKAGE VERSION: 13.3.0 CVE: CVE-2008-1367 CVE STATUS: Patched CVE SUMMARY: gcc 4.3.x does not generate a cld instruction while compiling functions used for string manipulation such as memcpy and memmove on x86 and i386, which can prevent the direction flag (DF) from being reset in violation of ABI conventions and cause data to be copied in the wrong direction during signal handling in the Linux kernel, which might allow context-dependent attackers to trigger memory corruption. NOTE: this issue was originally reported for CPU consumption in SBCL. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1367 LAYER: meta PACKAGE NAME: libgcc PACKAGE VERSION: 13.3.0 CVE: CVE-2008-1685 CVE STATUS: Patched CVE SUMMARY: gcc 4.2.0 through 4.3.0 in GNU Compiler Collection, when casts are not used, considers the sum of a pointer and an int to be greater than or equal to the pointer, which might lead to removal of length testing code that was intended as a protection mechanism against integer overflow and buffer overflow attacks, and provide no diagnostic message about this removal. NOTE: the vendor has determined that this compiler behavior is correct according to section 6.5.6 of the C99 standard (aka ISO/IEC 9899:1999) CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1685 LAYER: meta PACKAGE NAME: libgcc PACKAGE VERSION: 13.3.0 CVE: CVE-2013-4598 CVE STATUS: Patched CVE SUMMARY: The Groups, Communities and Co (GCC) module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permission, which allows remote attackers to access the configuration pages via unspecified vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4598 LAYER: meta PACKAGE NAME: libgcc PACKAGE VERSION: 13.3.0 CVE: CVE-2015-5276 CVE STATUS: Patched CVE SUMMARY: The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5276 LAYER: meta PACKAGE NAME: libgcc PACKAGE VERSION: 13.3.0 CVE: CVE-2017-11671 CVE STATUS: Patched CVE SUMMARY: Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 4.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11671 LAYER: meta PACKAGE NAME: libgcc PACKAGE VERSION: 13.3.0 CVE: CVE-2018-12886 CVE STATUS: Patched CVE SUMMARY: stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-12886 LAYER: meta PACKAGE NAME: libgcc PACKAGE VERSION: 13.3.0 CVE: CVE-2019-15847 CVE STATUS: Patched CVE SUMMARY: The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-15847 LAYER: meta PACKAGE NAME: libgcc PACKAGE VERSION: 13.3.0 CVE: CVE-2021-37322 CVE STATUS: Ignored CVE DETAIL: cpe-incorrect CVE DESCRIPTION: Is a binutils 2.26 issue, not gcc CVE SUMMARY: GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via the component cplus-dem.c. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-37322 LAYER: meta PACKAGE NAME: libgcc PACKAGE VERSION: 13.3.0 CVE: CVE-2021-3826 CVE STATUS: Patched CVE SUMMARY: Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3826 LAYER: meta PACKAGE NAME: libgcc PACKAGE VERSION: 13.3.0 CVE: CVE-2021-46195 CVE STATUS: Patched CVE SUMMARY: GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-46195 LAYER: meta PACKAGE NAME: libgcc PACKAGE VERSION: 13.3.0 CVE: CVE-2022-27943 CVE STATUS: Patched CVE SUMMARY: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-27943 LAYER: meta PACKAGE NAME: libgcc PACKAGE VERSION: 13.3.0 CVE: CVE-2023-4039 CVE STATUS: Patched CVE DETAIL: fixed-version CVE DESCRIPTION: Fixed via CVE-2023-4039.patch included here. Set the status explictly to deal with all recipes that share the gcc-source CVE SUMMARY: **DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables. The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4039 LAYER: meta PACKAGE NAME: serf PACKAGE VERSION: 1.3.10 CVE: CVE-2014-3504 CVE STATUS: Patched CVE SUMMARY: The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3504 LAYER: meta PACKAGE NAME: lttng-ust PACKAGE VERSION: 2_2.13.8 CVE: CVE-2010-3386 CVE STATUS: Patched CVE SUMMARY: usttrace in LTTng Userspace Tracer (aka UST) 0.7 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-3386 LAYER: meta-oe PACKAGE NAME: protobuf PACKAGE VERSION: 4.25.3 CVE: CVE-2015-5237 CVE STATUS: Patched CVE SUMMARY: protobuf allows remote authenticated attackers to cause a heap-based buffer overflow. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5237 LAYER: meta-oe PACKAGE NAME: protobuf PACKAGE VERSION: 4.25.3 CVE: CVE-2021-22570 CVE STATUS: Patched CVE SUMMARY: Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-22570 LAYER: meta-oe PACKAGE NAME: protobuf PACKAGE VERSION: 4.25.3 CVE: CVE-2021-3121 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the "skippy peanut butter" issue. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 8.6 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3121 LAYER: meta-oe PACKAGE NAME: protobuf PACKAGE VERSION: 4.25.3 CVE: CVE-2023-24535 CVE STATUS: Patched CVE SUMMARY: Parsing invalid messages can panic. Parsing a text-format message which contains a potential number consisting of a minus sign, one or more characters of whitespace, and no further input will cause a panic. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-24535 LAYER: meta-oe PACKAGE NAME: protobuf PACKAGE VERSION: 4.25.3 CVE: CVE-2024-7254 CVE STATUS: Patched CVE SUMMARY: Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or against Protobuf map fields, creates unbounded recursions that can be abused by an attacker. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 8.7 VECTOR: NETWORK VECTORSTRING: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-7254 LAYER: meta PACKAGE NAME: libxcb PACKAGE VERSION: 1.16 CVE: CVE-2013-2064 CVE STATUS: Patched CVE SUMMARY: Integer overflow in X.org libxcb 1.9 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the read_packet function. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2064 LAYER: meta PACKAGE NAME: python3-urllib3 PACKAGE VERSION: 2.2.2 CVE: CVE-2016-9015 CVE STATUS: Patched CVE SUMMARY: Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not correctly validate TLS certificates. This places users of the library with those configurations at risk of man-in-the-middle and information leakage attacks. This vulnerability affects users using versions 1.17 and 1.18 of the urllib3 library, who are using the optional PyOpenSSL support for TLS instead of the regular standard library TLS backend, and who are using OpenSSL 1.1.0 via PyOpenSSL. This is an extremely uncommon configuration, so the security impact of this vulnerability is low. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 3.7 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9015 LAYER: meta PACKAGE NAME: python3-urllib3 PACKAGE VERSION: 2.2.2 CVE: CVE-2018-20060 CVE STATUS: Patched CVE SUMMARY: urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20060 LAYER: meta PACKAGE NAME: python3-urllib3 PACKAGE VERSION: 2.2.2 CVE: CVE-2018-25091 CVE STATUS: Patched CVE SUMMARY: urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE: this issue exists because of an incomplete fix for CVE-2018-20060 (which was case-sensitive). CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-25091 LAYER: meta PACKAGE NAME: python3-urllib3 PACKAGE VERSION: 2.2.2 CVE: CVE-2019-11236 CVE STATUS: Patched CVE SUMMARY: In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-11236 LAYER: meta PACKAGE NAME: python3-urllib3 PACKAGE VERSION: 2.2.2 CVE: CVE-2019-11324 CVE STATUS: Patched CVE SUMMARY: The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-11324 LAYER: meta PACKAGE NAME: python3-urllib3 PACKAGE VERSION: 2.2.2 CVE: CVE-2020-26137 CVE STATUS: Patched CVE SUMMARY: urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-26137 LAYER: meta PACKAGE NAME: python3-urllib3 PACKAGE VERSION: 2.2.2 CVE: CVE-2020-7212 CVE STATUS: Patched CVE SUMMARY: The _encode_invalid_chars function in util/url.py in the urllib3 library 1.25.2 through 1.25.7 for Python allows a denial of service (CPU consumption) because of an inefficient algorithm. The percent_encodings array contains all matches of percent encodings. It is not deduplicated. For a URL of length N, the size of percent_encodings may be up to O(N). The next step (normalize existing percent-encoded bytes) also takes up to O(N) for each step, so the total time is O(N^2). If percent_encodings were deduplicated, the time to compute _encode_invalid_chars would be O(kN), where k is at most 484 ((10+6*2)^2). CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-7212 LAYER: meta PACKAGE NAME: python3-urllib3 PACKAGE VERSION: 2.2.2 CVE: CVE-2021-28363 CVE STATUS: Patched CVE SUMMARY: The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy (if an SSLContext isn't given via proxy_config) doesn't verify the hostname of the certificate. This means certificates for different servers that still validate properly with the default urllib3 SSLContext will be silently accepted. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-28363 LAYER: meta PACKAGE NAME: python3-urllib3 PACKAGE VERSION: 2.2.2 CVE: CVE-2021-33503 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-33503 LAYER: meta PACKAGE NAME: python3-urllib3 PACKAGE VERSION: 2.2.2 CVE: CVE-2023-43804 CVE STATUS: Patched CVE SUMMARY: urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-43804 LAYER: meta PACKAGE NAME: python3-urllib3 PACKAGE VERSION: 2.2.2 CVE: CVE-2023-45803 CVE STATUS: Patched CVE SUMMARY: urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn't exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren't expecting to respond with redirects with `redirects=False` and disable automatic redirects with `redirects=False` and handle 301, 302, and 303 redirects manually by stripping the HTTP request body. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.2 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-45803 LAYER: meta-tpm PACKAGE NAME: tpm2-tss PACKAGE VERSION: 4.0.2 CVE: CVE-2020-24455 CVE STATUS: Patched CVE SUMMARY: Missing initialization of a variable in the TPM2 source may allow a privileged user to potentially enable an escalation of privilege via local access. This affects tpm2-tss before 3.0.1 and before 2.4.3. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 6.7 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-24455 LAYER: meta-tpm PACKAGE NAME: tpm2-tss PACKAGE VERSION: 4.0.2 CVE: CVE-2023-22745 CVE STATUS: Patched CVE SUMMARY: tpm2-tss is an open source software implementation of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2 Software Stack (TSS2). In affected versions `Tss2_RC_SetHandler` and `Tss2_RC_Decode` both index into `layer_handler` with an 8 bit layer number, but the array only has `TPM2_ERROR_TSS2_RC_LAYER_COUNT` entries, so trying to add a handler for higher-numbered layers or decode a response code with such a layer number reads/writes past the end of the buffer. This Buffer overrun, could result in arbitrary code execution. An example attack would be a MiTM bus attack that returns 0xFFFFFFFF for the RC. Given the common use case of TPM modules an attacker must have local access to the target machine with local system privileges which allows access to the TPM system. Usually TPM access requires administrative privilege. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.4 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-22745 LAYER: meta PACKAGE NAME: cmake PACKAGE VERSION: 3.28.3 CVE: CVE-2016-10642 CVE STATUS: Ignored CVE DETAIL: cpe-incorrect CVE DESCRIPTION: This is specific to the npm package that installs cmake, so isn't relevant to OpenEmbedded CVE SUMMARY: cmake installs the cmake x86 linux binaries. cmake downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 8.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10642 LAYER: meta PACKAGE NAME: pulseaudio PACKAGE VERSION: 17.0 CVE: CVE-2007-1804 CVE STATUS: Patched CVE SUMMARY: PulseAudio 0.9.5 allows remote attackers to cause a denial of service (daemon crash) via (1) a PA_PSTREAM_DESCRIPTOR_LENGTH value of FRAME_SIZE_MAX_ALLOW sent on TCP port 9875, which triggers a p->export assertion failure in do_read; (2) a PA_PSTREAM_DESCRIPTOR_LENGTH value of 0 sent on TCP port 9875, which triggers a length assertion failure in pa_memblock_new; or (3) an empty packet on UDP port 9875, which triggers a t assertion failure in pa_sdp_parse; and allows remote authenticated users to cause a denial of service (daemon crash) via a crafted packet on TCP port 9875 that (4) triggers a maxlength assertion failure in pa_memblockq_new, (5) triggers a size assertion failure in pa_xmalloc, or (6) plays a certain sound file. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-1804 LAYER: meta PACKAGE NAME: pulseaudio PACKAGE VERSION: 17.0 CVE: CVE-2008-0008 CVE STATUS: Patched CVE SUMMARY: The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from (1) setresuid, (2) setreuid, (3) setuid, and (4) seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail via attacks such as resource exhaustion. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-0008 LAYER: meta PACKAGE NAME: pulseaudio PACKAGE VERSION: 17.0 CVE: CVE-2009-1299 CVE STATUS: Patched CVE SUMMARY: The pa_make_secure_dir function in core-util.c in PulseAudio 0.9.10 and 0.9.19 allows local users to change the ownership and permissions of arbitrary files via a symlink attack on a /tmp/.esd-##### temporary file. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-1299 LAYER: meta PACKAGE NAME: pulseaudio PACKAGE VERSION: 17.0 CVE: CVE-2009-1894 CVE STATUS: Patched CVE SUMMARY: Race condition in PulseAudio 0.9.9, 0.9.10, and 0.9.14 allows local users to gain privileges via vectors involving creation of a hard link, related to the application setting LD_BIND_NOW to 1, and then calling execv on the target of the /proc/self/exe symlink. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-1894 LAYER: meta PACKAGE NAME: pulseaudio PACKAGE VERSION: 17.0 CVE: CVE-2014-3970 CVE STATUS: Patched CVE SUMMARY: The pa_rtp_recv function in modules/rtp/rtp.c in the module-rtp-recv module in PulseAudio 5.0 and earlier allows remote attackers to cause a denial of service (assertion failure and abort) via an empty UDP packet. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3970 LAYER: meta PACKAGE NAME: pulseaudio PACKAGE VERSION: 17.0 CVE: CVE-2020-11931 CVE STATUS: Patched CVE SUMMARY: An Ubuntu-specific modification to Pulseaudio to provide security mediation for Snap-packaged applications was found to have a bypass of intended access restriction for snaps which plugs any of pulseaudio, audio-playback or audio-record via unloading the pulseaudio snap policy module. This issue affects: pulseaudio 1:8.0 versions prior to 1:8.0-0ubuntu3.12; 1:11.1 versions prior to 1:11.1-1ubuntu7.7; 1:13.0 versions prior to 1:13.0-1ubuntu1.2; 1:13.99.1 versions prior to 1:13.99.1-1ubuntu3.2; CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 3.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-11931 LAYER: meta PACKAGE NAME: pulseaudio PACKAGE VERSION: 17.0 CVE: CVE-2020-15710 CVE STATUS: Patched CVE SUMMARY: Potential double free in Bluez 5 module of PulseAudio could allow a local attacker to leak memory or crash the program. The modargs variable may be freed twice in the fail condition in src/modules/bluetooth/module-bluez5-device.c and src/modules/bluetooth/module-bluez5-device.c. Fixed in 1:8.0-0ubuntu3.14. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-15710 LAYER: meta PACKAGE NAME: shadow PACKAGE VERSION: 4.14.2 CVE: CVE-2004-1001 CVE STATUS: Patched CVE SUMMARY: Unknown vulnerability in the passwd_check function in Shadow 4.0.4.1, and possibly other versions before 4.0.5, allows local users to conduct unauthorized activities when an error from a pam_chauthtok function call is not properly handled. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-1001 LAYER: meta PACKAGE NAME: shadow PACKAGE VERSION: 4.14.2 CVE: CVE-2005-4890 CVE STATUS: Patched CVE SUMMARY: There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-4890 LAYER: meta PACKAGE NAME: shadow PACKAGE VERSION: 4.14.2 CVE: CVE-2006-1174 CVE STATUS: Patched CVE SUMMARY: useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly allows attackers to read or modify the mailbox. CVSS v2 BASE SCORE: 3.7 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-1174 LAYER: meta PACKAGE NAME: shadow PACKAGE VERSION: 4.14.2 CVE: CVE-2006-1844 CVE STATUS: Patched CVE SUMMARY: The Debian installer for the (1) shadow 4.0.14 and (2) base-config 2.53.10 packages includes sensitive information in world-readable log files, including preseeded passwords and pppoeconf passwords, which might allow local users to gain privileges. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-1844 LAYER: meta PACKAGE NAME: shadow PACKAGE VERSION: 4.14.2 CVE: CVE-2008-5394 CVE STATUS: Patched CVE SUMMARY: /bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line (aka ut_line) field in a utmp entry. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-5394 LAYER: meta PACKAGE NAME: shadow PACKAGE VERSION: 4.14.2 CVE: CVE-2011-0721 CVE STATUS: Patched CVE SUMMARY: Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in shadow 1:4.1.4 allow local users to add new users or groups to /etc/passwd via the GECOS field. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-0721 LAYER: meta PACKAGE NAME: shadow PACKAGE VERSION: 4.14.2 CVE: CVE-2013-4235 CVE STATUS: Ignored CVE DETAIL: upstream-wontfix CVE DESCRIPTION: Severity is low and marked as closed and won't fix. CVE SUMMARY: shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 4.7 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4235 LAYER: meta PACKAGE NAME: shadow PACKAGE VERSION: 4.14.2 CVE: CVE-2016-6252 CVE STATUS: Patched CVE SUMMARY: Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6252 LAYER: meta PACKAGE NAME: shadow PACKAGE VERSION: 4.14.2 CVE: CVE-2017-12424 CVE STATUS: Patched CVE SUMMARY: In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12424 LAYER: meta PACKAGE NAME: shadow PACKAGE VERSION: 4.14.2 CVE: CVE-2017-20002 CVE STATUS: Patched CVE SUMMARY: The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows local users to login as password-less users even if they are connected by non-physical means such as SSH (hence bypassing PAM's nullok_secure configuration). This notably affects environments such as virtual machines automatically generated with a default blank root password, allowing all local users to escalate privileges. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-20002 LAYER: meta PACKAGE NAME: shadow PACKAGE VERSION: 4.14.2 CVE: CVE-2018-16588 CVE STATUS: Patched CVE SUMMARY: Privilege escalation can occur in the SUSE useradd.c code in useradd, as distributed in the SUSE shadow package through 4.2.1-27.9.1 for SUSE Linux Enterprise 12 (SLE-12) and through 4.5-5.39 for SUSE Linux Enterprise 15 (SLE-15). Non-existing intermediate directories are created with mode 0777 during user creation. Given that they are world-writable, local attackers might use this for privilege escalation and other unspecified attacks. NOTE: this would affect non-SUSE users who took useradd.c code from a 2014-04-02 upstream pull request; however, no non-SUSE distribution is known to be affected. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16588 LAYER: meta PACKAGE NAME: shadow PACKAGE VERSION: 4.14.2 CVE: CVE-2018-7169 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used "group blacklisting" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7169 LAYER: meta PACKAGE NAME: shadow PACKAGE VERSION: 4.14.2 CVE: CVE-2019-16110 CVE STATUS: Patched CVE SUMMARY: The network protocol of Blade Shadow though 2.13.3 allows remote attackers to take control of a Shadow instance and execute arbitrary code by only knowing the victim's IP address, because packet data can be injected into the unencrypted UDP packet stream. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-16110 LAYER: meta PACKAGE NAME: shadow PACKAGE VERSION: 4.14.2 CVE: CVE-2019-19882 CVE STATUS: Patched CVE SUMMARY: shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affects shadow 4.8 when compiled using --with-libpam but without explicitly passing --disable-account-tools-setuid, and without a PAM configuration suitable for use with setuid account management tools. This combination leads to account management tools (groupadd, groupdel, groupmod, useradd, userdel, usermod) that can easily be used by unprivileged local users to escalate privileges to root in multiple ways. This issue became much more relevant in approximately December 2019 when an unrelated bug was fixed (i.e., the chmod calls to suidusbins were fixed in the upstream Makefile which is now included in the release version 4.8). CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-19882 LAYER: meta PACKAGE NAME: shadow PACKAGE VERSION: 4.14.2 CVE: CVE-2023-29383 CVE STATUS: Patched CVE SUMMARY: In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 3.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-29383 LAYER: meta-oe PACKAGE NAME: jansson PACKAGE VERSION: 2.14 CVE: CVE-2013-6401 CVE STATUS: Patched CVE SUMMARY: Jansson, possibly 2.4 and earlier, does not restrict the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted JSON document. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-6401 LAYER: meta-oe PACKAGE NAME: jansson PACKAGE VERSION: 2.14 CVE: CVE-2016-4425 CVE STATUS: Patched CVE SUMMARY: Jansson 2.7 and earlier allows context-dependent attackers to cause a denial of service (deep recursion, stack consumption, and crash) via crafted JSON data. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4425 LAYER: meta-oe PACKAGE NAME: jansson PACKAGE VERSION: 2.14 CVE: CVE-2020-36325 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Jansson through 2.13.1. Due to a parsing error in json_loads, there's an out-of-bounds read-access bug. NOTE: the vendor reports that this only occurs when a programmer fails to follow the API specification CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-36325 LAYER: meta PACKAGE NAME: libuv PACKAGE VERSION: 1.48.0 CVE: CVE-2014-9748 CVE STATUS: Patched CVE SUMMARY: The uv_rwlock_t fallback implementation for Windows XP and Server 2003 in libuv before 1.7.4 does not properly prevent threads from releasing the locks of other threads, which allows attackers to cause a denial of service (deadlock) or possibly have unspecified other impact by leveraging a race condition. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9748 LAYER: meta PACKAGE NAME: libuv PACKAGE VERSION: 1.48.0 CVE: CVE-2015-0278 CVE STATUS: Patched CVE SUMMARY: libuv before 0.10.34 does not properly drop group privileges, which allows context-dependent attackers to gain privileges via unspecified vectors. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0278 LAYER: meta PACKAGE NAME: libuv PACKAGE VERSION: 1.48.0 CVE: CVE-2024-24806 CVE STATUS: Patched CVE SUMMARY: libuv is a multi-platform support library with a focus on asynchronous I/O. The `uv_getaddrinfo` function in `src/unix/getaddrinfo.c` (and its windows counterpart `src/win/getaddrinfo.c`), truncates hostnames to 256 characters before calling `getaddrinfo`. This behavior can be exploited to create addresses like `0x00007f000001`, which are considered valid by `getaddrinfo` and could allow an attacker to craft payloads that resolve to unintended IP addresses, bypassing developer checks. The vulnerability arises due to how the `hostname_ascii` variable (with a length of 256 bytes) is handled in `uv_getaddrinfo` and subsequently in `uv__idna_toascii`. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result attackers may be able to access internal APIs or for websites (similar to MySpace) that allows users to have `username.example.com` pages. Internal services that crawl or cache these user pages can be exposed to SSRF attacks if a malicious user chooses a long vulnerable username. This issue has been addressed in release version 1.48.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-24806 LAYER: meta PACKAGE NAME: libunwind PACKAGE VERSION: 1.6.2 CVE: CVE-2015-3239 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the dwarf_to_unw_regnum function in include/dwarf_i.h in libunwind 1.1 allows local users to have unspecified impact via invalid dwarf opcodes. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3239 LAYER: meta PACKAGE NAME: libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2017-2888 CVE STATUS: Patched CVE SUMMARY: An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2.0.5. A specially crafted file can cause an integer overflow resulting in too little memory being allocated which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-2888 LAYER: meta PACKAGE NAME: libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2019-12216 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a heap-based buffer overflow in the SDL2_image function IMG_LoadPCX_RW at IMG_pcx.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-12216 LAYER: meta PACKAGE NAME: libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2019-12217 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a NULL pointer dereference in the SDL stdio_read function in file/SDL_rwops.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-12217 LAYER: meta PACKAGE NAME: libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2019-12218 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a NULL pointer dereference in the SDL2_image function IMG_LoadPCX_RW at IMG_pcx.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-12218 LAYER: meta PACKAGE NAME: libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2019-12219 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is an invalid free error in the SDL function SDL_SetError_REAL at SDL_error.c. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-12219 LAYER: meta PACKAGE NAME: libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2019-12220 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is an out-of-bounds read in the SDL function SDL_FreePalette_REAL at video/SDL_pixels.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-12220 LAYER: meta PACKAGE NAME: libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2019-12221 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a SEGV in the SDL function SDL_free_REAL at stdlib/SDL_malloc.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-12221 LAYER: meta PACKAGE NAME: libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2019-12222 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9. There is an out-of-bounds read in the function SDL_InvalidateMap at video/SDL_pixels.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-12222 LAYER: meta PACKAGE NAME: libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2019-13616 CVE STATUS: Patched CVE SUMMARY: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 8.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-13616 LAYER: meta PACKAGE NAME: libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2019-14906 CVE STATUS: Patched CVE SUMMARY: A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulnerability. This issue only affects Red Hat SDL packages, SDL versions through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow flaw while copying an existing surface into a new optimized one, due to a lack of validation while loading a BMP image, is possible. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the application crash or execute code. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 8.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-14906 LAYER: meta PACKAGE NAME: libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2019-7572 CVE STATUS: Patched CVE SUMMARY: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-7572 LAYER: meta PACKAGE NAME: libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2019-7573 CVE STATUS: Patched CVE SUMMARY: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop). CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-7573 LAYER: meta PACKAGE NAME: libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2019-7574 CVE STATUS: Patched CVE SUMMARY: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-7574 LAYER: meta PACKAGE NAME: libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2019-7575 CVE STATUS: Patched CVE SUMMARY: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-7575 LAYER: meta PACKAGE NAME: libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2019-7576 CVE STATUS: Patched CVE SUMMARY: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop). CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-7576 LAYER: meta PACKAGE NAME: libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2019-7577 CVE STATUS: Patched CVE SUMMARY: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-7577 LAYER: meta PACKAGE NAME: libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2019-7578 CVE STATUS: Patched CVE SUMMARY: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 8.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-7578 LAYER: meta PACKAGE NAME: libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2019-7635 CVE STATUS: Patched CVE SUMMARY: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 8.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-7635 LAYER: meta PACKAGE NAME: libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2019-7636 CVE STATUS: Patched CVE SUMMARY: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 8.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-7636 LAYER: meta PACKAGE NAME: libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2019-7637 CVE STATUS: Patched CVE SUMMARY: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-7637 LAYER: meta PACKAGE NAME: libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2019-7638 CVE STATUS: Patched CVE SUMMARY: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-7638 LAYER: meta PACKAGE NAME: libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2020-14409 CVE STATUS: Patched CVE SUMMARY: SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-14409 LAYER: meta PACKAGE NAME: libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2020-14410 CVE STATUS: Patched CVE SUMMARY: SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 5.4 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-14410 LAYER: meta PACKAGE NAME: libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2021-33657 CVE STATUS: Patched CVE SUMMARY: There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple DirectMedia Layer) 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, denial of service or Code execution. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-33657 LAYER: meta PACKAGE NAME: libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2022-34568 CVE STATUS: Patched CVE SUMMARY: SDL v1.2 was discovered to contain a use-after-free via the XFree function at /src/video/x11/SDL_x11yuv.c. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-34568 LAYER: meta PACKAGE NAME: libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2022-4743 CVE STATUS: Patched CVE SUMMARY: A potential memory leak issue was discovered in SDL2 in GLES_CreateTexture() function in SDL_render_gles.c. The vulnerability allows an attacker to cause a denial of service attack. The vulnerability affects SDL2 v2.0.4 and above. SDL-1.x are not affected. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-4743 LAYER: meta PACKAGE NAME: flac PACKAGE VERSION: 1.4.3 CVE: CVE-2007-4619 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-4619 LAYER: meta PACKAGE NAME: flac PACKAGE VERSION: 1.4.3 CVE: CVE-2007-6277 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via large (1) Metadata Block Size, (2) VORBIS Comment String Size, (3) Picture Metadata MIME-TYPE Size, (4) Picture Description Size, (5) Picture Data Length, (6) Padding Length, and (7) PICTURE Metadata width and height values in a .FLAC file, which result in a heap-based overflow; and large (8) VORBIS Comment String Size Length, (9) Picture MIME-Type, (10) Picture MIME-Type URL, and (11) Picture Description Length values in a .FLAC file, which result in a stack-based overflow. NOTE: some of these issues may overlap CVE-2007-4619. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6277 LAYER: meta PACKAGE NAME: flac PACKAGE VERSION: 1.4.3 CVE: CVE-2007-6278 CVE STATUS: Patched CVE SUMMARY: Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allows user-assisted remote attackers to force a client to download arbitrary files via the MIME-Type URL flag (-->) for the FLAC image file in a crafted .FLAC file. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6278 LAYER: meta PACKAGE NAME: flac PACKAGE VERSION: 1.4.3 CVE: CVE-2007-6279 CVE STATUS: Patched CVE SUMMARY: Multiple double free vulnerabilities in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via malformed (1) Seektable values or (2) Seektable Data Offsets in a .FLAC file. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6279 LAYER: meta PACKAGE NAME: flac PACKAGE VERSION: 1.4.3 CVE: CVE-2014-8962 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8962 LAYER: meta PACKAGE NAME: flac PACKAGE VERSION: 1.4.3 CVE: CVE-2014-9028 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9028 LAYER: meta PACKAGE NAME: flac PACKAGE VERSION: 1.4.3 CVE: CVE-2017-6888 CVE STATUS: Patched CVE SUMMARY: An error in the "read_metadata_vorbiscomment_()" function (src/libFLAC/stream_decoder.c) in FLAC version 1.3.2 can be exploited to cause a memory leak via a specially crafted FLAC file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6888 LAYER: meta PACKAGE NAME: flac PACKAGE VERSION: 1.4.3 CVE: CVE-2020-22219 CVE STATUS: Patched CVE SUMMARY: Buffer Overflow vulnerability in function bitwriter_grow_ in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-22219 LAYER: meta PACKAGE NAME: dbus PACKAGE VERSION: 1.14.10 CVE: CVE-2008-0595 CVE STATUS: Patched CVE SUMMARY: dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-0595 LAYER: meta PACKAGE NAME: dbus PACKAGE VERSION: 1.14.10 CVE: CVE-2008-3834 CVE STATUS: Patched CVE SUMMARY: The dbus_signature_validate function in the D-bus library (libdbus) before 1.2.4 allows remote attackers to cause a denial of service (application abort) via a message containing a malformed signature, which triggers a failed assertion error. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3834 LAYER: meta PACKAGE NAME: dbus PACKAGE VERSION: 1.14.10 CVE: CVE-2008-4311 CVE STATUS: Patched CVE SUMMARY: The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sending messages, related to send_requested_reply; and possibly (2) receiving messages, related to receive_requested_reply. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-4311 LAYER: meta PACKAGE NAME: dbus PACKAGE VERSION: 1.14.10 CVE: CVE-2009-1189 CVE STATUS: Patched CVE SUMMARY: The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) before 1.2.14 uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an incorrect fix for CVE-2008-3834. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-1189 LAYER: meta PACKAGE NAME: dbus PACKAGE VERSION: 1.14.10 CVE: CVE-2010-4352 CVE STATUS: Patched CVE SUMMARY: Stack consumption vulnerability in D-Bus (aka DBus) before 1.4.1 allows local users to cause a denial of service (daemon crash) via a message containing many nested variants. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-4352 LAYER: meta PACKAGE NAME: dbus PACKAGE VERSION: 1.14.10 CVE: CVE-2011-2200 CVE STATUS: Patched CVE SUMMARY: The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus (aka DBus) 1.2.x before 1.2.28, 1.4.x before 1.4.12, and 1.5.x before 1.5.4 does not properly handle a non-native byte order, which allows local users to cause a denial of service (connection loss), obtain potentially sensitive information, or conduct unspecified state-modification attacks via crafted messages. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-2200 LAYER: meta PACKAGE NAME: dbus PACKAGE VERSION: 1.14.10 CVE: CVE-2011-2533 CVE STATUS: Patched CVE SUMMARY: The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-2533 LAYER: meta PACKAGE NAME: dbus PACKAGE VERSION: 1.14.10 CVE: CVE-2012-3524 CVE STATUS: Patched CVE SUMMARY: libdbus 1.5.x and earlier, when used in setuid or other privileged programs in X.org and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: libdbus maintainers state that this is a vulnerability in the applications that do not cleanse environment variables, not in libdbus itself: "we do not support use of libdbus in setuid binaries that do not sanitize their environment before their first call into libdbus." CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-3524 LAYER: meta PACKAGE NAME: dbus PACKAGE VERSION: 1.14.10 CVE: CVE-2013-2168 CVE STATUS: Patched CVE SUMMARY: The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix.c in D-Bus (aka DBus) 1.4.x before 1.4.26, 1.6.x before 1.6.12, and 1.7.x before 1.7.4 allows local users to cause a denial of service (service crash) via a crafted message. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2168 LAYER: meta PACKAGE NAME: dbus PACKAGE VERSION: 1.14.10 CVE: CVE-2014-3477 CVE STATUS: Patched CVE SUMMARY: The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 4.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3477 LAYER: meta PACKAGE NAME: dbus PACKAGE VERSION: 1.14.10 CVE: CVE-2014-3532 CVE STATUS: Patched CVE SUMMARY: dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3532 LAYER: meta PACKAGE NAME: dbus PACKAGE VERSION: 1.14.10 CVE: CVE-2014-3533 CVE STATUS: Patched CVE SUMMARY: dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3533 LAYER: meta PACKAGE NAME: dbus PACKAGE VERSION: 1.14.10 CVE: CVE-2014-3635 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one more file descriptor than the limit, which triggers a heap-based buffer overflow or an assertion failure. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3635 LAYER: meta PACKAGE NAME: dbus PACKAGE VERSION: 1.14.10 CVE: CVE-2014-3636 CVE STATUS: Patched CVE SUMMARY: D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3636 LAYER: meta PACKAGE NAME: dbus PACKAGE VERSION: 1.14.10 CVE: CVE-2014-3637 CVE STATUS: Patched CVE SUMMARY: D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3637 LAYER: meta PACKAGE NAME: dbus PACKAGE VERSION: 1.14.10 CVE: CVE-2014-3638 CVE STATUS: Patched CVE SUMMARY: The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3638 LAYER: meta PACKAGE NAME: dbus PACKAGE VERSION: 1.14.10 CVE: CVE-2014-3639 CVE STATUS: Patched CVE SUMMARY: The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and prevention of new connections) via a large number of incomplete connections. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3639 LAYER: meta PACKAGE NAME: dbus PACKAGE VERSION: 1.14.10 CVE: CVE-2014-7824 CVE STATUS: Patched CVE SUMMARY: D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636.1. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-7824 LAYER: meta PACKAGE NAME: dbus PACKAGE VERSION: 1.14.10 CVE: CVE-2015-0245 CVE STATUS: Patched CVE SUMMARY: D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0245 LAYER: meta PACKAGE NAME: dbus PACKAGE VERSION: 1.14.10 CVE: CVE-2019-12749 CVE STATUS: Patched CVE SUMMARY: dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 7.1 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-12749 LAYER: meta PACKAGE NAME: dbus PACKAGE VERSION: 1.14.10 CVE: CVE-2020-12049 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-12049 LAYER: meta PACKAGE NAME: dbus PACKAGE VERSION: 1.14.10 CVE: CVE-2020-35512 CVE STATUS: Patched CVE SUMMARY: A use-after-free flaw was found in D-Bus Development branch <= 1.13.16, dbus-1.12.x stable branch <= 1.12.18, and dbus-1.10.x and older branches <= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-35512 LAYER: meta PACKAGE NAME: dbus PACKAGE VERSION: 1.14.10 CVE: CVE-2022-42010 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-42010 LAYER: meta PACKAGE NAME: dbus PACKAGE VERSION: 1.14.10 CVE: CVE-2022-42011 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-42011 LAYER: meta PACKAGE NAME: dbus PACKAGE VERSION: 1.14.10 CVE: CVE-2022-42012 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-42012 LAYER: meta PACKAGE NAME: dbus PACKAGE VERSION: 1.14.10 CVE: CVE-2023-34969 CVE STATUS: Patched CVE SUMMARY: D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-34969 LAYER: meta PACKAGE NAME: acl PACKAGE VERSION: 2.3.2 CVE: CVE-2009-4411 CVE STATUS: Patched CVE SUMMARY: The (1) setfacl and (2) getfacl commands in XFS acl 2.2.47, when running in recursive (-R) mode, follow symbolic links even when the --physical (aka -P) or -L option is specified, which might allow local users to modify the ACL for arbitrary files or directories via a symlink attack. CVSS v2 BASE SCORE: 3.7 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-4411 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2004-0691 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the BMP image format parser for the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0691 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2004-0692 CVE STATUS: Patched CVE SUMMARY: The XPM parser in the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) via a malformed image file that triggers a null dereference, a different vulnerability than CVE-2004-0693. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0692 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2004-0693 CVE STATUS: Patched CVE SUMMARY: The GIF parser in the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) via a malformed image file that triggers a null dereference, a different vulnerability than CVE-2004-0692. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0693 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2005-0627 CVE STATUS: Patched CVE SUMMARY: Qt before 3.3.4 searches the BUILD_PREFIX directory, which could be world-writable, to load shared libraries regardless of the LD_LIBRARY_PATH environment variable, which allows local users to execute arbitrary programs. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-0627 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2006-4811 CVE STATUS: Patched CVE SUMMARY: Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 before 4.2.1, as used in the KDE khtml library, kdelibs 3.1.3, and possibly other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted pixmap image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-4811 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2007-0242 CVE STATUS: Patched CVE SUMMARY: The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-0242 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2007-3388 CVE STATUS: Patched CVE SUMMARY: Multiple format string vulnerabilities in (1) qtextedit.cpp, (2) qdatatable.cpp, (3) qsqldatabase.cpp, (4) qsqlindex.cpp, (5) qsqlrecord.cpp, (6) qglobal.cpp, and (7) qsvgdevice.cpp in QTextEdit in Trolltech Qt 3 before 3.3.8 20070727 allow remote attackers to execute arbitrary code via format string specifiers in text used to compose an error message. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-3388 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2007-4137 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of service (crash) via a crafted Unicode string that triggers a heap-based buffer overflow. NOTE: Qt 4 has the same error in the QUtf8Codec::convertToUnicode function, but it is not exploitable. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-4137 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2009-2700 CVE STATUS: Patched CVE SUMMARY: src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-2700 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2010-1766 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the WebSocketHandshake::readServerHandshake function in websockets/WebSocketHandshake.cpp in WebCore in WebKit before r56380, as used in Qt and other products, allows remote websockets servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an upgrade header that is long and invalid. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-1766 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2010-2621 CVE STATUS: Patched CVE SUMMARY: The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2621 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2010-5076 CVE STATUS: Patched CVE SUMMARY: QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-5076 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2011-3193 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3193 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2011-3194 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the TIFF reader in gui/image/qtiffhandler.cpp in Qt 4.7.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the TIFFTAG_SAMPLESPERPIXEL tag in a greyscale TIFF image with multiple samples per pixel. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3194 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2012-5624 CVE STATUS: Patched CVE SUMMARY: The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-5624 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2012-6093 CVE STATUS: Patched CVE SUMMARY: The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an "incompatible structure layout" that can read memory from the wrong location, which causes Qt to report an incorrect error when certificate validation fails and might cause users to make unsafe security decisions to accept a certificate. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6093 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2013-0254 CVE STATUS: Patched CVE SUMMARY: The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0254 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2013-4549 CVE STATUS: Patched CVE SUMMARY: QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4549 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2014-0190 CVE STATUS: Patched CVE SUMMARY: The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0190 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-0295 CVE STATUS: Patched CVE SUMMARY: The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0295 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-1290 CVE STATUS: Patched CVE SUMMARY: The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1290 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-1858 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1858 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-1859 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1859 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-1860 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1860 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-7298 CVE STATUS: Patched CVE SUMMARY: ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote attackers to conduct man-in-the-middle (MITM) attacks by leveraging a server using a self-signed certificate. NOTE: this vulnerability exists because of a partial CVE-2015-4456 regression. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7298 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-9541 CVE STATUS: Patched CVE SUMMARY: Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-9541 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2017-10904 CVE STATUS: Patched CVE SUMMARY: Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-10904 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2017-10905 CVE STATUS: Patched CVE SUMMARY: A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified vectors. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-10905 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2017-15011 CVE STATUS: Patched CVE SUMMARY: The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and SugarSync, are configured for remote access and allow remote attackers to cause a denial of service (application crash) via an unspecified string. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15011 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-15518 CVE STATUS: Patched CVE SUMMARY: QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-15518 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-19865 CVE STATUS: Patched CVE SUMMARY: A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19865 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-19869 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19869 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-19870 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19870 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-19871 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19871 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-19872 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19872 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-19873 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19873 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-21035 CVE STATUS: Patched CVE SUMMARY: In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 8.6 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-21035 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2020-0569 CVE STATUS: Patched CVE SUMMARY: Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access. CVSS v2 BASE SCORE: 2.7 CVSS v3 BASE SCORE: 5.7 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-0569 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2020-0570 CVE STATUS: Patched CVE SUMMARY: Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 7.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-0570 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2020-12267 CVE STATUS: Patched CVE SUMMARY: setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-12267 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2020-13962 CVE STATUS: Patched CVE SUMMARY: Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.) CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-13962 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2020-17507 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-17507 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2020-24742 CVE STATUS: Patched CVE SUMMARY: An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-24742 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2021-28025 CVE STATUS: Patched CVE SUMMARY: Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS). CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-28025 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2021-3481 CVE STATUS: Patched CVE SUMMARY: A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access. The highest threat from this vulnerability is to data confidentiality and the application availability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.1 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3481 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2021-38593 CVE STATUS: Patched CVE SUMMARY: Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-38593 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2022-25255 CVE STATUS: Patched CVE SUMMARY: In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-25255 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2022-25634 CVE STATUS: Patched CVE SUMMARY: Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-25634 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2022-40983 CVE STATUS: Patched CVE SUMMARY: An integer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an integer overflow during memory allocation, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-40983 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2022-43591 CVE STATUS: Patched CVE SUMMARY: A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an out-of-bounds memory access, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-43591 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-24607 CVE STATUS: Patched CVE SUMMARY: Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-24607 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-32573 CVE STATUS: Unpatched CVE SUMMARY: In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-32573 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-32762 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-32762 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-32763 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-32763 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-33285 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-33285 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-34410 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-34410 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-37369 CVE STATUS: Unpatched CVE SUMMARY: In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-37369 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-38197 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-38197 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-43114 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFont{FromData], then it can cause the application to crash because of missing length checks. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-43114 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-51714 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-51714 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2024-39936 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed.. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.6 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-39936 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2025-30348 CVE STATUS: Unpatched CVE SUMMARY: encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with relocation of later data). CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-30348 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.4 CVE: CVE-2002-1170 CVE STATUS: Patched CVE SUMMARY: The handle_var_requests function in snmp_agent.c for the SNMP daemon in the Net-SNMP (formerly ucd-snmp) package 5.0.1 through 5.0.5 allows remote attackers to cause a denial of service (crash) via a NULL dereference. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-1170 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.4 CVE: CVE-2003-0935 CVE STATUS: Patched CVE SUMMARY: Net-SNMP before 5.0.9 allows a user or community to access data in MIB objects, even if that data is not allowed to be viewed. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-0935 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.4 CVE: CVE-2005-1740 CVE STATUS: Patched CVE SUMMARY: fixproc in Net-snmp 5.x before 5.2.1-r1 creates temporary files insecurely, which allows local users to modify the contents of those files to execute arbitrary commands, or overwrite arbitrary files via a symlink attack. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-1740 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.4 CVE: CVE-2005-2177 CVE STATUS: Patched CVE SUMMARY: Net-SNMP 5.0.x before 5.0.10.2, 5.2.x before 5.2.1.2, and 5.1.3, when net-snmp is using stream sockets such as TCP, allows remote attackers to cause a denial of service (daemon hang and CPU consumption) via a TCP packet of length 1, which triggers an infinite loop. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-2177 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.4 CVE: CVE-2005-2811 CVE STATUS: Patched CVE SUMMARY: Untrusted search path vulnerability in Net-SNMP 5.2.1.2 and earlier, on Gentoo Linux, installs certain Perl modules with an insecure DT_RPATH, which could allow local users to gain privileges. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-2811 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.4 CVE: CVE-2005-4837 CVE STATUS: Patched CVE SUMMARY: snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, 5.1.x before 5.1.3, and 5.0.x before 5.0.10.2, when running in master agentx mode, allows remote attackers to cause a denial of service (crash) by causing a particular TCP disconnect, which triggers a free of an incorrect variable, a different vulnerability than CVE-2005-2177. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-4837 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.4 CVE: CVE-2006-6305 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Net-SNMP 5.3 before 5.3.0.1, when configured using the rocommunity or rouser snmpd.conf tokens, causes Net-SNMP to grant write access to users or communities that only have read-only access. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-6305 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.4 CVE: CVE-2007-5846 CVE STATUS: Patched CVE SUMMARY: The SNMP agent (snmp_agent.c) in net-snmp before 5.4.1 allows remote attackers to cause a denial of service (CPU and memory consumption) via a GETBULK request with a large max-repeaters value. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-5846 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.4 CVE: CVE-2008-2292 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large OCTETSTRING in an attribute value pair (AVP). CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-2292 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.4 CVE: CVE-2008-4309 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-4309 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.4 CVE: CVE-2008-6123 CVE STATUS: Patched CVE SUMMARY: The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to "source/destination IP address confusion." CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-6123 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.4 CVE: CVE-2009-1887 CVE STATUS: Patched CVE SUMMARY: agent/snmp_agent.c in snmpd in net-snmp 5.0.9 in Red Hat Enterprise Linux (RHEL) 3 allows remote attackers to cause a denial of service (daemon crash) via a crafted SNMP GETBULK request that triggers a divide-by-zero error. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-4309. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-1887 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.4 CVE: CVE-2012-2141 CVE STATUS: Patched CVE SUMMARY: Array index error in the handle_nsExtendOutput2Table function in agent/mibgroup/agent/extend.c in Net-SNMP 5.7.1 allows remote authenticated users to cause a denial of service (out-of-bounds read and snmpd crash) via an SNMP GET request for an entry not in the extension table. CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2141 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.4 CVE: CVE-2012-6151 CVE STATUS: Patched CVE SUMMARY: Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption, and hang) by causing the AgentX subagent to timeout. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6151 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.4 CVE: CVE-2014-2284 CVE STATUS: Patched CVE SUMMARY: The Linux implementation of the ICMP-MIB in Net-SNMP 5.5 before 5.5.2.1, 5.6.x before 5.6.2.1, and 5.7.x before 5.7.2.1 does not properly validate input, which allows remote attackers to cause a denial of service via unspecified vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2284 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.4 CVE: CVE-2014-2285 CVE STATUS: Patched CVE SUMMARY: The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows remote attackers to cause a denial of service (snmptrapd crash) via an empty community string in an SNMP trap, which triggers a NULL pointer dereference within the newSVpv function in Perl. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2285 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.4 CVE: CVE-2014-2310 CVE STATUS: Patched CVE SUMMARY: The AgentX subagent in Net-SNMP before 5.4.4 allows remote attackers to cause a denial of service (hang) by sending a multi-object request with an Object ID (OID) containing more subids than previous requests, a different vulnerability than CVE-2012-6151. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2310 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.4 CVE: CVE-2014-3565 CVE STATUS: Patched CVE SUMMARY: snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrated by a NULL type in an ifMtu trap message. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3565 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.4 CVE: CVE-2015-5621 CVE STATUS: Patched CVE SUMMARY: The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmp_variable_list item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5621 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.4 CVE: CVE-2015-8100 CVE STATUS: Patched CVE SUMMARY: The net-snmp package in OpenBSD through 5.8 uses 0644 permissions for snmpd.conf, which allows local users to obtain sensitive community information by reading this file. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8100 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.4 CVE: CVE-2018-1000116 CVE STATUS: Patched CVE SUMMARY: NET-SNMP version 5.7.2 contains a heap corruption vulnerability in the UDP protocol handler that can result in command execution. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000116 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.4 CVE: CVE-2018-18065 CVE STATUS: Patched CVE SUMMARY: _set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18065 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.4 CVE: CVE-2018-18066 CVE STATUS: Patched CVE SUMMARY: snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18066 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.4 CVE: CVE-2019-20892 CVE STATUS: Patched CVE SUMMARY: net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateReference in snmplib/snmpusm.c via an SNMPv3 GetBulk request. NOTE: this affects net-snmp packages shipped to end users by multiple Linux distributions, but might not affect an upstream release. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-20892 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.4 CVE: CVE-2020-15861 CVE STATUS: Patched CVE SUMMARY: Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-15861 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.4 CVE: CVE-2020-15862 CVE STATUS: Patched CVE SUMMARY: Net-SNMP through 5.8 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-15862 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.4 CVE: CVE-2022-24805 CVE STATUS: Patched CVE SUMMARY: net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a buffer overflow in the handling of the `INDEX` of `NET-SNMP-VACM-MIB` can cause an out-of-bounds memory access. A user with read-only credentials can exploit the issue. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-24805 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.4 CVE: CVE-2022-24806 CVE STATUS: Patched CVE SUMMARY: net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can exploit an Improper Input Validation vulnerability when SETing malformed OIDs in master agent and subagent simultaneously. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-24806 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.4 CVE: CVE-2022-24807 CVE STATUS: Patched CVE SUMMARY: net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a malformed OID in a SET request to `SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable` can cause an out-of-bounds memory access. A user with read-write credentials can exploit the issue. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-24807 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.4 CVE: CVE-2022-24808 CVE STATUS: Patched CVE SUMMARY: net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a `SET` request to `NET-SNMP-AGENT-MIB::nsLogTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-24808 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.4 CVE: CVE-2022-24809 CVE STATUS: Patched CVE SUMMARY: net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-only credentials can use a malformed OID in a `GET-NEXT` to the `nsVacmAccessTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-24809 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.4 CVE: CVE-2022-24810 CVE STATUS: Patched CVE SUMMARY: net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a SET to the nsVacmAccessTable to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-24810 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.4 CVE: CVE-2022-44792 CVE STATUS: Patched CVE SUMMARY: handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker (who has write access) to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-44792 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.4 CVE: CVE-2022-44793 CVE STATUS: Patched CVE SUMMARY: handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-44793 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2007-0998 CVE STATUS: Ignored CVE DETAIL: not-applicable-config CVE DESCRIPTION: The VNC server can expose host files uder some circumstances. We don't enable it by default. CVE SUMMARY: The VNC server implementation in QEMU, as used by Xen and possibly other environments, allows local users of a guest operating system to read arbitrary files on the host operating system via unspecified vectors related to QEMU monitor mode, as demonstrated by mapping files to a CDROM device. NOTE: some of these details are obtained from third party information. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-0998 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2007-1320 CVE STATUS: Patched CVE SUMMARY: Multiple heap-based buffer overflows in the cirrus_invalidate_region function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and possibly other products, might allow local users to execute arbitrary code via unspecified vectors related to "attempting to mark non-existent regions as dirty," aka the "bitblt" heap overflow. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-1320 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2007-1321 CVE STATUS: Patched CVE SUMMARY: Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to trigger a heap-based buffer overflow via certain register values that bypass sanity checks, aka QEMU NE2000 "receive" integer signedness error. NOTE: this identifier was inadvertently used by some sources to cover multiple issues that were labeled "NE2000 network driver and the socket code," but separate identifiers have been created for the individual vulnerabilities since there are sometimes different fixes; see CVE-2007-5729 and CVE-2007-5730. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-1321 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2007-1322 CVE STATUS: Patched CVE SUMMARY: QEMU 0.8.2 allows local users to halt a virtual machine by executing the icebp instruction. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-1322 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2007-1366 CVE STATUS: Patched CVE SUMMARY: QEMU 0.8.2 allows local users to crash a virtual machine via the divisor operand to the aam instruction, as demonstrated by "aam 0x0," which triggers a divide-by-zero error. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-1366 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2007-5729 CVE STATUS: Patched CVE SUMMARY: The NE2000 emulator in QEMU 0.8.2 allows local users to execute arbitrary code by writing Ethernet frames with a size larger than the MTU to the EN0_TCNT register, which triggers a heap-based buffer overflow in the slirp library, aka NE2000 "mtu" heap overflow. NOTE: some sources have used CVE-2007-1321 to refer to this issue as part of "NE2000 network driver and the socket code," but this is the correct identifier for the mtu overflow vulnerability. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-5729 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2007-5730 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to execute arbitrary code via crafted data in the "net socket listen" option, aka QEMU "net socket" heap overflow. NOTE: some sources have used CVE-2007-1321 to refer to this issue as part of "NE2000 network driver and the socket code," but this is the correct identifier for the individual net socket listen vulnerability. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-5730 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2007-6227 CVE STATUS: Patched CVE SUMMARY: QEMU 0.9.0 allows local users of a Windows XP SP2 guest operating system to overwrite the TranslationBlock (code_gen_buffer) buffer, and probably have unspecified other impacts related to an "overflow," via certain Windows executable programs, as demonstrated by qemu-dos.com. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6227 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2008-0928 CVE STATUS: Patched CVE SUMMARY: Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine. CVSS v2 BASE SCORE: 4.7 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-0928 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2008-1945 CVE STATUS: Patched CVE SUMMARY: QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-2008-2004. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1945 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2008-2004 CVE STATUS: Patched CVE SUMMARY: The drive_init function in QEMU 0.9.1 determines the format of a raw disk image based on the header, which allows local guest users to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-2004 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2008-2382 CVE STATUS: Patched CVE SUMMARY: The protocol_client_msg function in vnc.c in the VNC server in (1) Qemu 0.9.1 and earlier and (2) KVM kvm-79 and earlier allows remote attackers to cause a denial of service (infinite loop) via a certain message. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-2382 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2008-4539 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM before kvm-82 and (2) QEMU on Debian GNU/Linux and Ubuntu might allow local users to gain privileges by using the VNC console for a connection, aka the LGD-54XX "bitblt" heap overflow. NOTE: this issue exists because of an incorrect fix for CVE-2007-1320. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-4539 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2008-4553 CVE STATUS: Patched CVE SUMMARY: qemu-make-debian-root in qemu 0.9.1-5 on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on temporary files and directories. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-4553 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2008-5714 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for remote attackers to guess the VNC password, which is limited to seven characters where eight was intended. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-5714 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2009-3616 CVE STATUS: Patched CVE SUMMARY: Multiple use-after-free vulnerabilities in vnc.c in the VNC server in QEMU 0.10.6 and earlier might allow guest OS users to execute arbitrary code on the host OS by establishing a connection from a VNC client and then (1) disconnecting during data transfer, (2) sending a message using incorrect integer data types, or (3) using the Fuzzy Screen Mode protocol, related to double free vulnerabilities. CVSS v2 BASE SCORE: 8.5 CVSS v3 BASE SCORE: 9.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:S/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-3616 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2010-0297 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the usb_host_handle_control function in the USB passthrough handling implementation in usb-linux.c in QEMU before 0.11.1 allows guest OS users to cause a denial of service (guest OS crash or hang) or possibly execute arbitrary code on the host OS via a crafted USB packet. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-0297 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2011-0011 CVE STATUS: Patched CVE SUMMARY: qemu-kvm before 0.11.0 disables VNC authentication when the password is cleared, which allows remote attackers to bypass authentication and establish VNC sessions. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-0011 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2011-1750 CVE STATUS: Patched CVE SUMMARY: Multiple heap-based buffer overflows in the virtio-blk driver (hw/virtio-blk.c) in qemu-kvm 0.14.0 allow local guest users to cause a denial of service (guest crash) and possibly gain privileges via a (1) write request to the virtio_blk_handle_write function or (2) read request to the virtio_blk_handle_read function that is not properly aligned. CVSS v2 BASE SCORE: 7.4 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:S/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1750 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2011-1751 CVE STATUS: Patched CVE SUMMARY: The pciej_write function in hw/acpi_piix4.c in the PIIX4 Power Management emulation in qemu-kvm does not check if a device is hotpluggable before unplugging the PCI-ISA bridge, which allows privileged guest users to cause a denial of service (guest crash) and possibly execute arbitrary code by sending a crafted value to the 0xae08 (PCI_EJ_BASE) I/O port, which leads to a use-after-free related to "active qemu timers." CVSS v2 BASE SCORE: 7.4 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:S/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1751 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2011-2212 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the virtio subsystem in qemu-kvm 0.14.0 and earlier allows privileged guest users to cause a denial of service (guest crash) or gain privileges via a crafted indirect descriptor related to "virtqueue in and out requests." CVSS v2 BASE SCORE: 7.4 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:S/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-2212 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2011-2527 CVE STATUS: Patched CVE SUMMARY: The change_process_uid function in os-posix.c in Qemu 0.14.0 and earlier does not properly drop group privileges when the -runas option is used, which allows local guest users to access restricted files on the host. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-2527 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2011-3346 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in hw/scsi-disk.c in the SCSI subsystem in QEMU before 0.15.2, as used by Xen, might allow local guest users with permission to access the CD-ROM to cause a denial of service (guest crash) via a crafted SAI READ CAPACITY SCSI command. NOTE: this is only a vulnerability when root has manually modified certain permissions or ACLs. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3346 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2011-4111 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the ccid_card_vscard_handle_message function in hw/ccid-card-passthru.c in QEMU before 0.15.2 and 1.x before 1.0-rc4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VSC_ATR message. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:H/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-4111 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2012-2652 CVE STATUS: Patched CVE SUMMARY: The bdrv_open function in Qemu 1.0 does not properly handle the failure of the mkstemp function, when in snapshot node, which allows local users to overwrite or read arbitrary files via a symlink attack on an unspecified temporary file. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2652 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2012-3515 CVE STATUS: Patched CVE SUMMARY: Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space." CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-3515 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2012-6075 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6075 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2013-2007 CVE STATUS: Patched CVE SUMMARY: The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when started in daemon mode, uses weak permissions for certain files, which allows local users to read and write to these files. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2007 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2013-2016 CVE STATUS: Patched CVE SUMMARY: A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device. If the virtio device has zero/small sized config space, such as virtio-rng, a privileged guest user could use this flaw to access the matching host's qemu address space and thus increase their privileges on the host. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2016 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2013-4148 CVE STATUS: Patched CVE SUMMARY: Integer signedness error in the virtio_net_load function in hw/net/virtio-net.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers a buffer overflow. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4148 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2013-4149 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in virtio_net_load function in net/virtio-net.c in QEMU 1.3.0 through 1.7.x before 1.7.2 might allow remote attackers to execute arbitrary code via a large MAC table. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4149 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2013-4150 CVE STATUS: Patched CVE SUMMARY: The virtio_net_load function in hw/net/virtio-net.c in QEMU 1.5.0 through 1.7.x before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors in which the value of curr_queues is greater than max_queues, which triggers an out-of-bounds write. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4150 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2013-4151 CVE STATUS: Patched CVE SUMMARY: The virtio_load function in virtio/virtio.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds write. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4151 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2013-4344 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4344 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2013-4375 CVE STATUS: Patched CVE SUMMARY: The qdisk PV disk backend in qemu-xen in Xen 4.2.x and 4.3.x before 4.3.1, and qemu 1.1 and other versions, allows local HVM guests to cause a denial of service (domain grant reference consumption) via unspecified vectors. CVSS v2 BASE SCORE: 2.7 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4375 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2013-4377 CVE STATUS: Patched CVE SUMMARY: Use-after-free vulnerability in the virtio-pci implementation in Qemu 1.4.0 through 1.6.0 allows local users to cause a denial of service (daemon crash) by "hot-unplugging" a virtio device. CVSS v2 BASE SCORE: 2.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4377 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2013-4526 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in hw/ide/ahci.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via vectors related to migrating ports. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4526 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2013-4527 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in hw/timer/hpet.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via vectors related to the number of timers. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4527 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2013-4529 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in hw/pci/pcie_aer.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large log_num value in a savevm image. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4529 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2013-4530 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in hw/ssi/pl022.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted tx_fifo_head and rx_fifo_head values in a savevm image. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4530 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2013-4531 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in target-arm/machine.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a negative value in cpreg_vmstate_array_len in a savevm image. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4531 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2013-4532 CVE STATUS: Patched CVE SUMMARY: Qemu 1.1.2+dfsg to 2.1+dfsg suffers from a buffer overrun which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4532 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2013-4533 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the pxa2xx_ssp_load function in hw/arm/pxa2xx.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted s->rx_level value in a savevm image. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4533 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2013-4534 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in hw/intc/openpic.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors related to IRQDest elements. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4534 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2013-4535 CVE STATUS: Patched CVE SUMMARY: The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4535 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2013-4536 CVE STATUS: Patched CVE SUMMARY: An user able to alter the savevm data (either on the disk or over the wire during migration) could use this flaw to to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4536 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2013-4537 CVE STATUS: Patched CVE SUMMARY: The ssi_sd_transfer function in hw/sd/ssi-sd.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted arglen value in a savevm image. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4537 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2013-4538 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in the ssd0323_load function in hw/display/ssd0323.c in QEMU before 1.7.2 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via crafted (1) cmd_len, (2) row, or (3) col values; (4) row_start and row_end values; or (5) col_star and col_end values in a savevm image. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4538 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2013-4539 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in the tsc210x_load function in hw/input/tsc210x.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted (1) precision, (2) nextprecision, (3) function, or (4) nextfunction value in a savevm image. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4539 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2013-4540 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in scoop_gpio_handler_update in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a large (1) prev_level, (2) gpio_level, or (3) gpio_dir value in a savevm image. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4540 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2013-4541 CVE STATUS: Patched CVE SUMMARY: The usb_device_post_load function in hw/usb/bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, related to a negative setup_len or setup_index value. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4541 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2013-4542 CVE STATUS: Patched CVE SUMMARY: The virtio_scsi_load_request function in hw/scsi/scsi-bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds array access. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4542 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2013-4544 CVE STATUS: Patched CVE SUMMARY: hw/net/vmxnet3.c in QEMU 2.0.0-rc0, 1.7.1, and earlier allows local guest users to cause a denial of service or possibly execute arbitrary code via vectors related to (1) RX or (2) TX queue numbers or (3) interrupt indices. NOTE: some of these details are obtained from third party information. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4544 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2013-6399 CVE STATUS: Patched CVE SUMMARY: Array index error in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-6399 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2014-0142 CVE STATUS: Patched CVE SUMMARY: QEMU, possibly before 2.0.0, allows local users to cause a denial of service (divide-by-zero error and crash) via a zero value in the (1) tracks field to the seek_to_sector function in block/parallels.c or (2) extent_size field in the bochs function in block/bochs.c. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0142 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2014-0143 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in the block drivers in QEMU, possibly before 2.0.0, allow local users to cause a denial of service (crash) via a crafted catalog size in (1) the parallels_open function in block/parallels.c or (2) bochs_open function in bochs.c, a large L1 table in the (3) qcow2_snapshot_load_tmp in qcow2-snapshot.c or (4) qcow2_grow_l1_table function in qcow2-cluster.c, (5) a large request in the bdrv_check_byte_request function in block.c and other block drivers, (6) crafted cluster indexes in the get_refcount function in qcow2-refcount.c, or (7) a large number of blocks in the cloop_open function in cloop.c, which trigger buffer overflows, memory corruption, large memory allocations and out-of-bounds read and writes. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 7.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0143 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2014-0144 CVE STATUS: Patched CVE SUMMARY: QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privileges of the QEMU process. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.6 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0144 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2014-0145 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in QEMU before 1.7.2 and 2.x before 2.0.0, allow local users to cause a denial of service (crash) or possibly execute arbitrary code via a large (1) L1 table in the qcow2_snapshot_load_tmp in the QCOW 2 block driver (block/qcow2-snapshot.c) or (2) uncompressed chunk, (3) chunk length, or (4) number of sectors in the DMG block driver (block/dmg.c). CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0145 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2014-0146 CVE STATUS: Patched CVE SUMMARY: The qcow2_open function in the (block/qcow2.c) in QEMU before 1.7.2 and 2.x before 2.0.0 allows local users to cause a denial of service (NULL pointer dereference) via a crafted image which causes an error, related to the initialization of the snapshot_offset and nb_snapshots fields. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0146 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2014-0147 CVE STATUS: Patched CVE SUMMARY: Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling update_refcount() routine. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.2 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0147 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2014-0148 CVE STATUS: Patched CVE SUMMARY: Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries, due to missing bounds checks for block_size and logical_sector_size variables. These are used to derive other fields like 'sectors_per_block' etc. A user able to alter the Qemu disk image could ise this flaw to crash the Qemu instance resulting in DoS. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0148 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2014-0150 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the virtio_net_handle_mac function in hw/net/virtio-net.c in QEMU 2.0 and earlier allows local guest users to execute arbitrary code via a MAC addresses table update request, which triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0150 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2014-0182 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted config length in a savevm image. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0182 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2014-0222 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0222 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2014-0223 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a large image size, which triggers a buffer overflow or out-of-bounds read. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0223 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2014-2894 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the cmd_smart function in the smart self test in hw/ide/core.c in QEMU before 2.0 allows local users to have unspecified impact via a SMART EXECUTE OFFLINE command that triggers a buffer underflow and memory corruption. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2894 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2014-3461 CVE STATUS: Patched CVE SUMMARY: hw/usb/bus.c in QEMU 1.6.2 allows remote attackers to execute arbitrary code via crafted savevm data, which triggers a heap-based buffer overflow, related to "USB post load checks." CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3461 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2014-3471 CVE STATUS: Patched CVE SUMMARY: Use-after-free vulnerability in hw/pci/pcie.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU instance crash) via hotplug and hotunplug operations of Virtio block devices. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3471 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2014-3615 CVE STATUS: Patched CVE SUMMARY: The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3615 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2014-3640 CVE STATUS: Patched CVE SUMMARY: The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3640 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2014-3689 CVE STATUS: Patched CVE SUMMARY: The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3689 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2014-5263 CVE STATUS: Patched CVE SUMMARY: vmstate_xhci_event in hw/usb/hcd-xhci.c in QEMU 1.6.0 does not terminate the list with the VMSTATE_END_OF_LIST macro, which allows attackers to cause a denial of service (out-of-bounds access, infinite loop, and memory corruption) and possibly gain privileges via unspecified vectors. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-5263 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2014-5388 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the pci_read function in the ACPI PCI hotplug interface (hw/acpi/pcihp.c) in QEMU allows local guest users to obtain sensitive information and have other unspecified impact related to a crafted PCI device that triggers memory corruption. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-5388 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2014-7815 CVE STATUS: Patched CVE SUMMARY: The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-7815 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2014-7840 CVE STATUS: Patched CVE SUMMARY: The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savevm data. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-7840 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2014-8106 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for CVE-2007-1320. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8106 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2014-9718 CVE STATUS: Patched CVE SUMMARY: The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function's return value, which allows guest OS users to cause a host OS denial of service (memory consumption or infinite loop, and system crash) via a PRDT with zero complete sectors, related to the bmdma_prepare_buf and ahci_dma_prepare_buf functions. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9718 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2015-1779 CVE STATUS: Patched CVE SUMMARY: The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 8.6 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1779 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2015-3209 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3209 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2015-3214 CVE STATUS: Patched CVE SUMMARY: The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3214 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2015-3456 CVE STATUS: Patched CVE SUMMARY: The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM. CVSS v2 BASE SCORE: 7.7 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:S/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3456 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2015-4037 CVE STATUS: Patched CVE SUMMARY: The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-4037 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2015-4106 CVE STATUS: Patched CVE SUMMARY: QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-4106 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2015-5154 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5154 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2015-5158 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in hw/scsi/scsi-bus.c in QEMU, when built with SCSI-device emulation support, allows guest OS users with CAP_SYS_RAWIO permissions to cause a denial of service (instance crash) via an invalid opcode in a SCSI command descriptor block. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5158 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2015-5225 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the vnc_refresh_server_surface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service (heap memory corruption and process crash) or possibly execute arbitrary code on the host via unspecified vectors, related to refreshing the server display surface. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5225 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2015-5239 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5239 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2015-5278 CVE STATUS: Patched CVE SUMMARY: The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5278 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2015-5279 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via vectors related to receiving packets. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5279 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2015-5745 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control message. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5745 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2015-6815 CVE STATUS: Patched CVE SUMMARY: The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors. CVSS v2 BASE SCORE: 2.7 CVSS v3 BASE SCORE: 3.5 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-6815 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2015-6855 CVE STATUS: Patched CVE SUMMARY: hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-6855 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2015-7295 CVE STATUS: Patched CVE SUMMARY: hw/virtio/virtio.c in the Virtual Network Device (virtio-net) support in QEMU, when big or mergeable receive buffers are not supported, allows remote attackers to cause a denial of service (guest network consumption) via a flood of jumbo frames on the (1) tuntap or (2) macvtap interface. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7295 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2015-7504 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7504 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2015-7512 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 9.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7512 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2015-7549 CVE STATUS: Patched CVE SUMMARY: The MSI-X MMIO support in hw/pci/msix.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by leveraging failure to define the .write method. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7549 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2015-8345 CVE STATUS: Patched CVE SUMMARY: The eepro100 emulator in QEMU qemu-kvm blank allows local guest users to cause a denial of service (application crash and infinite loop) via vectors involving the command block list. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8345 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2015-8504 CVE STATUS: Patched CVE SUMMARY: Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service (arithmetic exception and application crash) via crafted SetPixelFormat messages from a client. CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8504 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2015-8556 CVE STATUS: Patched CVE SUMMARY: Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 10.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8556 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2015-8558 CVE STATUS: Patched CVE SUMMARY: The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular isochronous transfer descriptor (iTD) list. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8558 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2015-8567 CVE STATUS: Patched CVE SUMMARY: Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption). CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.7 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8567 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2015-8568 CVE STATUS: Patched CVE SUMMARY: Memory leak in QEMU, when built with a VMWARE VMXNET3 paravirtual NIC emulator support, allows local guest users to cause a denial of service (host memory consumption) by trying to activate the vmxnet3 device repeatedly. CVSS v2 BASE SCORE: 4.7 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8568 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2015-8613 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the megasas_ctrl_get_info function in QEMU, when built with SCSI MegaRAID SAS HBA emulation support, allows local guest users to cause a denial of service (QEMU instance crash) via a crafted SCSI controller CTRL_GET_INFO command. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8613 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2015-8619 CVE STATUS: Patched CVE SUMMARY: The Human Monitor Interface support in QEMU allows remote attackers to cause a denial of service (out-of-bounds write and application crash). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8619 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2015-8666 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in QEMU, when built with the Q35-chipset-based PC system emulator. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 7.9 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8666 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2015-8701 CVE STATUS: Patched CVE SUMMARY: QEMU (aka Quick Emulator) built with the Rocker switch emulation support is vulnerable to an off-by-one error. It happens while processing transmit (tx) descriptors in 'tx_consume' routine, if a descriptor was to have more than allowed (ROCKER_TX_FRAGS_MAX=16) fragments. A privileged user inside guest could use this flaw to cause memory leakage on the host or crash the QEMU process instance resulting in DoS issue. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8701 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2015-8743 CVE STATUS: Patched CVE SUMMARY: QEMU (aka Quick Emulator) built with the NE2000 device emulation support is vulnerable to an OOB r/w access issue. It could occur while performing 'ioport' r/w operations. A privileged (CAP_SYS_RAWIO) user/process could use this flaw to leak or corrupt QEMU memory bytes. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 7.1 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8743 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2015-8744 CVE STATUS: Patched CVE SUMMARY: QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It occurs when a guest sends a Layer-2 packet smaller than 22 bytes. A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance resulting in DoS. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8744 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2015-8745 CVE STATUS: Patched CVE SUMMARY: QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It could occur while reading Interrupt Mask Registers (IMR). A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance resulting in DoS. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8745 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2015-8817 CVE STATUS: Patched CVE SUMMARY: QEMU (aka Quick Emulator) built to use 'address_space_translate' to map an address to a MemoryRegionSection is vulnerable to an OOB r/w access issue. It could occur while doing pci_dma_read/write calls. Affects QEMU versions >= 1.6.0 and <= 2.3.1. A privileged user inside guest could use this flaw to crash the guest instance resulting in DoS. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8817 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2015-8818 CVE STATUS: Patched CVE SUMMARY: The cpu_physical_memory_write_rom_internal function in exec.c in QEMU (aka Quick Emulator) does not properly skip MMIO regions, which allows local privileged guest users to cause a denial of service (guest crash) via unspecified vectors. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8818 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-10028 CVE STATUS: Patched CVE SUMMARY: The virgl_cmd_get_capset function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service (out-of-bounds read and process crash) via a VIRTIO_GPU_CMD_GET_CAPSET command with a maximum capabilities size with a value of 0. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10028 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-10029 CVE STATUS: Patched CVE SUMMARY: The virtio_gpu_set_scanout function in QEMU (aka Quick Emulator) built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service (out-of-bounds read and process crash) via a scanout id in a VIRTIO_GPU_CMD_SET_SCANOUT command larger than num_scanouts. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10029 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-10155 CVE STATUS: Patched CVE SUMMARY: Memory leak in hw/watchdog/wdt_i6300esb.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 6.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10155 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-1568 CVE STATUS: Patched CVE SUMMARY: Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via an invalid AHCI Native Command Queuing (NCQ) AIO command. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-1568 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-1714 CVE STATUS: Patched CVE SUMMARY: The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAP_SYS_RAWIO privilege to cause a denial of service (out-of-bounds read or write access and process crash) or possibly execute arbitrary code via an invalid current entry value in a firmware configuration. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 8.1 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-1714 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-1922 CVE STATUS: Patched CVE SUMMARY: QEMU (aka Quick Emulator) built with the TPR optimization for 32-bit Windows guests support is vulnerable to a null pointer dereference flaw. It occurs while doing I/O port write operations via hmp interface. In that, 'current_cpu' remains null, which leads to the null pointer dereference. A user or process could use this flaw to crash the QEMU instance, resulting in DoS issue. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-1922 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-1981 CVE STATUS: Patched CVE SUMMARY: QEMU (aka Quick Emulator) built with the e1000 NIC emulation support is vulnerable to an infinite loop issue. It could occur while processing data via transmit or receive descriptors, provided the initial receive/transmit descriptor head (TDH/RDH) is set outside the allocated descriptor buffer. A privileged user inside guest could use this flaw to crash the QEMU instance resulting in DoS. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-1981 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-2197 CVE STATUS: Patched CVE SUMMARY: QEMU (aka Quick Emulator) built with an IDE AHCI emulation support is vulnerable to a null pointer dereference flaw. It occurs while unmapping the Frame Information Structure (FIS) and Command List Block (CLB) entries. A privileged user inside guest could use this flaw to crash the QEMU process instance resulting in DoS. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2197 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-2198 CVE STATUS: Patched CVE SUMMARY: QEMU (aka Quick Emulator) built with the USB EHCI emulation support is vulnerable to a null pointer dereference flaw. It could occur when an application attempts to write to EHCI capabilities registers. A privileged user inside quest could use this flaw to crash the QEMU process instance resulting in DoS. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2198 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-2391 CVE STATUS: Patched CVE SUMMARY: The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors related to multiple eof_timers. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2391 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-2392 CVE STATUS: Patched CVE SUMMARY: The is_rndis function in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 does not properly validate USB configuration descriptor objects, which allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving a remote NDIS control message packet. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2392 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-2538 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 allow local guest OS administrators to cause a denial of service (QEMU process crash) or obtain sensitive host memory information via a remote NDIS control message packet that is mishandled in the (1) rndis_query_response, (2) rndis_set_response, or (3) usb_net_handle_dataout function. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 7.1 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2538 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-2841 CVE STATUS: Patched CVE SUMMARY: The ne2000_receive function in the NE2000 NIC emulation support (hw/net/ne2000.c) in QEMU before 2.5.1 allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via crafted values for the PSTART and PSTOP registers, involving ring buffer control. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2841 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-2857 CVE STATUS: Patched CVE SUMMARY: The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 8.4 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2857 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-2858 CVE STATUS: Patched CVE SUMMARY: QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows local guest OS users to cause a denial of service (process crash) via an entropy request, which triggers arbitrary stack based allocation and memory corruption. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2858 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-3710 CVE STATUS: Patched CVE SUMMARY: The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3710 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-3712 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3712 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-4001 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the stellaris_enet_receive function in hw/net/stellaris_enet.c in QEMU, when the Stellaris ethernet controller is configured to accept large packets, allows remote attackers to cause a denial of service (QEMU crash) via a large packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 8.6 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4001 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-4002 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger than 1514 bytes. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4002 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-4020 CVE STATUS: Patched CVE SUMMARY: The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR). CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4020 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-4037 CVE STATUS: Patched CVE SUMMARY: The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siTD) list, a related issue to CVE-2015-8558. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 6.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4037 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-4439 CVE STATUS: Patched CVE SUMMARY: The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially execute arbitrary code on the QEMU host via unspecified vectors. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 6.7 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4439 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-4441 CVE STATUS: Patched CVE SUMMARY: The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check DMA length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involving an SCSI command. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4441 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-4453 CVE STATUS: Patched CVE SUMMARY: The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 4.4 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4453 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-4454 CVE STATUS: Patched CVE SUMMARY: The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, which triggers an out-of-bounds read. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 6.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4454 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-4952 CVE STATUS: Patched CVE SUMMARY: QEMU (aka Quick Emulator), when built with VMWARE PVSCSI paravirtual SCSI bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds array access) via vectors related to the (1) PVSCSI_CMD_SETUP_RINGS or (2) PVSCSI_CMD_SETUP_MSG_RING SCSI command. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 6.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4952 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-4964 CVE STATUS: Patched CVE SUMMARY: The mptsas_fetch_requests function in hw/scsi/mptsas.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop, and CPU consumption or QEMU process crash) via vectors involving s->state. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 6.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4964 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-5105 CVE STATUS: Patched CVE SUMMARY: The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, uses an uninitialized variable, which allows local guest administrators to read host memory via vectors involving a MegaRAID Firmware Interface (MFI) command. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 4.4 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5105 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-5106 CVE STATUS: Patched CVE SUMMARY: The megasas_dcmd_set_properties function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest administrators to cause a denial of service (out-of-bounds write access) via vectors involving a MegaRAID Firmware Interface (MFI) command. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 6.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5106 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-5107 CVE STATUS: Patched CVE SUMMARY: The megasas_lookup_frame function in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds read and crash) via unspecified vectors. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 6.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5107 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-5126 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5126 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-5238 CVE STATUS: Patched CVE SUMMARY: The get_cmd function in hw/scsi/esp.c in QEMU might allow local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transfer buffer in non-DMA mode. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 4.4 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5238 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-5337 CVE STATUS: Patched CVE SUMMARY: The megasas_ctrl_get_info function in hw/scsi/megasas.c in QEMU allows local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5337 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-5338 CVE STATUS: Patched CVE SUMMARY: The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allow local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the QEMU host via vectors related to the information transfer buffer. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5338 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-5403 CVE STATUS: Patched CVE SUMMARY: The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5403 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-6351 CVE STATUS: Patched CVE SUMMARY: The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick Emulator), when built with ESP/NCR53C9x controller emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or execute arbitrary code on the QEMU host via vectors involving DMA read into ESP command buffer. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 6.7 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6351 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-6490 CVE STATUS: Patched CVE SUMMARY: The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a zero length for the descriptor buffer. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 4.4 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6490 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-6833 CVE STATUS: Patched CVE SUMMARY: Use-after-free vulnerability in the vmxnet3_io_bar0_write function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU instance crash) by leveraging failure to check if the device is active. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 4.4 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6833 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-6834 CVE STATUS: Patched CVE SUMMARY: The net_tx_pkt_do_sw_fragmentation function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a zero length for the current fragment length. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 4.4 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6834 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-6835 CVE STATUS: Patched CVE SUMMARY: The vmxnet_tx_pkt_parse_headers function in hw/net/vmxnet_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (buffer over-read) by leveraging failure to check IP header length. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6835 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-6836 CVE STATUS: Patched CVE SUMMARY: The vmxnet3_complete_packet function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host memory information by leveraging failure to initialize the txcq_descr object. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6836 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-6888 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the net_tx_pkt_init function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU process crash) via the maximum fragmentation count, which triggers an unchecked multiplication and NULL pointer dereference. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 4.4 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6888 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-7116 CVE STATUS: Patched CVE SUMMARY: Directory traversal vulnerability in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to access host files outside the export path via a .. (dot dot) in an unspecified string. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7116 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-7155 CVE STATUS: Patched CVE SUMMARY: hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds access or infinite loop, and QEMU process crash) via a crafted page count for descriptor rings. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 4.4 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7155 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-7156 CVE STATUS: Patched CVE SUMMARY: The pvscsi_convert_sglist function in hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging an incorrect cast. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 4.4 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7156 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-7157 CVE STATUS: Patched CVE SUMMARY: The (1) mptsas_config_manufacturing_1 and (2) mptsas_config_ioc_0 functions in hw/scsi/mptconfig.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service (QEMU process crash) via vectors involving MPTSAS_CONFIG_PACK. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 4.4 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7157 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-7161 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU (aka Quick Emulator) allows attackers to execute arbitrary code on the QEMU host via a large ethlite packet. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7161 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-7170 CVE STATUS: Patched CVE SUMMARY: The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to cursor.mask[] and cursor.image[] array sizes when processing a DEFINE_CURSOR svga command. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 4.4 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7170 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-7421 CVE STATUS: Patched CVE SUMMARY: The pvscsi_ring_pop_req_descr function in hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit process IO loop to the ring size. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 4.4 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7421 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-7422 CVE STATUS: Patched CVE SUMMARY: The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via a large I/O descriptor buffer length value. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7422 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-7423 CVE STATUS: Patched CVE SUMMARY: The mptsas_process_scsi_io_request function in QEMU (aka Quick Emulator), when built with LSI SAS1068 Host Bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors involving MPTSASRequest objects. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 4.4 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7423 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-7466 CVE STATUS: Patched CVE SUMMARY: Memory leak in the usb_xhci_exit function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator), when the xhci uses msix, allows local guest OS administrators to cause a denial of service (memory consumption and possibly QEMU process crash) by repeatedly unplugging a USB device. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 6.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7466 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-7907 CVE STATUS: Patched CVE SUMMARY: The imx_fec_do_tx function in hw/net/imx_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 4.4 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7907 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-7908 CVE STATUS: Patched CVE SUMMARY: The mcf_fec_do_tx function in hw/net/mcf_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 4.4 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7908 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-7909 CVE STATUS: Patched CVE SUMMARY: The pcnet_rdra_addr function in hw/net/pcnet.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1) receive or (2) transmit descriptor ring length to 0. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 4.4 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7909 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-7994 CVE STATUS: Patched CVE SUMMARY: Memory leak in the virtio_gpu_resource_create_2d function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_CREATE_2D commands. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7994 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-7995 CVE STATUS: Patched CVE SUMMARY: Memory leak in the ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via a large number of crafted buffer page select (PG) indexes. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7995 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-8576 CVE STATUS: Patched CVE SUMMARY: The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Blocks (TRB) to process. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-8576 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-8577 CVE STATUS: Patched CVE SUMMARY: Memory leak in the v9fs_read function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors related to an I/O read operation. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-8577 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-8578 CVE STATUS: Patched CVE SUMMARY: The v9fs_iov_vunmarshal function in fsdev/9p-iov-marshal.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) by sending an empty string parameter to a 9P operation. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-8578 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-8667 CVE STATUS: Patched CVE SUMMARY: The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-8667 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-8668 CVE STATUS: Patched CVE SUMMARY: The rocker_io_writel function in hw/net/rocker/rocker.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging failure to limit DMA buffer size. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-8668 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-8669 CVE STATUS: Patched CVE SUMMARY: The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-8669 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-8909 CVE STATUS: Patched CVE SUMMARY: The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer position. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-8909 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-8910 CVE STATUS: Patched CVE SUMMARY: The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-8910 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-9101 CVE STATUS: Patched CVE SUMMARY: Memory leak in hw/net/eepro100.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by repeatedly unplugging an i8255x (PRO100) NIC device. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9101 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-9102 CVE STATUS: Patched CVE SUMMARY: Memory leak in the v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) via a large number of Txattrcreate messages with the same fid number. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9102 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-9103 CVE STATUS: Patched CVE SUMMARY: The v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host heap memory information by reading xattribute values before writing to them. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9103 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-9104 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in the (1) v9fs_xattr_read and (2) v9fs_xattr_write functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service (QEMU process crash) via a crafted offset, which triggers an out-of-bounds access. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 4.4 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9104 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-9105 CVE STATUS: Patched CVE SUMMARY: Memory leak in the v9fs_link function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors involving a reference to the source fid object. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9105 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-9106 CVE STATUS: Patched CVE SUMMARY: Memory leak in the v9fs_write function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) by leveraging failure to free an IO vector. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9106 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-9381 CVE STATUS: Patched CVE SUMMARY: Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double fetch" vulnerability. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9381 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-9602 CVE STATUS: Patched CVE SUMMARY: Qemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host. CVSS v2 BASE SCORE: 9.0 CVSS v3 BASE SCORE: 7.6 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9602 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-9603 CVE STATUS: Patched CVE SUMMARY: A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process. CVSS v2 BASE SCORE: 9.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9603 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-9776 CVE STATUS: Patched CVE SUMMARY: QEMU (aka Quick Emulator) built with the ColdFire Fast Ethernet Controller emulator support is vulnerable to an infinite loop issue. It could occur while receiving packets in 'mcf_fec_receive'. A privileged user/process inside guest could use this issue to crash the QEMU process on the host leading to DoS. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9776 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-9845 CVE STATUS: Patched CVE SUMMARY: QEMU (aka Quick Emulator) built with the Virtio GPU Device emulator support is vulnerable to an information leakage issue. It could occur while processing 'VIRTIO_GPU_CMD_GET_CAPSET_INFO' command. A guest user/process could use this flaw to leak contents of the host memory bytes. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9845 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-9846 CVE STATUS: Patched CVE SUMMARY: QEMU (aka Quick Emulator) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue. It could occur while updating the cursor data in update_cursor_data_virgl. A guest user/process could use this flaw to leak host memory bytes, resulting in DoS for a host. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9846 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-9907 CVE STATUS: Patched CVE SUMMARY: Quick Emulator (Qemu) built with the USB redirector usb-guest support is vulnerable to a memory leakage flaw. It could occur while destroying the USB redirector in 'usbredir_handle_destroy'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9907 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-9908 CVE STATUS: Patched CVE SUMMARY: Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to an information leakage issue. It could occur while processing 'VIRTIO_GPU_CMD_GET_CAPSET' command. A guest user/process could use this flaw to leak contents of the host memory bytes. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 3.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9908 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-9911 CVE STATUS: Patched CVE SUMMARY: Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehci_init_transfer'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9911 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-9912 CVE STATUS: Patched CVE SUMMARY: Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue. It could occur while destroying gpu resource object in 'virtio_gpu_resource_destroy'. A guest user/process could use this flaw to leak host memory bytes, resulting in DoS for a host. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9912 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-9913 CVE STATUS: Patched CVE SUMMARY: Memory leak in the v9fs_device_unrealize_common function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) via vectors involving the order of resource cleanup. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9913 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-9914 CVE STATUS: Patched CVE SUMMARY: Memory leak in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in FileOperations. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9914 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-9915 CVE STATUS: Patched CVE SUMMARY: Memory leak in hw/9pfs/9p-handle.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in the handle backend. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9915 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-9916 CVE STATUS: Patched CVE SUMMARY: Memory leak in hw/9pfs/9p-proxy.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in the proxy backend. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9916 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-9921 CVE STATUS: Patched CVE SUMMARY: Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host, resulting in DoS. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9921 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-9922 CVE STATUS: Patched CVE SUMMARY: The cirrus_do_copy function in hw/display/cirrus_vga.c in QEMU (aka Quick Emulator), when cirrus graphics mode is VGA, allows local guest OS privileged users to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving blit pitch values. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9922 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2016-9923 CVE STATUS: Patched CVE SUMMARY: Quick Emulator (Qemu) built with the 'chardev' backend support is vulnerable to a use after free issue. It could occur while hotplug and unplugging the device in the guest. A guest user/process could use this flaw to crash a Qemu process on the host resulting in DoS. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9923 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2017-10664 CVE STATUS: Patched CVE SUMMARY: qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-10664 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2017-10806 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in hw/usb/redirect.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU process crash) via vectors related to logging debug messages. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-10806 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2017-11334 CVE STATUS: Patched CVE SUMMARY: The address_space_write_continue function in exec.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 4.4 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11334 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2017-11434 CVE STATUS: Patched CVE SUMMARY: The dhcp_decode function in slirp/bootp.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) via a crafted DHCP options string. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11434 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2017-12809 CVE STATUS: Patched CVE SUMMARY: QEMU (aka Quick Emulator), when built with the IDE disk and CD/DVD-ROM Emulator support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by flushing an empty CDROM device drive. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12809 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2017-13672 CVE STATUS: Patched CVE SUMMARY: QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13672 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2017-13673 CVE STATUS: Patched CVE SUMMARY: The vga display update in mis-calculated the region for the dirty bitmap snapshot in case split screen mode is used causing a denial of service (assertion failure) in the cpu_physical_memory_snapshot_get_dirty function. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13673 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2017-13711 CVE STATUS: Patched CVE SUMMARY: Use-after-free vulnerability in the sofree function in slirp/socket.c in QEMU (aka Quick Emulator) allows attackers to cause a denial of service (QEMU instance crash) by leveraging failure to properly clear ifq_so from pending packets. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13711 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2017-14167 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the load_multiboot function in hw/i386/multiboot.c in QEMU (aka Quick Emulator) allows local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14167 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2017-15038 CVE STATUS: Patched CVE SUMMARY: Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 5.6 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15038 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2017-15118 CVE STATUS: Patched CVE SUMMARY: A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu process. If NBD server requires TLS, the attacker cannot trigger the buffer overflow without first successfully negotiating TLS. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 8.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15118 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2017-15119 CVE STATUS: Patched CVE SUMMARY: The Network Block Device (NBD) server in Quick Emulator (QEMU) before 2.11 is vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CPU time on reading up to 4GB per request. A client could use this flaw to keep the NBD server from serving other requests, resulting in DoS. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15119 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2017-15124 CVE STATUS: Patched CVE SUMMARY: VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15124 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2017-15268 CVE STATUS: Patched CVE SUMMARY: Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15268 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2017-15289 CVE STATUS: Patched CVE SUMMARY: The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15289 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2017-16845 CVE STATUS: Patched CVE SUMMARY: hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 10.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-16845 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2017-17381 CVE STATUS: Patched CVE SUMMARY: The Virtio Vring implementation in QEMU allows local OS guest users to cause a denial of service (divide-by-zero error and QEMU process crash) by unsetting vring alignment while updating Virtio rings. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17381 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2017-18030 CVE STATUS: Patched CVE SUMMARY: The cirrus_invalidate_region function in hw/display/cirrus_vga.c in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 4.4 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-18030 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2017-18043 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu) allows a user to cause a denial of service (Qemu process crash). CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-18043 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2017-2615 CVE STATUS: Patched CVE SUMMARY: Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host. CVSS v2 BASE SCORE: 9.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-2615 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2017-2620 CVE STATUS: Patched CVE SUMMARY: Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process. CVSS v2 BASE SCORE: 9.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-2620 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2017-2630 CVE STATUS: Patched CVE SUMMARY: A stack buffer overflow flaw was found in the Quick Emulator (QEMU) before 2.9 built with the Network Block Device (NBD) client support. The flaw could occur while processing server's response to a 'NBD_OPT_LIST' request. A malicious NBD server could use this issue to crash a remote NBD client resulting in DoS or potentially execute arbitrary code on client host with privileges of the QEMU process. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-2630 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2017-2633 CVE STATUS: Patched CVE SUMMARY: An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU process. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 5.4 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-2633 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2017-5525 CVE STATUS: Patched CVE SUMMARY: Memory leak in hw/audio/ac97.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5525 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2017-5526 CVE STATUS: Patched CVE SUMMARY: Memory leak in hw/audio/es1370.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5526 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2017-5552 CVE STATUS: Patched CVE SUMMARY: Memory leak in the virgl_resource_attach_backing function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5552 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2017-5578 CVE STATUS: Patched CVE SUMMARY: Memory leak in the virtio_gpu_resource_attach_backing function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5578 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2017-5579 CVE STATUS: Patched CVE SUMMARY: Memory leak in the serial_exit_core function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5579 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2017-5667 CVE STATUS: Patched CVE SUMMARY: The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds heap access and crash) or execute arbitrary code on the QEMU host via vectors involving the data transfer length. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5667 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2017-5856 CVE STATUS: Patched CVE SUMMARY: Memory leak in the megasas_handle_dcmd function in hw/scsi/megasas.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) via MegaRAID Firmware Interface (MFI) commands with the sglist size set to a value over 2 Gb. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5856 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2017-5857 CVE STATUS: Patched CVE SUMMARY: Memory leak in the virgl_cmd_resource_unref function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_UNREF commands sent without detaching the backing storage beforehand. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5857 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2017-5898 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emulator (Qemu), when built with the CCID Card device emulator support, allows local users to cause a denial of service (application crash) via a large Application Protocol Data Units (APDU) unit. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5898 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2017-5931 CVE STATUS: Patched CVE SUMMARY: Integer overflow in hw/virtio/virtio-crypto.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code on the host via a crafted virtio-crypto request, which triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5931 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2017-5973 CVE STATUS: Patched CVE SUMMARY: The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5973 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2017-5987 CVE STATUS: Patched CVE SUMMARY: The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local OS guest privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors involving the transfer mode register during multi block transfer. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5987 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2017-6058 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in NetRxPkt::ehdr_buf in hw/net/net_rx_pkt.c in QEMU (aka Quick Emulator), when the VLANSTRIP feature is enabled on the vmxnet3 device, allows remote attackers to cause a denial of service (out-of-bounds access and QEMU process crash) via vectors related to VLAN stripping. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6058 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2017-6505 CVE STATUS: Patched CVE SUMMARY: The ohci_service_ed_list function in hw/usb/hcd-ohci.c in QEMU (aka Quick Emulator) before 2.9.0 allows local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors, a different vulnerability than CVE-2017-9330. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6505 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2017-7377 CVE STATUS: Patched CVE SUMMARY: The (1) v9fs_create and (2) v9fs_lcreate functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS privileged users to cause a denial of service (file descriptor or memory consumption) via vectors related to an already in-use fid. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7377 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2017-7471 CVE STATUS: Patched CVE SUMMARY: Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System (9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing files on a shared host directory. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host. CVSS v2 BASE SCORE: 7.7 CVSS v3 BASE SCORE: 9.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:S/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7471 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2017-7493 CVE STATUS: Patched CVE SUMMARY: Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System(9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing virtfs metadata files in mapped-file security mode. A guest user could use this flaw to escalate their privileges inside guest. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7493 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2017-7539 CVE STATUS: Patched CVE SUMMARY: An assertion-failure flaw was found in Qemu before 2.10.1, in the Network Block Device (NBD) server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7539 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2017-7718 CVE STATUS: Patched CVE SUMMARY: hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7718 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2017-7980 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7980 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2017-8086 CVE STATUS: Patched CVE SUMMARY: Memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattr.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (memory consumption) via vectors involving the orig_value variable. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8086 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2017-8112 CVE STATUS: Patched CVE SUMMARY: hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and CPU consumption) via the message ring page count. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8112 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2017-8284 CVE STATUS: Patched CVE SUMMARY: The disas_insn function in target/i386/translate.c in QEMU before 2.9.0, when TCG mode without hardware acceleration is used, does not limit the instruction size, which allows local users to gain privileges by creating a modified basic block that injects code into a setuid program, as demonstrated by procmail. NOTE: the vendor has stated "this bug does not violate any security guarantees QEMU makes. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 7.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8284 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2017-8309 CVE STATUS: Patched CVE SUMMARY: Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8309 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2017-8379 CVE STATUS: Patched CVE SUMMARY: Memory leak in the keyboard input event handlers support in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) by rapidly generating large keyboard events. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8379 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2017-8380 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the "megasas_mmio_write" function in Qemu 2.9.0 allows remote attackers to have unspecified impact via unknown vectors. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8380 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2017-9060 CVE STATUS: Patched CVE SUMMARY: Memory leak in the virtio_gpu_set_scanout function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (memory consumption) via a large number of "VIRTIO_GPU_CMD_SET_SCANOUT:" commands. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9060 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2017-9310 CVE STATUS: Patched CVE SUMMARY: QEMU (aka Quick Emulator), when built with the e1000e NIC emulation support, allows local guest OS privileged users to cause a denial of service (infinite loop) via vectors related to setting the initial receive / transmit descriptor head (TDH/RDH) outside the allocated descriptor buffer. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 5.6 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9310 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2017-9330 CVE STATUS: Patched CVE SUMMARY: QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI Emulation support, allows local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value, a different vulnerability than CVE-2017-6505. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 5.6 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9330 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2017-9373 CVE STATUS: Patched CVE SUMMARY: Memory leak in QEMU (aka Quick Emulator), when built with IDE AHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplugging the AHCI device. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9373 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2017-9374 CVE STATUS: Patched CVE SUMMARY: Memory leak in QEMU (aka Quick Emulator), when built with USB EHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplugging the device. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9374 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2017-9375 CVE STATUS: Patched CVE SUMMARY: QEMU (aka Quick Emulator), when built with USB xHCI controller emulator support, allows local guest OS privileged users to cause a denial of service (infinite recursive call) via vectors involving control transfer descriptors sequencing. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9375 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2017-9503 CVE STATUS: Patched CVE SUMMARY: QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving megasas command processing. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9503 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2017-9524 CVE STATUS: Patched CVE SUMMARY: The qemu-nbd server in QEMU (aka Quick Emulator), when built with the Network Block Device (NBD) Server support, allows remote attackers to cause a denial of service (segmentation fault and server crash) by leveraging failure to ensure that all initialization occurs before talking to a client in the nbd_negotiate function. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9524 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2018-10839 CVE STATUS: Patched CVE SUMMARY: Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-10839 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2018-11806 CVE STATUS: Patched CVE SUMMARY: m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 8.2 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11806 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2018-12617 CVE STATUS: Patched CVE SUMMARY: qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-12617 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2018-15746 CVE STATUS: Patched CVE SUMMARY: qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-15746 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2018-16847 CVE STATUS: Patched CVE SUMMARY: An OOB heap buffer r/w access issue was found in the NVM Express Controller emulation in QEMU. It could occur in nvme_cmb_ops routines in nvme device. A guest user/process could use this flaw to crash the QEMU process resulting in DoS or potentially run arbitrary code with privileges of the QEMU process. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16847 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2018-16867 CVE STATUS: Patched CVE SUMMARY: A flaw was found in qemu Media Transfer Protocol (MTP) before version 3.1.0. A path traversal in the in usb_mtp_write_data function in hw/usb/dev-mtp.c due to an improper filename sanitization. When the guest device is mounted in read-write mode, this allows to read/write arbitrary files which may lead do DoS scenario OR possibly lead to code execution on the host. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 7.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16867 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2018-16872 CVE STATUS: Patched CVE SUMMARY: A flaw was found in qemu Media Transfer Protocol (MTP). The code opening files in usb_mtp_get_object and usb_mtp_get_partial_object and directories in usb_mtp_object_readdir doesn't consider that the underlying filesystem may have changed since the time lstat(2) was called in usb_mtp_object_alloc, a classical TOCTTOU problem. An attacker with write access to the host filesystem shared with a guest can use this property to navigate the host filesystem in the context of the QEMU process and read any file the QEMU process has access to. Access to the filesystem may be local or via a network share protocol such as CIFS. CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 5.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:S/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16872 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2018-17958 CVE STATUS: Patched CVE SUMMARY: Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-17958 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2018-17962 CVE STATUS: Patched CVE SUMMARY: Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-17962 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2018-17963 CVE STATUS: Patched CVE SUMMARY: qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-17963 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2018-18438 CVE STATUS: Ignored CVE DETAIL: disputed CVE DESCRIPTION: The issues identified by this CVE were determined to not constitute a vulnerability. CVE SUMMARY: Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18438 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2018-18849 CVE STATUS: Patched CVE SUMMARY: In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid msg_len value. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18849 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2018-18954 CVE STATUS: Patched CVE SUMMARY: The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 allows out-of-bounds write or read access to PowerNV memory. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18954 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2018-19364 CVE STATUS: Patched CVE SUMMARY: hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19364 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2018-19489 CVE STATUS: Patched CVE SUMMARY: v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during file renaming. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 4.7 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19489 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2018-19665 CVE STATUS: Patched CVE SUMMARY: The Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption. CVSS v2 BASE SCORE: 2.7 CVSS v3 BASE SCORE: 5.7 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19665 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2018-20123 CVE STATUS: Patched CVE SUMMARY: pvrdma_realize in hw/rdma/vmw/pvrdma_main.c in QEMU has a Memory leak after an initialisation error. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20123 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2018-20124 CVE STATUS: Patched CVE SUMMARY: hw/rdma/rdma_backend.c in QEMU allows guest OS users to trigger out-of-bounds access via a PvrdmaSqWqe ring element with a large num_sge value. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20124 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2018-20125 CVE STATUS: Patched CVE SUMMARY: hw/rdma/vmw/pvrdma_cmd.c in QEMU allows attackers to cause a denial of service (NULL pointer dereference or excessive memory allocation) in create_cq_ring or create_qp_rings. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20125 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2018-20126 CVE STATUS: Patched CVE SUMMARY: hw/rdma/vmw/pvrdma_cmd.c in QEMU allows create_cq and create_qp memory leaks because errors are mishandled. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20126 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2018-20191 CVE STATUS: Patched CVE SUMMARY: hw/rdma/vmw/pvrdma_main.c in QEMU does not implement a read operation (such as uar_read by analogy to uar_write), which allows attackers to cause a denial of service (NULL pointer dereference). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20191 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2018-20216 CVE STATUS: Patched CVE SUMMARY: QEMU can have an infinite loop in hw/rdma/vmw/pvrdma_dev_ring.c because return values are not checked (and -1 is mishandled). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20216 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2018-20815 CVE STATUS: Patched CVE SUMMARY: In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20815 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2018-5683 CVE STATUS: Patched CVE SUMMARY: The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-5683 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2018-7550 CVE STATUS: Patched CVE SUMMARY: The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7550 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2018-7858 CVE STATUS: Patched CVE SUMMARY: Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7858 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2019-12067 CVE STATUS: Ignored CVE DETAIL: upstream-wontfix CVE DESCRIPTION: There was a proposed patch but rejected by upstream qemu. It is unclear if the issue can still be reproduced or where exactly any bug is. We'll pick up any fix when upstream accepts one. CVE SUMMARY: The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header 'ad->cur_cmd' is null. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-12067 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2019-12068 CVE STATUS: Patched CVE SUMMARY: In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 3.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-12068 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2019-12155 CVE STATUS: Patched CVE SUMMARY: interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-12155 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2019-12247 CVE STATUS: Patched CVE SUMMARY: QEMU 3.0.0 has an Integer Overflow because the qga/commands*.c files do not check the length of the argument list or the number of environment variables. NOTE: This has been disputed as not exploitable CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-12247 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2019-12928 CVE STATUS: Patched CVE SUMMARY: The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection, which allows the remote attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been disputed as a non-issue since QEMU's -qmp interface is meant to be used by trusted users. If one is able to access this interface via a tcp socket open to the internet, then it is an insecure configuration issue CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-12928 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2019-12929 CVE STATUS: Patched CVE SUMMARY: The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command injection, which allows the attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been disputed as a non-issue since QEMU's -qmp interface is meant to be used by trusted users. If one is able to access this interface via a tcp socket open to the internet, then it is an insecure configuration issue CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-12929 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2019-13164 CVE STATUS: Patched CVE SUMMARY: qemu-bridge-helper.c in QEMU 3.1 and 4.0.0 does not ensure that a network interface name (obtained from bridge.conf or a --br=bridge option) is limited to the IFNAMSIZ size, which can lead to an ACL bypass. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-13164 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2019-15034 CVE STATUS: Patched CVE SUMMARY: hw/display/bochs-display.c in QEMU 4.0.0 does not ensure a sufficient PCI config space allocation, leading to a buffer overflow involving the PCIe extended config space. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 5.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-15034 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2019-15890 CVE STATUS: Patched CVE SUMMARY: libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-15890 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2019-20175 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in ide_dma_cb() in hw/ide/core.c in QEMU 2.4.0 through 4.2.0. The guest system can crash the QEMU process in the host system via a special SCSI_IOCTL_SEND_COMMAND. It hits an assertion that implies that the size of successful DMA transfers there must be a multiple of 512 (the size of a sector). NOTE: a member of the QEMU security team disputes the significance of this issue because a "privileged guest user has many ways to cause similar DoS effect, without triggering this assert. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-20175 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2019-20382 CVE STATUS: Patched CVE SUMMARY: QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd. CVSS v2 BASE SCORE: 2.7 CVSS v3 BASE SCORE: 3.5 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-20382 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2019-20808 CVE STATUS: Patched CVE SUMMARY: In QEMU 4.1.0, an out-of-bounds read flaw was found in the ATI VGA implementation. It occurs in the ati_cursor_define() routine while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could abuse this flaw to crash the QEMU process, resulting in a denial of service. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-20808 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2019-3812 CVE STATUS: Patched CVE SUMMARY: QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the host. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 4.4 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-3812 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2019-5008 CVE STATUS: Patched CVE SUMMARY: hw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL pointer dereference, which allows the attacker to cause a denial of service via a device driver. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-5008 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2019-6501 CVE STATUS: Patched CVE SUMMARY: In QEMU 3.1, scsi_handle_inquiry_reply in hw/scsi/scsi-generic.c allows out-of-bounds write and read operations. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-6501 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2019-6778 CVE STATUS: Patched CVE SUMMARY: In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-6778 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2019-8934 CVE STATUS: Patched CVE SUMMARY: hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 3.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-8934 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2019-9824 CVE STATUS: Patched CVE SUMMARY: tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9824 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2020-10702 CVE STATUS: Patched CVE SUMMARY: A flaw was found in QEMU in the implementation of the Pointer Authentication (PAuth) support for ARM introduced in version 4.0 and fixed in version 5.0.0. A general failure of the signature generation process caused every PAuth-enforced pointer to be signed with the same signature. A local attacker could obtain the signature of a protected pointer and abuse this flaw to bypass PAuth protection for all programs running on QEMU. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-10702 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2020-10717 CVE STATUS: Patched CVE SUMMARY: A potential DoS flaw was found in the virtio-fs shared file system daemon (virtiofsd) implementation of the QEMU version >= v5.0. Virtio-fs is meant to share a host file system directory with a guest via virtio-fs device. If the guest opens the maximum number of file descriptors under the shared directory, a denial of service may occur. This flaw allows a guest user/process to cause this denial of service on the host. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 3.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-10717 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2020-10761 CVE STATUS: Patched CVE SUMMARY: An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. This flaw occurs when an nbd-client sends a spec-compliant request that is near the boundary of maximum permitted request length. A remote nbd-client could use this flaw to crash the qemu-nbd server resulting in a denial of service. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 5.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-10761 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2020-11102 CVE STATUS: Patched CVE SUMMARY: hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the copying of tx/rx buffers because the frame size is not validated against the r/w data length. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 5.6 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-11102 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2020-11869 CVE STATUS: Patched CVE SUMMARY: An integer overflow was found in QEMU 4.0.1 through 4.2.0 in the way it implemented ATI VGA emulation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati-2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could abuse this flaw to crash the QEMU process, resulting in a denial of service. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 3.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-11869 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2020-11947 CVE STATUS: Patched CVE SUMMARY: iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 3.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-11947 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2020-12829 CVE STATUS: Patched CVE SUMMARY: In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. This flaw occurs in the COPY_AREA macro while handling MMIO write operations through the sm501_2d_engine_write() callback. A local attacker could abuse this flaw to crash the QEMU process in sm501_2d_operation() in hw/display/sm501.c on the host, resulting in a denial of service. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 3.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-12829 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2020-13253 CVE STATUS: Patched CVE SUMMARY: sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU process. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-13253 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2020-13361 CVE STATUS: Patched CVE SUMMARY: In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 3.9 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-13361 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2020-13362 CVE STATUS: Patched CVE SUMMARY: In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 3.2 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-13362 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2020-13659 CVE STATUS: Patched CVE SUMMARY: address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 2.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-13659 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2020-13754 CVE STATUS: Patched CVE SUMMARY: hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 6.7 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-13754 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2020-13765 CVE STATUS: Patched CVE SUMMARY: rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 5.6 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-13765 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2020-13791 CVE STATUS: Patched CVE SUMMARY: hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access by providing an address near the end of the PCI configuration space. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-13791 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2020-13800 CVE STATUS: Patched CVE SUMMARY: ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 6.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-13800 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2020-14364 CVE STATUS: Patched CVE SUMMARY: An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 5.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-14364 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2020-14394 CVE STATUS: Patched CVE SUMMARY: An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 3.2 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-14394 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2020-14415 CVE STATUS: Patched CVE SUMMARY: oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer position. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 3.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-14415 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2020-15469 CVE STATUS: Patched CVE SUMMARY: In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 2.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-15469 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2020-15859 CVE STATUS: Patched CVE SUMMARY: QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with the data's address set to the e1000e's MMIO address. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 3.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-15859 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2020-15863 CVE STATUS: Patched CVE SUMMARY: hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. This occurs during packet transmission and affects the highbank and midway emulated machines. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service or potential privileged code execution. This was fixed in commit 5519724a13664b43e225ca05351c60b4468e4555. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-15863 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2020-16092 CVE STATUS: Patched CVE SUMMARY: In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the host, resulting in a denial of service condition in net_tx_pkt_add_raw_fragment in hw/net/net_tx_pkt.c. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 3.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-16092 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2020-1711 CVE STATUS: Patched CVE SUMMARY: An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host. CVSS v2 BASE SCORE: 6.0 CVSS v3 BASE SCORE: 7.7 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-1711 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2020-17380 CVE STATUS: Patched CVE SUMMARY: A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the sdhci_sdma_transfer_multi_blocks() routine in hw/sd/sdhci.c. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code with privileges of the QEMU process on the host. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 6.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-17380 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2020-24165 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS). Note: This is disputed as a bug and not a valid security issue by multiple third parties. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-24165 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2020-24352 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory access was found in the ATI VGA device implementation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati_2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-24352 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2020-25084 CVE STATUS: Patched CVE SUMMARY: QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the usb_packet_map return value is not checked. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 3.2 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-25084 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2020-25085 CVE STATUS: Patched CVE SUMMARY: QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue in exec.c because hw/sd/sdhci.c mishandles a write operation in the SDHC_BLKSIZE case. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 5.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-25085 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2020-25624 CVE STATUS: Patched CVE SUMMARY: hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 5.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-25624 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2020-25625 CVE STATUS: Patched CVE SUMMARY: hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD list has a loop. CVSS v2 BASE SCORE: 4.7 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-25625 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2020-25723 CVE STATUS: Patched CVE SUMMARY: A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on the host, resulting in a denial of service. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 3.2 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-25723 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2020-25741 CVE STATUS: Patched CVE SUMMARY: fdctrl_write_data in hw/block/fdc.c in QEMU 5.0.0 has a NULL pointer dereference via a NULL block pointer for the current drive. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 3.2 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-25741 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2020-25742 CVE STATUS: Patched CVE SUMMARY: pci_change_irq_level in hw/pci/pci.c in QEMU before 5.1.1 has a NULL pointer dereference because pci_get_bus() might not return a valid pointer. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 3.2 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-25742 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2020-25743 CVE STATUS: Patched CVE SUMMARY: hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereference because it lacks a pointer check before an ide_cancel_dma_sync call. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 3.2 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-25743 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2020-27616 CVE STATUS: Patched CVE SUMMARY: ati_2d_blt in hw/display/ati_2d.c in QEMU 4.2.1 can encounter an outside-limits situation in a calculation. A guest can crash the QEMU process. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-27616 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2020-27617 CVE STATUS: Patched CVE SUMMARY: eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data that lacks a valid Layer 3 protocol. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-27617 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2020-27661 CVE STATUS: Patched CVE SUMMARY: A divide-by-zero issue was found in dwc2_handle_packet in hw/usb/hcd-dwc2.c in the hcd-dwc2 USB host controller emulation of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-27661 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2020-27821 CVE STATUS: Patched CVE SUMMARY: A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an out-of-bounds write access to the MSI-X table while performing MMIO operations. A guest user may abuse this flaw to crash the QEMU process on the host, resulting in a denial of service. This flaw affects QEMU versions prior to 5.2.0. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-27821 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2020-28916 CVE STATUS: Patched CVE SUMMARY: hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-28916 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2020-29443 CVE STATUS: Patched CVE SUMMARY: ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 3.9 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-29443 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2020-35503 CVE STATUS: Patched CVE SUMMARY: A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0. This issue occurs in the megasas_command_cancelled() callback function while dropping a SCSI request. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-35503 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2020-35504 CVE STATUS: Patched CVE SUMMARY: A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6.0.0. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-35504 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2020-35505 CVE STATUS: Patched CVE SUMMARY: A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the 'Information Transfer' command. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 4.4 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-35505 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2020-35506 CVE STATUS: Patched CVE SUMMARY: A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0 during the handling of the 'Information Transfer' command (CMD_TI). This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service or potential code execution with the privileges of the QEMU process. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 6.7 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-35506 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2020-35517 CVE STATUS: Patched CVE SUMMARY: A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 8.2 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-35517 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2020-7039 CVE STATUS: Patched CVE SUMMARY: tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 5.6 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-7039 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2020-7211 CVE STATUS: Patched CVE SUMMARY: tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Windows. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-7211 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2021-20181 CVE STATUS: Patched CVE SUMMARY: A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity as well as system availability. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-20181 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2021-20196 CVE STATUS: Patched CVE SUMMARY: A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while processing read/write ioport commands if the selected floppy drive is not initialized with a block device. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-20196 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2021-20203 CVE STATUS: Patched CVE SUMMARY: An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 3.2 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-20203 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2021-20221 CVE STATUS: Patched CVE SUMMARY: An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide. It may lead to the said issue while updating controller state fields and their subsequent processing. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-20221 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2021-20255 CVE STATUS: Ignored CVE DETAIL: upstream-wontfix CVE DESCRIPTION: There was a proposed patch https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html qemu maintainers say the patch is incorrect and should not be applied The issue is of low impact, at worst sitting in an infinite loop rather than exploitable. CVE SUMMARY: A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-20255 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2021-20257 CVE STATUS: Patched CVE SUMMARY: An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-20257 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2021-20263 CVE STATUS: Patched CVE SUMMARY: A flaw was found in the virtio-fs shared file system daemon (virtiofsd) of QEMU. The new 'xattrmap' option may cause the 'security.capability' xattr in the guest to not drop on file write, potentially leading to a modified, privileged executable in the guest. In rare circumstances, this flaw could be used by a malicious user to elevate their privileges within the guest. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 3.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-20263 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2021-20295 CVE STATUS: Patched CVE SUMMARY: It was discovered that the update for the virt:rhel module in the RHSA-2020:4676 (https://access.redhat.com/errata/RHSA-2020:4676) erratum released as part of Red Hat Enterprise Linux 8.3 failed to include the fix for the qemu-kvm component issue CVE-2020-10756, which was previously corrected in virt:rhel/qemu-kvm via erratum RHSA-2020:4059 (https://access.redhat.com/errata/RHSA-2020:4059). CVE-2021-20295 was assigned to that Red Hat specific security regression. For more details about the original security issue CVE-2020-10756, refer to bug 1835986 or the CVE page: https://access.redhat.com/security/cve/CVE-2020-10756. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-20295 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2021-3392 CVE STATUS: Patched CVE SUMMARY: A use-after-free flaw was found in the MegaRAID emulator of QEMU. This issue occurs while processing SCSI I/O requests in the case of an error mptsas_free_request() that does not dequeue the request object 'req' from a pending requests queue. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. Versions between 2.10.0 and 5.2.0 are potentially affected. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 3.2 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3392 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2021-3409 CVE STATUS: Patched CVE SUMMARY: The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of service or potential code execution. QEMU up to (including) 5.2.0 is affected by this. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 5.7 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3409 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2021-3416 CVE STATUS: Patched CVE SUMMARY: A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3416 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2021-3507 CVE STATUS: Patched CVE SUMMARY: A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this flaw to crash the QEMU process on the host resulting in DoS scenario, or potential information leakage from the host memory. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 6.1 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3507 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2021-3527 CVE STATUS: Patched CVE SUMMARY: A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array (VLA) on the stack without proper validation. Since the total size is not bounded, a malicious guest could use this flaw to influence the array length and cause the QEMU process to perform an excessive allocation on the stack, resulting in a denial of service. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3527 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2021-3544 CVE STATUS: Patched CVE SUMMARY: Several memory leaks were found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. They exist in contrib/vhost-user-gpu/vhost-user-gpu.c and contrib/vhost-user-gpu/virgl.c due to improper release of memory (i.e., free) after effective lifetime. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3544 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2021-3545 CVE STATUS: Patched CVE SUMMARY: An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw exists in virgl_cmd_get_capset_info() in contrib/vhost-user-gpu/virgl.c and could occur due to the read of uninitialized memory. A malicious guest could exploit this issue to leak memory from the host. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3545 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2021-3546 CVE STATUS: Patched CVE SUMMARY: An out-of-bounds write vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw occurs while processing the 'VIRTIO_GPU_CMD_GET_CAPSET' command from the guest. It could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service condition, or potential code execution with the privileges of the QEMU process. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 8.2 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3546 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2021-3582 CVE STATUS: Patched CVE SUMMARY: A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. The issue occurs while handling a "PVRDMA_CMD_CREATE_MR" command due to improper memory remapping (mremap). This flaw allows a malicious guest to crash the QEMU process on the host. The highest threat from this vulnerability is to system availability. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3582 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2021-3607 CVE STATUS: Patched CVE SUMMARY: An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest due to improper input validation. This flaw allows a privileged guest user to make QEMU allocate a large amount of memory, resulting in a denial of service. The highest threat from this vulnerability is to system availability. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 6.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3607 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2021-3608 CVE STATUS: Patched CVE SUMMARY: A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest and may result in a crash of QEMU or cause undefined behavior due to the access of an uninitialized pointer. The highest threat from this vulnerability is to system availability. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 6.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3608 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2021-3611 CVE STATUS: Patched CVE SUMMARY: A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3611 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2021-3638 CVE STATUS: Patched CVE SUMMARY: An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3638 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2021-3682 CVE STATUS: Patched CVE SUMMARY: A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() with faked heap chunk metadata, resulting in a crash of QEMU or potential code execution with the privileges of the QEMU process on the host. CVSS v2 BASE SCORE: 6.0 CVSS v3 BASE SCORE: 8.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3682 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2021-3713 CVE STATUS: Patched CVE SUMMARY: An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0. The device uses the guest supplied stream number unchecked, which can lead to out-of-bounds access to the UASDevice->data3 and UASDevice->status3 fields. A malicious guest user could use this flaw to crash QEMU or potentially achieve code execution with the privileges of the QEMU process on the host. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.4 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3713 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2021-3735 CVE STATUS: Patched CVE SUMMARY: A deadlock issue was found in the AHCI controller device of QEMU. It occurs on a software reset (ahci_reset_port) while handling a host-to-device Register FIS (Frame Information Structure) packet from the guest. A privileged user inside the guest could use this flaw to hang the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.4 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3735 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2021-3748 CVE STATUS: Patched CVE SUMMARY: A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting in a denial of service condition, or potentially execute code on the host with the privileges of the QEMU process. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3748 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2021-3750 CVE STATUS: Patched CVE SUMMARY: A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions (such as reset) while the device is still transferring packets. This can ultimately lead to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code within the context of the QEMU process on the host. This flaw affects QEMU versions before 7.0.0. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 8.2 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3750 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2021-3929 CVE STATUS: Patched CVE SUMMARY: A DMA reentrancy issue was found in the NVM Express Controller (NVME) emulation in QEMU. This CVE is similar to CVE-2021-3750 and, just like it, when the reentrancy write triggers the reset function nvme_ctrl_reset(), data structs will be freed leading to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition or, potentially, executing arbitrary code within the context of the QEMU process on the host. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.2 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3929 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2021-3930 CVE STATUS: Patched CVE SUMMARY: An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU, resulting in a denial of service condition. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3930 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2021-3947 CVE STATUS: Patched CVE SUMMARY: A stack-buffer-overflow was found in QEMU in the NVME component. The flaw lies in nvme_changed_nslist() where a malicious guest controlling certain input can read out of bounds memory. A malicious user could use this flaw leading to disclosure of sensitive information. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3947 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2021-4145 CVE STATUS: Patched CVE SUMMARY: A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.2.0. The `self` pointer is dereferenced in mirror_wait_on_conflicts() without ensuring that it's not NULL. A malicious unprivileged user within the guest could use this flaw to crash the QEMU process on the host when writing data reaches the threshold of mirroring node. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4145 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2021-4158 CVE STATUS: Patched CVE SUMMARY: A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious, privileged user within the guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4158 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2021-4206 CVE STATUS: Patched CVE SUMMARY: A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 8.2 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4206 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2021-4207 CVE STATUS: Patched CVE SUMMARY: A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 8.2 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4207 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2022-0216 CVE STATUS: Patched CVE SUMMARY: A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a denial of service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.4 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0216 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2022-0358 CVE STATUS: Patched CVE SUMMARY: A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of the group. This could allow a malicious unprivileged user inside the guest to gain access to resources accessible to the root group, potentially escalating their privileges within the guest. A malicious local user in the host might also leverage this unexpected executable file created by the guest to escalate their privileges on the host system. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0358 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2022-1050 CVE STATUS: Patched CVE SUMMARY: A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to execute HW commands when shared buffers are not yet allocated, potentially leading to a use-after-free condition. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1050 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2022-26353 CVE STATUS: Patched CVE SUMMARY: A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-26353 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2022-26354 CVE STATUS: Patched CVE SUMMARY: A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 3.2 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-26354 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2022-2962 CVE STATUS: Patched CVE SUMMARY: A DMA reentrancy issue was found in the Tulip device emulation in QEMU. When Tulip reads or writes to the rx/tx descriptor or copies the rx/tx frame, it doesn't check whether the destination address is its own MMIO address. This can cause the device to trigger MMIO handlers multiple times, possibly leading to a stack or heap overflow. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2962 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2022-3165 CVE STATUS: Patched CVE SUMMARY: An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3165 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2022-35414 CVE STATUS: Patched CVE SUMMARY: softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash. NOTE: a third party states that the Non-virtualization Use Case in the qemu.org reference applies here, i.e., "Bugs affecting the non-virtualization use case are not considered security bugs at this time. CVSS v2 BASE SCORE: 6.1 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-35414 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2022-36648 CVE STATUS: Patched CVE SUMMARY: The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS. Note: This has been disputed by multiple third parties as not a valid vulnerability due to the rocker device not falling within the virtualization use case. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 10.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-36648 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2022-3872 CVE STATUS: Patched CVE SUMMARY: An off-by-one read/write issue was found in the SDHCI device of QEMU. It occurs when reading/writing the Buffer Data Port Register in sdhci_read_dataport and sdhci_write_dataport, respectively, if data_count == block_size. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.6 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3872 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2022-4144 CVE STATUS: Patched CVE SUMMARY: An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use this flaw to crash the QEMU process on the host causing a denial of service condition. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-4144 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2022-4172 CVE STATUS: Patched CVE SUMMARY: An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record() functions. Both issues may allow the guest to overrun the host buffer allocated for the ERST memory device. A malicious guest could use these flaws to crash the QEMU process on the host. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-4172 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2023-0330 CVE STATUS: Patched CVE SUMMARY: A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0330 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2023-0664 CVE STATUS: Ignored CVE DETAIL: not-applicable-platform CVE DESCRIPTION: Issue only applies on Windows CVE SUMMARY: A flaw was found in the QEMU Guest Agent service for Windows. A local unprivileged user may be able to manipulate the QEMU Guest Agent's Windows installer via repair custom actions to elevate their privileges on the system. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0664 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2023-1386 CVE STATUS: Unpatched CVE SUMMARY: A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. When a local user in the guest writes an executable file with SUID or SGID, none of these privileged bits are correctly dropped. As a result, in rare circumstances, this flaw could be used by malicious users in the guest to elevate their privileges within the guest and help a host local user to elevate privileges on the host. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 3.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-1386 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2023-1544 CVE STATUS: Patched CVE SUMMARY: A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a huge number of page tables to be used as a ring of descriptors for CQ and async events, potentially leading to an out-of-bounds read and crash of QEMU. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-1544 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2023-2680 CVE STATUS: Ignored CVE DETAIL: not-applicable-platform CVE DESCRIPTION: RHEL specific issue. CVE SUMMARY: This CVE exists because of an incomplete fix for CVE-2021-3750. More specifically, the qemu-kvm package as released for Red Hat Enterprise Linux 9.1 via RHSA-2022:7967 included a version of qemu-kvm that was actually missing the fix for CVE-2021-3750. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-2680 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2023-2861 CVE STATUS: Patched CVE SUMMARY: A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-2861 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2023-3019 CVE STATUS: Ignored CVE DETAIL: cpe-incorrect CVE DESCRIPTION: Applies only against versions before 8.2.0 CVE SUMMARY: A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-3019 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2023-3180 CVE STATUS: Patched CVE SUMMARY: A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-3180 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2023-3255 CVE STATUS: Patched CVE SUMMARY: A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. A wrong exit condition may lead to an infinite loop when inflating an attacker controlled zlib buffer in the `inflate_buffer` function. This could allow a remote authenticated client who is able to send a clipboard to the VNC server to trigger a denial of service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-3255 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2023-3301 CVE STATUS: Patched CVE SUMMARY: A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.6 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-3301 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2023-3354 CVE STATUS: Patched CVE SUMMARY: A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the connection again, resulting in a NULL pointer dereference issue. This could allow a remote unauthenticated client to cause a denial of service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-3354 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2023-40360 CVE STATUS: Patched CVE SUMMARY: QEMU through 8.0.4 accesses a NULL pointer in nvme_directive_receive in hw/nvme/ctrl.c because there is no check for whether an endurance group is configured before checking whether Flexible Data Placement is enabled. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-40360 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2023-4135 CVE STATUS: Patched CVE SUMMARY: A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. The QEMU process does not validate an offset provided by the guest before computing a host heap pointer, which is used for copying data back to the guest. Arbitrary heap memory relative to an allocated buffer can be disclosed. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4135 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2023-42467 CVE STATUS: Patched CVE SUMMARY: QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_select does not prevent s->qdev.blocksize from being 256. This stops QEMU and the guest immediately. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-42467 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2023-5088 CVE STATUS: Ignored CVE DETAIL: cpe-incorrect CVE DESCRIPTION: Applies only against version 8.2.0 and earlier CVE SUMMARY: A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM's boot code). This could be used, for example, by L2 guests with a virtual disk (vdiskL2) stored on a virtual disk of an L1 (vdiskL1) hypervisor to read and/or write data to LBA 0 of vdiskL1, potentially gaining control of L1 at its next reboot. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.4 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-5088 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2023-6683 CVE STATUS: Ignored CVE DETAIL: cpe-incorrect CVE DESCRIPTION: Applies only against version 8.2.1 and earlier CVE SUMMARY: A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu_clipboard_request() function can be reached before vnc_server_cut_text_caps() was called and had the chance to initialize the clipboard peer, leading to a NULL pointer dereference. This could allow a malicious authenticated VNC client to crash QEMU and trigger a denial of service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-6683 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2023-6693 CVE STATUS: Ignored CVE DETAIL: cpe-incorrect CVE DESCRIPTION: Applies only against version 8.2.0 and earlier CVE SUMMARY: A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flush_tx function if guest features VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_VERSION_1 and VIRTIO_NET_F_MRG_RXBUF are enabled. This could allow a malicious user to overwrite local variables allocated on the stack. Specifically, the `out_sg` variable could be used to read a part of process memory and send it to the wire, causing an information leak. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.9 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-6693 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2024-26327 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c mishandles the situation where a guest writes NumVFs greater than TotalVFs, leading to a buffer overflow in VF implementations. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-26327 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2024-26328 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c does not set NumVFs to PCI_SRIOV_TOTAL_VF, and thus interaction with hw/nvme/ctrl.c is mishandled. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-26328 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2024-3567 CVE STATUS: Patched CVE SUMMARY: A flaw was found in QEMU. An assertion failure was present in the update_sctp_checksum() function in hw/net/net_tx_pkt.c when trying to calculate the checksum of a short-sized fragmented packet. This flaw allows a malicious guest to crash QEMU and cause a denial of service condition. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-3567 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2024-6505 CVE STATUS: Patched CVE DETAIL: fixed-version CVE DESCRIPTION: this CVE is fixed since 9.1.0 CVE SUMMARY: A flaw was found in the virtio-net device in QEMU. When enabling the RSS feature on the virtio-net network card, the indirections_table data within RSS becomes controllable. Setting excessively large values may cause an index out-of-bounds issue, potentially resulting in heap overflow access. This flaw allows a privileged user in the guest to crash the QEMU process on the host. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-6505 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2024-8354 CVE STATUS: Unpatched CVE SUMMARY: A flaw was found in QEMU. An assertion failure was present in the usb_ep_get() function in hw/net/core.c when trying to get the USB endpoint from a USB device. This flaw may allow a malicious unprivileged guest user to crash the QEMU process on the host and cause a denial of service condition. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-8354 LAYER: meta PACKAGE NAME: libxrandr PACKAGE VERSION: 1_1.5.4 CVE: CVE-2013-1986 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in X.org libXrandr 1.4.0 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XRRQueryOutputProperty and (2) XRRQueryProviderProperty functions. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1986 LAYER: meta PACKAGE NAME: libxrandr PACKAGE VERSION: 1_1.5.4 CVE: CVE-2016-7947 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in X.org libXrandr before 1.5.1 allow remote X servers to trigger out-of-bounds write operations via a crafted response. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7947 LAYER: meta PACKAGE NAME: libxrandr PACKAGE VERSION: 1_1.5.4 CVE: CVE-2016-7948 CVE STATUS: Patched CVE SUMMARY: X.org libXrandr before 1.5.1 allows remote X servers to trigger out-of-bounds write operations by leveraging mishandling of reply data. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7948 LAYER: meta-tpm PACKAGE NAME: swtpm PACKAGE VERSION: 1_0.8.1 CVE: CVE-2020-28407 CVE STATUS: Patched CVE SUMMARY: In swtpm before 0.4.2 and 0.5.x before 0.5.1, a local attacker may be able to overwrite arbitrary files via a symlink attack against a temporary file such as TMP2-00.permall. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.1 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-28407 LAYER: meta-tpm PACKAGE NAME: swtpm PACKAGE VERSION: 1_0.8.1 CVE: CVE-2022-23645 CVE STATUS: Patched CVE SUMMARY: swtpm is a libtpms-based TPM emulator with socket, character device, and Linux CUSE interface. Versions prior to 0.5.3, 0.6.2, and 0.7.1 are vulnerable to out-of-bounds read. A specially crafted header of swtpm's state, where the blobheader's hdrsize indicator has an invalid value, may cause an out-of-bounds access when the byte array representing the state of the TPM is accessed. This will likely crash swtpm or prevent it from starting since the state cannot be understood. Users should upgrade to swtpm v0.5.3, v0.6.2, or v0.7.1 to receive a patch. There are currently no known workarounds. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.2 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-23645 LAYER: meta PACKAGE NAME: logrotate PACKAGE VERSION: 3.21.0 CVE: CVE-2011-1098 CVE STATUS: Patched CVE SUMMARY: Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1098 LAYER: meta PACKAGE NAME: logrotate PACKAGE VERSION: 3.21.0 CVE: CVE-2011-1154 CVE STATUS: Patched CVE SUMMARY: The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1154 LAYER: meta PACKAGE NAME: logrotate PACKAGE VERSION: 3.21.0 CVE: CVE-2011-1155 CVE STATUS: Patched CVE SUMMARY: The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) \n (newline) or (2) \ (backslash) character in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1155 LAYER: meta PACKAGE NAME: logrotate PACKAGE VERSION: 3.21.0 CVE: CVE-2011-1548 CVE STATUS: Ignored CVE DETAIL: not-applicable-platform CVE DESCRIPTION: CVE is debian, gentoo or SUSE specific on the way logrotate was installed/used CVE SUMMARY: The default configuration of logrotate on Debian GNU/Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by /var/log/postgresql/. CVSS v2 BASE SCORE: 6.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1548 LAYER: meta PACKAGE NAME: logrotate PACKAGE VERSION: 3.21.0 CVE: CVE-2011-1549 CVE STATUS: Ignored CVE DETAIL: not-applicable-platform CVE DESCRIPTION: CVE is debian, gentoo or SUSE specific on the way logrotate was installed/used CVE SUMMARY: The default configuration of logrotate on Gentoo Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories under /var/log/ for packages. CVSS v2 BASE SCORE: 6.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1549 LAYER: meta PACKAGE NAME: logrotate PACKAGE VERSION: 3.21.0 CVE: CVE-2011-1550 CVE STATUS: Ignored CVE DETAIL: not-applicable-platform CVE DESCRIPTION: CVE is debian, gentoo or SUSE specific on the way logrotate was installed/used CVE SUMMARY: The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories for the (1) cobbler, (2) inn, (3) safte-monitor, and (4) uucp packages. CVSS v2 BASE SCORE: 6.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1550 LAYER: meta PACKAGE NAME: logrotate PACKAGE VERSION: 3.21.0 CVE: CVE-2022-1348 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an unprivileged user to lock the state file, stopping any rotation. This flaw affects logrotate versions before 3.20.0. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1348 LAYER: meta PACKAGE NAME: connman PACKAGE VERSION: 1.42 CVE: CVE-2012-2320 CVE STATUS: Patched CVE SUMMARY: ConnMan before 0.85 does not ensure that netlink messages originate from the kernel, which allows remote attackers to bypass intended access restrictions and cause a denial of service via a crafted netlink message. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2320 LAYER: meta PACKAGE NAME: connman PACKAGE VERSION: 1.42 CVE: CVE-2012-2321 CVE STATUS: Patched CVE SUMMARY: The loopback plug-in in ConnMan before 0.85 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) host name or (2) domain name in a DHCP reply. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2321 LAYER: meta PACKAGE NAME: connman PACKAGE VERSION: 1.42 CVE: CVE-2012-2322 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the dhcpv6_get_option function in gdhcp/client.c in ConnMan before 0.85 allows remote attackers to cause a denial of service (infinite loop and crash) via an invalid length value in a DHCP packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2322 LAYER: meta PACKAGE NAME: connman PACKAGE VERSION: 1.42 CVE: CVE-2012-6459 CVE STATUS: Patched CVE SUMMARY: ConnMan 1.3 on Tizen continues to list the bluetooth service after offline mode has been enabled, which might allow remote attackers to obtain sensitive information via Bluetooth packets. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6459 LAYER: meta PACKAGE NAME: connman PACKAGE VERSION: 1.42 CVE: CVE-2017-12865 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in "dnsproxy.c" in connman 1.34 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted response query string passed to the "name" variable. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12865 LAYER: meta PACKAGE NAME: connman PACKAGE VERSION: 1.42 CVE: CVE-2021-26675 CVE STATUS: Patched CVE SUMMARY: A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-26675 LAYER: meta PACKAGE NAME: connman PACKAGE VERSION: 1.42 CVE: CVE-2021-26676 CVE STATUS: Patched CVE SUMMARY: gdhcp in ConnMan before 1.39 could be used by network-adjacent attackers to leak sensitive stack information, allowing further exploitation of bugs in gdhcp. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-26676 LAYER: meta PACKAGE NAME: connman PACKAGE VERSION: 1.42 CVE: CVE-2021-33833 CVE STATUS: Patched CVE SUMMARY: ConnMan (aka Connection Manager) 1.30 through 1.39 has a stack-based buffer overflow in uncompress in dnsproxy.c via NAME, RDATA, or RDLENGTH (for A or AAAA). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-33833 LAYER: meta PACKAGE NAME: connman PACKAGE VERSION: 1.42 CVE: CVE-2022-23096 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation lacks a check for the presence of sufficient Header Data, leading to an out-of-bounds read. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-23096 LAYER: meta PACKAGE NAME: connman PACKAGE VERSION: 1.42 CVE: CVE-2022-23097 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the DNS proxy in Connman through 1.40. forward_dns_reply mishandles a strnlen call, leading to an out-of-bounds read. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-23097 LAYER: meta PACKAGE NAME: connman PACKAGE VERSION: 1.42 CVE: CVE-2022-23098 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation has an infinite loop if no data is received. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-23098 LAYER: meta PACKAGE NAME: connman PACKAGE VERSION: 1.42 CVE: CVE-2022-32292 CVE STATUS: Patched CVE SUMMARY: In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in received_data to execute code. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-32292 LAYER: meta PACKAGE NAME: connman PACKAGE VERSION: 1.42 CVE: CVE-2022-32293 CVE STATUS: Patched CVE SUMMARY: In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HTTP query could be used to trigger a use-after-free in WISPR handling, leading to crashes or code execution. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-32293 LAYER: meta PACKAGE NAME: connman PACKAGE VERSION: 1.42 CVE: CVE-2023-28488 CVE STATUS: Patched CVE SUMMARY: client.c in gdhcp in ConnMan through 1.41 could be used by network-adjacent attackers (operating a crafted DHCP server) to cause a stack-based buffer overflow and denial of service, terminating the connman process. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-28488 LAYER: meta PACKAGE NAME: libpcap PACKAGE VERSION: 1.10.4 CVE: CVE-2011-1935 CVE STATUS: Patched CVE SUMMARY: pcap-linux.c in libpcap 1.1.1 before commit ea9432fabdf4b33cbc76d9437200e028f1c47c93 when snaplen is set may truncate packets, which might allow remote attackers to send arbitrary data while avoiding detection via crafted packets. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1935 LAYER: meta PACKAGE NAME: libpcap PACKAGE VERSION: 1.10.4 CVE: CVE-2019-15161 CVE STATUS: Patched CVE SUMMARY: rpcapd/daemon.c in libpcap before 1.9.1 mishandles certain length values because of reuse of a variable. This may open up an attack vector involving extra data at the end of a request. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-15161 LAYER: meta PACKAGE NAME: libpcap PACKAGE VERSION: 1.10.4 CVE: CVE-2019-15162 CVE STATUS: Patched CVE SUMMARY: rpcapd/daemon.c in libpcap before 1.9.1 on non-Windows platforms provides details about why authentication failed, which might make it easier for attackers to enumerate valid usernames. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-15162 LAYER: meta PACKAGE NAME: libpcap PACKAGE VERSION: 1.10.4 CVE: CVE-2019-15163 CVE STATUS: Patched CVE SUMMARY: rpcapd/daemon.c in libpcap before 1.9.1 allows attackers to cause a denial of service (NULL pointer dereference and daemon crash) if a crypt() call fails. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-15163 LAYER: meta PACKAGE NAME: libpcap PACKAGE VERSION: 1.10.4 CVE: CVE-2019-15164 CVE STATUS: Patched CVE SUMMARY: rpcapd/daemon.c in libpcap before 1.9.1 allows SSRF because a URL may be provided as a capture source. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-15164 LAYER: meta PACKAGE NAME: libpcap PACKAGE VERSION: 1.10.4 CVE: CVE-2019-15165 CVE STATUS: Patched CVE SUMMARY: sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-15165 LAYER: meta PACKAGE NAME: libpcap PACKAGE VERSION: 1.10.4 CVE: CVE-2023-7256 CVE STATUS: Patched CVE SUMMARY: In affected libpcap versions during the setup of a remote packet capture the internal function sock_initaddress() calls getaddrinfo() and possibly freeaddrinfo(), but does not clearly indicate to the caller function whether freeaddrinfo() still remains to be called after the function returns. This makes it possible in some scenarios that both the function and its caller call freeaddrinfo() for the same allocated memory block. A similar problem was reported in Apple libpcap, to which Apple assigned CVE-2023-40400. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.4 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-7256 LAYER: meta PACKAGE NAME: libpcap PACKAGE VERSION: 1.10.4 CVE: CVE-2024-8006 CVE STATUS: Patched CVE SUMMARY: Remote packet capture support is disabled by default in libpcap. When a user builds libpcap with remote packet capture support enabled, one of the functions that become available is pcap_findalldevs_ex(). One of the function arguments can be a filesystem path, which normally means a directory with input data files. When the specified path cannot be used as a directory, the function receives NULL from opendir(), but does not check the return value and passes the NULL value to readdir(), which causes a NULL pointer derefence. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.4 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-8006 LAYER: meta PACKAGE NAME: librepo PACKAGE VERSION: 1.17.0 CVE: CVE-2020-14352 CVE STATUS: Patched CVE SUMMARY: A flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository metadata. An attacker controlling a remote repository may be able to copy files outside of the destination directory on the targeted system via path traversal. This flaw could potentially result in system compromise via the overwriting of critical system files. The highest threat from this flaw is to users that make use of untrusted third-party repositories. CVSS v2 BASE SCORE: 8.5 CVSS v3 BASE SCORE: 8.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:S/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-14352 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2005-4048 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the avcodec_default_get_buffer function (utils.c) in FFmpeg libavcodec 0.4.9-pre1 and earlier, as used in products such as (1) mplayer, (2) xine-lib, (3) Xmovie, and (4) GStreamer, allows remote attackers to execute arbitrary commands via small PNG images with palettes. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-4048 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2006-4800 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to cause a denial of service or possibly execute arbitrary code via multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c, (4) sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9) cook.c, (10) shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c. NOTE: it is likely that this is a different vulnerability than CVE-2005-4048 and CVE-2006-2802. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-4800 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2008-3162 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the str_read_packet function in libavformat/psxstr.c in FFmpeg before r13993 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted STR file that interleaves audio and video sectors. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3162 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2008-4866 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in libavformat/utils.c in FFmpeg 0.4.9 before r14715, as used by MPlayer, allow context-dependent attackers to have an unknown impact via vectors related to execution of DTS generation code with a delay greater than MAX_REORDER_DELAY. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-4866 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2008-4867 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in libavcodec/dca.c in FFmpeg 0.4.9 before r14917, as used by MPlayer, allows context-dependent attackers to have an unknown impact via vectors related to an incorrect DCA_MAX_FRAME_SIZE value. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-4867 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2008-4868 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the avcodec_close function in libavcodec/utils.c in FFmpeg 0.4.9 before r14787, as used by MPlayer, has unknown impact and attack vectors, related to a free "on random pointers." CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-4868 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2008-4869 CVE STATUS: Patched CVE SUMMARY: FFmpeg 0.4.9, as used by MPlayer, allows context-dependent attackers to cause a denial of service (memory consumption) via unknown vectors, aka a "Tcp/udp memory leak." CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-4869 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2009-0385 CVE STATUS: Patched CVE SUMMARY: Integer signedness error in the fourxm_read_header function in libavformat/4xm.c in FFmpeg before revision 16846 allows remote attackers to execute arbitrary code via a malformed 4X movie file with a large current_track value, which triggers a NULL pointer dereference. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-0385 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2009-4631 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the VP3 decoder (vp3.c) in FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted VP3 file that triggers an out-of-bounds read and possibly memory corruption. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-4631 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2009-4632 CVE STATUS: Patched CVE SUMMARY: oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain pointer arithmetic, which might allow remote attackers to obtain sensitive memory contents and cause a denial of service via a crafted file that triggers an out-of-bounds read. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-4632 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2009-4633 CVE STATUS: Patched CVE SUMMARY: vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a comparison operator was intended, which might allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that modifies a loop counter and triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-4633 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2009-4634 CVE STATUS: Patched CVE SUMMARY: Multiple integer underflows in FFmpeg 0.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that (1) bypasses a validation check in vorbis_dec.c and triggers a wraparound of the stack pointer, or (2) access a pointer from out-of-bounds memory in mov.c, related to an elst tag that appears before a tag that creates a stream. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-4634 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2009-4635 CVE STATUS: Patched CVE SUMMARY: FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted MOV container with improperly ordered tags that cause (1) mov.c and (2) utils.c to use inconsistent codec types and identifiers, leading to processing of a video-structure pointer by the mp3 decoder, and a stack-based buffer overflow. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-4635 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2009-4636 CVE STATUS: Patched CVE SUMMARY: FFmpeg 0.5 allows remote attackers to cause a denial of service (hang) via a crafted file that triggers an infinite loop. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-4636 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2009-4637 CVE STATUS: Patched CVE SUMMARY: FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a stack-based buffer overflow. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-4637 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2009-4638 CVE STATUS: Patched CVE SUMMARY: Integer overflow in FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-4638 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2009-4639 CVE STATUS: Patched CVE SUMMARY: The av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) via a crafted AVI file that triggers a divide-by-zero error. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-4639 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2009-4640 CVE STATUS: Patched CVE SUMMARY: Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Vorbis file that triggers an out-of-bounds read. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-4640 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2010-3429 CVE STATUS: Patched CVE SUMMARY: flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer and other products, allows remote attackers to execute arbitrary code via a crafted flic file, related to an "arbitrary offset dereference vulnerability." CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-3429 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2010-3908 CVE STATUS: Patched CVE SUMMARY: FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed WMV file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-3908 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2010-4704 CVE STATUS: Patched CVE SUMMARY: libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function. NOTE: this might overlap CVE-2011-0480. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-4704 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2010-4705 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the vorbis_residue_decode_internal function in libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg, possibly 0.6, has unspecified impact and remote attack vectors, related to the sizes of certain integer data types. NOTE: this might overlap CVE-2011-0480. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-4705 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2011-0722 CVE STATUS: Patched CVE SUMMARY: FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a malformed RealMedia file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-0722 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2011-0723 CVE STATUS: Patched CVE SUMMARY: FFmpeg 0.5.x, as used in MPlayer and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed VC-1 file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-0723 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2011-1931 CVE STATUS: Patched CVE SUMMARY: sp5xdec.c in the Sunplus SP5X JPEG decoder in libavcodec in FFmpeg before 0.6.3 and libav through 0.6.2, as used in VideoLAN VLC media player 1.1.9 and earlier and other products, performs a write operation outside the bounds of an unspecified array, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a malformed AMV file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1931 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2011-2160 CVE STATUS: Patched CVE SUMMARY: The VC-1 decoding functionality in FFmpeg before 0.5.4, as used in MPlayer and other products, does not properly restrict read operations, which allows remote attackers to have an unspecified impact via a crafted VC-1 file, a related issue to CVE-2011-0723. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-2160 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2011-2161 CVE STATUS: Patched CVE SUMMARY: The ape_read_header function in ape.c in libavformat in FFmpeg before 0.5.4, as used in MPlayer, VideoLAN VLC media player, and other products, allows remote attackers to cause a denial of service (application crash) via an APE (aka Monkey's Audio) file that contains a header but no frames. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-2161 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2011-2162 CVE STATUS: Patched CVE SUMMARY: Multiple unspecified vulnerabilities in FFmpeg 0.4.x through 0.6.x, as used in MPlayer 1.0 and other products, in Mandriva Linux 2009.0, 2010.0, and 2010.1; Corporate Server 4.0 (aka CS4.0); and Mandriva Enterprise Server 5 (aka MES5) have unknown impact and attack vectors, related to issues "originally discovered by Google Chrome developers." CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-2162 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2011-3362 CVE STATUS: Patched CVE SUMMARY: Integer signedness error in the decode_residual_block function in cavsdec.c in libavcodec in FFmpeg before 0.7.3 and 0.8.x before 0.8.2, and libav through 0.7.1, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Chinese AVS video (aka CAVS) file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3362 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2011-3504 CVE STATUS: Patched CVE SUMMARY: The Matroska format decoder in FFmpeg before 0.8.3 does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3504 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2011-3929 CVE STATUS: Patched CVE SUMMARY: The avpriv_dv_produce_packet function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly execute arbitrary code via a crafted DV file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3929 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2011-3934 CVE STATUS: Patched CVE SUMMARY: Double free vulnerability in the vp3_update_thread_context function in libavcodec/vp3.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted vp3 data. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3934 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2011-3935 CVE STATUS: Patched CVE SUMMARY: The codec_get_buffer function in ffmpeg.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via vectors related to a crafted image size. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3935 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2011-3936 CVE STATUS: Patched CVE SUMMARY: The dv_extract_audio function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DV file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3936 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2011-3937 CVE STATUS: Patched CVE SUMMARY: The H.263 codec (libavcodec/h263dec.c) in FFmpeg 0.7.x before 0.7.12, 0.8.x before 0.8.11, and unspecified versions before 0.10, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 has unspecified impact and attack vectors related to "width/height changing with frame threads." CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3937 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2011-3940 CVE STATUS: Patched CVE SUMMARY: nsvdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (out-of-bounds read and write) via a crafted NSV file that triggers "use of uninitialized streams." CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3940 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2011-3941 CVE STATUS: Patched CVE SUMMARY: The decode_mb function in libavcodec/error_resilience.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via vectors related to an uninitialized block index, which triggers an out-of-bounds write. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3941 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2011-3944 CVE STATUS: Patched CVE SUMMARY: The smacker_decode_header_tree function in libavcodec/smacker.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Smacker data. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3944 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2011-3945 CVE STATUS: Patched CVE SUMMARY: The decode_frame function in the KVG1 decoder (kgv1dec.c) in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted media file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3945 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2011-3946 CVE STATUS: Patched CVE SUMMARY: The ff_h264_decode_sei function in libavcodec/h264_sei.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Supplemental enhancement information (SEI) data, which triggers an infinite loop. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3946 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2011-3947 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in mjpegbdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MJPEG-B file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3947 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2011-3949 CVE STATUS: Patched CVE SUMMARY: The dirac_unpack_idwt_params function in libavcodec/diracdec.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Dirac data. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3949 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2011-3950 CVE STATUS: Patched CVE SUMMARY: The dirac_decode_data_unit function in libavcodec/diracdec.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via a crafted value in the reference pictures number. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3950 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2011-3951 CVE STATUS: Patched CVE SUMMARY: The dpcm_decode_frame function in dpcm.c in libavcodec in FFmpeg before 0.10 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted stereo stream in a media file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3951 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2011-3952 CVE STATUS: Patched CVE SUMMARY: The decode_init function in kmvc.c in libavcodec in FFmpeg before 0.10 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large palette size in a KMVC encoded file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3952 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2011-3973 CVE STATUS: Patched CVE SUMMARY: cavsdec.c in libavcodec in FFmpeg before 0.7.4 and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video (aka CAVS) file, related to the decode_residual_block, check_for_slice, and cavs_decode_frame functions, a different vulnerability than CVE-2011-3362. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3973 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2011-3974 CVE STATUS: Patched CVE SUMMARY: Integer signedness error in the decode_residual_inter function in cavsdec.c in libavcodec in FFmpeg before 0.7.4 and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video (aka CAVS) file, a different vulnerability than CVE-2011-3362. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3974 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2011-4031 CVE STATUS: Patched CVE SUMMARY: Integer underflow in the asfrtp_parse_packet function in libavformat/rtpdec_asf.c in FFmpeg before 0.8.3 allows remote attackers to execute arbitrary code via a crafted ASF packet. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-4031 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2011-4351 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in FFmpeg before 0.5.6, 0.6.x before 0.6.4, 0.7.x before 0.7.8, and 0.8.x before 0.8.8 allows remote attackers to execute arbitrary code via unspecified vectors. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-4351 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2011-4352 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the vp3_dequant function in the VP3 decoder (vp3.c) in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VP3 stream, which triggers a buffer overflow. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-4352 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2011-4353 CVE STATUS: Patched CVE SUMMARY: The (1) av_image_fill_pointers, (2) vp5_parse_coeff, and (3) vp6_parse_coeff functions in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allow remote attackers to cause a denial of service (out-of-bounds read) via a crafted VP5 or VP6 stream. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-4353 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2011-4364 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the Sierra VMD decoder in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9 and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VMD file, related to corrupted streams. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-4364 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2011-4579 CVE STATUS: Patched CVE SUMMARY: The svq1_decode_frame function in the SVQ1 decoder (svq1dec.c) in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial of service (memory corruption) via a crafted SVQ1 stream, related to "dimensions changed." CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-4579 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2012-0847 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the avfilter_filter_samples function in libavfilter/avfilter.c in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) via a crafted media file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0847 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2012-0848 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the ws_snd_decode_frame function in libavcodec/ws-snd1.c in FFmpeg 0.9.1 allows remote attackers to cause a denial of service (application crash) via a crafted media file, related to an incorrect calculation, aka "wrong samples count." CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0848 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2012-0849 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the ff_j2k_dwt_init function in libavcodec/j2k_dwt.c in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted JPEG2000 image that triggers an incorrect check for a negative value. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0849 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2012-0850 CVE STATUS: Patched CVE SUMMARY: The sbr_qmf_synthesis function in libavcodec/aacsbr.c in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) via a crafted mpg file that triggers memory corruption involving the v_off variable, probably a buffer underflow. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0850 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2012-0851 CVE STATUS: Patched CVE SUMMARY: The ff_h264_decode_seq_parameter_set function in h264_ps.c in libavcodec in FFmpeg before 0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted H.264 file, related to the chroma_format_idc value. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0851 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2012-0852 CVE STATUS: Patched CVE SUMMARY: The adpcm_decode_frame function in adpcm.c in libavcodec in FFmpeg before 0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an ADPCM file with the number of channels not equal to two. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0852 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2012-0853 CVE STATUS: Patched CVE SUMMARY: The decodeTonalComponents function in the Actrac3 codec (atrac3.c) in libavcodec in FFmpeg 0.7.x before 0.7.12, and 0.8.x before 0.8.11; and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (infinite loop and crash) and possibly execute arbitrary code via a large component count in an Atrac 3 file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0853 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2012-0854 CVE STATUS: Patched CVE SUMMARY: The dpcm_decode_frame function in libavcodec/dpcm.c in FFmpeg before 0.9.1 does not use the proper pointer after an audio API change, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors, which triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0854 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2012-0855 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the get_sot function in the J2K decoder (j2k.c) in libavcodec in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) via unspecified vectors related to the curtileno variable. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0855 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2012-0856 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the MPV_frame_start function in libavcodec/mpegvideo.c in FFmpeg before 0.9.1, when the lowres option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted H263 media file. NOTE: this vulnerability exists because of a regression error. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0856 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2012-0857 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in the get_qcx function in the J2K decoder (j2kdec.c) in libavcode in FFmpeg before 0.9.1 allow remote attackers to cause a denial of service (application crash) via unspecified vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0857 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2012-0858 CVE STATUS: Patched CVE SUMMARY: The Shorten codec (shorten.c) in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Shorten file, related to an "invalid free". CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0858 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2012-0859 CVE STATUS: Patched CVE SUMMARY: The render_line function in the vorbis codec (vorbis.c) in libavcodec in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Vorbis file, related to a large multiplier. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3893. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0859 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2012-2771 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2773, CVE-2012-2778, CVE-2012-2780, and CVE-2012-2781. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2771 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2012-2772 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the ff_rv34_decode_frame function in libavcodec/rv34.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to "width/height changing with frame threading." CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2772 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2012-2773 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2778, CVE-2012-2780, and CVE-2012-2781. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2773 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2012-2774 CVE STATUS: Patched CVE SUMMARY: The ff_MPV_frame_start function in libavcodec/mpegvideo.c in FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) via unspecified vectors, related to starting "a frame outside SETUP state." CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2774 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2012-2775 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the read_var_block_data function in libavcodec/alsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to a large order and an "out of array write in quant_cof." CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2775 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2012-2776 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the decode_cell_data function in libavcodec/indeo3.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to an "out of picture write." CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2776 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2012-2777 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the decode_pic function in libavcodec/cavsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to "width/height changing in CAVS," a different vulnerability than CVE-2012-2784. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2777 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2012-2778 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2780, and CVE-2012-2781. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2778 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2012-2779 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the decode_frame function in libavcodec/indeo5.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an invalid "gop header" and decoding in a "half initialized context." CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2779 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2012-2780 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2778, and CVE-2012-2781. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2780 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2012-2781 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2778, and CVE-2012-2780. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2781 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2012-2782 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the decode_slice_header function in libavcodec/h264.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to a "rejected resolution change." CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2782 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2012-2783 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in libavcodec/vp56.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, has unknown impact and attack vectors, related to "freeing the returned frame." CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2783 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2012-2784 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the decode_pic function in libavcodec/cavsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to "width/height changing in CAVS," a different vulnerability than CVE-2012-2777. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2784 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2012-2785 CVE STATUS: Patched CVE SUMMARY: Multiple unspecified vulnerabilities in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 have unknown impact and attack vectors, related to (1) "some subframes only encode some channels" or (2) a large order value. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2785 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2012-2786 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the decode_wdlt function in libavcodec/dfa.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an "out of array write." CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2786 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2012-2787 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the decode_frame function in libavcodec/indeo4.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to the "setup width/height." CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2787 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2012-2788 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the avi_read_packet function in libavformat/avidec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an "out of array read" when a "packet is shrunk." CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2788 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2012-2789 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the avi_read_packet function in libavformat/avidec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to a large number of vector coded coefficients (num_vec_coeffs). CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2789 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2012-2790 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the read_var_block_data function in libavcodec/alsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to the "number of decoded samples in first sub-block in BGMC mode." CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2790 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2012-2791 CVE STATUS: Patched CVE SUMMARY: Multiple unspecified vulnerabilities in the (1) decode_band_hdr function in indeo4.c and (2) ff_ivi_decode_blocks function in ivi_common.c in libavcodec/ in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, have unknown impact and attack vectors, related to the "transform size." CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2791 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2012-2792 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the decode_init function in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to the samples per frame. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2792 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2012-2793 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the lag_decode_zero_run_line function in libavcodec/lagarith.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors related to "too many zeros." CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2793 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2012-2794 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the decode_mb_info function in libavcodec/indeo5.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors in which the "allocated tile size ... mismatches parameters." CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2794 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2012-2795 CVE STATUS: Patched CVE SUMMARY: Multiple unspecified vulnerabilities in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 have unknown impact and attack vectors related to (1) size of "mclms arrays," (2) "a get_bits(0) in decode_ac_filter," and (3) "too many bits in decode_channel_residues()." CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2795 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2012-2796 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the vc1_decode_frame function in libavcodec/vc1dec.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to inconsistencies in "coded slice positions and interlacing" that trigger "out of array writes." CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2796 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2012-2797 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the decode_frame_mp3on4 function in libavcodec/mpegaudiodec.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.5 has unknown impact and attack vectors related to a calculation that prevents a frame from being "large enough." CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2797 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2012-2798 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an "out of array write." CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2798 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2012-2799 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to the "put bit buffer when num_saved_bits is reset." CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2799 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2012-2800 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the ff_ivi_process_empty_tile function in libavcodec/ivi_common.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors in which the "tile size ... mismatches parameters" and triggers "writing into a too small array." CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2800 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2012-2801 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in libavcodec/avs.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to dimensions and "out of array writes." CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2801 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2012-2802 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the ac3_decode_frame function in libavcodec/ac3dec.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to the "number of output channels" and "out of array writes." CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2802 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2012-2803 CVE STATUS: Patched CVE SUMMARY: Double free vulnerability in the mpeg_decode_frame function in libavcodec/mpeg12.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, has unknown impact and attack vectors, related to resetting the data size value. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2803 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2012-2804 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in libavcodec/indeo3.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.5 has unknown impact and attack vectors, related to "reallocation code" and the luma height and width. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2804 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2012-2805 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in FFMPEG 0.10 allows remote attackers to cause a denial of service. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2805 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2012-5359 CVE STATUS: Patched CVE SUMMARY: Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted ASF file. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-5359 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2012-5360 CVE STATUS: Patched CVE SUMMARY: Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted QT file. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-5360 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2012-5361 CVE STATUS: Patched CVE SUMMARY: Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted WMV file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-5361 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2012-6615 CVE STATUS: Patched CVE SUMMARY: The ff_ass_split_override_codes function in libavcodec/ass_split.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a subtitle dialog without text. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6615 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2012-6616 CVE STATUS: Patched CVE SUMMARY: The mov_text_decode_frame function in libavcodec/movtextdec.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via crafted 3GPP TS 26.245 data. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6616 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2012-6617 CVE STATUS: Patched CVE SUMMARY: The prepare_sdp_description function in ffserver.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (crash) via vectors related to the rtp format. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6617 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2012-6618 CVE STATUS: Patched CVE SUMMARY: The av_probe_input_buffer function in libavformat/utils.c in FFmpeg before 1.0.2, when running with certain -probesize values, allows remote attackers to cause a denial of service (crash) via a crafted MP3 file, possibly related to frame size or lack of sufficient "frames to estimate rate." CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6618 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2013-0844 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the adpcm_decode_frame function in libavcodec/adpcm.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via crafted DK4 data, which triggers an out-of-bounds array access. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0844 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2013-0845 CVE STATUS: Patched CVE SUMMARY: libavcodec/alsdec.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via a crafted block length, which triggers an out-of-bounds write. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0845 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2013-0846 CVE STATUS: Patched CVE SUMMARY: Array index error in the qdm2_decode_super_block function in libavcodec/qdm2.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted QDM2 data, which triggers an out-of-bounds array access. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0846 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2013-0847 CVE STATUS: Patched CVE SUMMARY: The ff_id3v2_parse function in libavformat/id3v2.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via ID3v2 header data, which triggers an out-of-bounds array access. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0847 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2013-0848 CVE STATUS: Patched CVE SUMMARY: The decode_init function in libavcodec/huffyuv.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted width in huffyuv data with the predictor set to median and the colorspace set to YUV422P, which triggers an out-of-bounds array access. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0848 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2013-0849 CVE STATUS: Patched CVE SUMMARY: The roq_decode_init function in libavcodec/roqvideodec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted (1) width or (2) height dimension that is not a multiple of sixteen in id RoQ video data. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0849 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2013-0850 CVE STATUS: Patched CVE SUMMARY: The decode_slice_header function in libavcodec/h264.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted H.264 data, which triggers an out-of-bounds array access. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0850 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2013-0851 CVE STATUS: Patched CVE SUMMARY: The decode_frame function in libavcodec/eamad.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted Electronic Arts Madcow video data, which triggers an out-of-bounds array access. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0851 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2013-0852 CVE STATUS: Patched CVE SUMMARY: The parse_picture_segment function in libavcodec/pgssubdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted RLE data, which triggers an out-of-bounds array access. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0852 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2013-0853 CVE STATUS: Patched CVE SUMMARY: The wavpack_decode_frame function in libavcodec/wavpack.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted WavPack data, which triggers an out-of-bounds array access, possibly due to an off-by-one error. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0853 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2013-0854 CVE STATUS: Patched CVE SUMMARY: The mjpeg_decode_scan_progressive_ac function in libavcodec/mjpegdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted MJPEG data. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0854 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2013-0855 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the alac_decode_close function in libavcodec/alac.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a large number of samples per frame in Apple Lossless Audio Codec (ALAC) data, which triggers an out-of-bounds array access. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0855 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2013-0856 CVE STATUS: Patched CVE SUMMARY: The lpc_prediction function in libavcodec/alac.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted Apple Lossless Audio Codec (ALAC) data, related to a large nb_samples value. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0856 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2013-0857 CVE STATUS: Patched CVE SUMMARY: The decode_frame_ilbm function in libavcodec/iff.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted height value in IFF PBM/ILBM bitmap data. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0857 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2013-0858 CVE STATUS: Patched CVE SUMMARY: The atrac3_decode_init function in libavcodec/atrac3.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via ATRAC3 data with the joint stereo coding mode set and fewer than two channels. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0858 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2013-0859 CVE STATUS: Patched CVE SUMMARY: The add_doubles_metadata function in libavcodec/tiff.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a negative or zero count value in a TIFF image, which triggers an out-of-bounds array access. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0859 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2013-0860 CVE STATUS: Patched CVE SUMMARY: The ff_er_frame_end function in libavcodec/error_resilience.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.1 does not properly verify that a frame is fully initialized, which allows remote attackers to trigger a NULL pointer dereference via crafted picture data. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0860 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2013-0861 CVE STATUS: Patched CVE SUMMARY: The avcodec_decode_audio4 function in libavcodec/utils.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.1 allows remote attackers to trigger memory corruption via vectors related to the channel layout. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0861 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2013-0862 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in the process_frame_obj function in libavcodec/sanm.c in FFmpeg before 1.1.2 allow remote attackers to have an unspecified impact via crafted image dimensions in LucasArts Smush video data, which triggers an out-of-bounds array access. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0862 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2013-0863 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the rle_decode function in libavcodec/sanm.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an unspecified impact via crafted LucasArts Smush video data. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0863 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2013-0864 CVE STATUS: Patched CVE SUMMARY: The gif_copy_img_rect function in libavcodec/gifdec.c in FFmpeg before 1.1.2 performs an incorrect calculation for an "end pointer," which allows remote attackers to have an unspecified impact via crafted GIF data that triggers an out-of-bounds array access. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0864 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2013-0865 CVE STATUS: Patched CVE SUMMARY: The vqa_decode_chunk function in libavcodec/vqavideo.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an unspecified impact via a large (1) cbp0 or (2) cbpz chunk in Westwood Studios VQA Video file, which triggers an out-of-bounds write. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0865 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2013-0866 CVE STATUS: Patched CVE SUMMARY: The aac_decode_init function in libavcodec/aacdec.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an unspecified impact via a large number of channels in an AAC file, which triggers an out-of-bounds array access. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0866 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2013-0867 CVE STATUS: Patched CVE SUMMARY: The decode_slice_header function in libavcodec/h264.c in FFmpeg before 1.1.2 does not properly check when the pixel format changes, which allows remote attackers to have unspecified impact via crafted H.264 video data, related to an out-of-bounds array access. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0867 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2013-0868 CVE STATUS: Patched CVE SUMMARY: libavcodec/huffyuvdec.c in FFmpeg before 1.1.2 allows remote attackers to have an unspecified impact via crafted Huffyuv data, related to an out-of-bounds write and (1) unchecked return codes from the init_vlc function and (2) "len==0 cases." CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0868 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2013-0869 CVE STATUS: Patched CVE SUMMARY: The field_end function in libavcodec/h264.c in FFmpeg before 1.1.2 allows remote attackers to have an unspecified impact via crafted H.264 data, related to an SPS and slice mismatch and an out-of-bounds array access. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0869 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2013-0870 CVE STATUS: Patched CVE SUMMARY: The 'vp3_decode_frame' function in FFmpeg 1.1.4 moves threads check out of header packet type check. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0870 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2013-0872 CVE STATUS: Patched CVE SUMMARY: The swr_init function in libswresample/swresample.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via an invalid or unsupported (1) input or (2) output channel layout, related to an out-of-bounds array access. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0872 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2013-0873 CVE STATUS: Patched CVE SUMMARY: The read_header function in libavcodec/shorten.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via an invalid channel count, related to "freeing invalid addresses." CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0873 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2013-0874 CVE STATUS: Patched CVE SUMMARY: The (1) doubles2str and (2) shorts2str functions in libavcodec/tiff.c in FFmpeg before 1.1.3 allow remote attackers to have an unspecified impact via a crafted TIFF image, related to an out-of-bounds array access. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0874 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2013-0875 CVE STATUS: Patched CVE SUMMARY: The ff_add_png_paeth_prediction function in libavcodec/pngdec.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via a crafted PNG image, related to an out-of-bounds array access. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0875 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2013-0876 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in the (1) old_codec37 and (2) old_codec47 functions in libavcodec/sanm.c in FFmpeg before 1.1.3 allow remote attackers to have an unspecified impact via crafted LucasArts Smush data, which triggers an out-of-bounds array access. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0876 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2013-0877 CVE STATUS: Patched CVE SUMMARY: The old_codec37 function in libavcodec/sanm.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via crafted LucasArts Smush data that has a large size when decoded, related to an out-of-bounds array access. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0877 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2013-0878 CVE STATUS: Patched CVE SUMMARY: The advance_line function in libavcodec/targa.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via crafted Targa image data, related to an out-of-bounds array access. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0878 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2013-0894 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the vorbis_parse_setup_hdr_floors function in the Vorbis decoder in vorbisdec.c in libavcodec in FFmpeg through 1.1.3, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds array access) or possibly have unspecified other impact via vectors involving a zero value for a bark map size. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0894 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2013-2276 CVE STATUS: Patched CVE SUMMARY: The avcodec_decode_audio4 function in utils.c in libavcodec in FFmpeg before 1.1.3 does not verify the decoding state before proceeding with certain skip operations, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted audio data. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2276 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2013-2277 CVE STATUS: Patched CVE SUMMARY: The ff_h264_decode_seq_parameter_set function in h264_ps.c in libavcodec in FFmpeg before 1.1.3 does not validate the relationship between luma depth and chroma depth, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted H.264 data. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2277 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2013-2495 CVE STATUS: Patched CVE SUMMARY: The iff_read_header function in iff.c in libavformat in FFmpeg through 1.1.3 does not properly handle data sizes for Interchange File Format (IFF) data during operations involving a CMAP chunk or a video codec, which allows remote attackers to cause a denial of service (integer overflow, out-of-bounds array access, and application crash) or possibly have unspecified other impact via a crafted header. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2495 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2013-2496 CVE STATUS: Patched CVE SUMMARY: The msrle_decode_8_16_24_32 function in msrledec.c in libavcodec in FFmpeg through 1.1.3 does not properly determine certain end pointers, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted Microsoft RLE data. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2496 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2013-3670 CVE STATUS: Patched CVE SUMMARY: The rle_unpack function in vmdav.c in libavcodec in FFmpeg git 20130328 through 20130501 does not properly use the bytestream2 API, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted RLE data. NOTE: the vendor has listed this as an issue fixed in 1.2.1, but the issue is actually in new code that was not shipped with the 1.2.1 release or any earlier release. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-3670 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2013-3671 CVE STATUS: Patched CVE SUMMARY: The format_line function in log.c in libavutil in FFmpeg before 1.2.1 uses inapplicable offset data during a certain category calculation, which allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via crafted data that triggers a log message. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-3671 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2013-3672 CVE STATUS: Patched CVE SUMMARY: The mm_decode_inter function in mmvideo.c in libavcodec in FFmpeg before 1.2.1 does not validate the relationship between a horizontal coordinate and a width value, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted American Laser Games (ALG) MM Video data. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-3672 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2013-3673 CVE STATUS: Patched CVE SUMMARY: The gif_decode_frame function in gifdec.c in libavcodec in FFmpeg before 1.2.1 does not properly manage the disposal methods of frames, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted GIF data. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-3673 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2013-3674 CVE STATUS: Patched CVE SUMMARY: The cdg_decode_frame function in cdgraphics.c in libavcodec in FFmpeg before 1.2.1 does not validate the presence of non-header data in a buffer, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted CD Graphics Video data. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-3674 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2013-3675 CVE STATUS: Patched CVE SUMMARY: The process_frame_obj function in sanm.c in libavcodec in FFmpeg before 1.2.1 does not validate width and height values, which allows remote attackers to cause a denial of service (integer overflow, out-of-bounds array access, and application crash) via crafted LucasArts Smush video data. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-3675 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2013-4263 CVE STATUS: Patched CVE SUMMARY: libavfilter in FFmpeg before 2.0.1 has unspecified impact and remote vectors related to a crafted "plane," which triggers an out-of-bounds heap write. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4263 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2013-4264 CVE STATUS: Patched CVE SUMMARY: The kempf_decode_tile function in libavcodec/g2meet.c in FFmpeg before 2.0.1 allows remote attackers to cause a denial of service (out-of-bounds heap write) via a G2M4 encoded file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4264 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2013-4265 CVE STATUS: Patched CVE SUMMARY: The av_reallocp_array function in libavutil/mem.c in FFmpeg before 2.0.1 has an unspecified impact and remote vectors related to a "wrong return code" and a resultant NULL pointer dereference. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4265 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2013-4358 CVE STATUS: Patched CVE SUMMARY: libavcodec/h264.c in FFmpeg before 0.11.4 allows remote attackers to cause a denial of service (crash) via vectors related to alternating bit depths in H.264 data. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4358 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2013-7008 CVE STATUS: Patched CVE SUMMARY: The decode_slice_header function in libavcodec/h264.c in FFmpeg before 2.1 incorrectly relies on a certain droppable field, which allows remote attackers to cause a denial of service (deadlock) or possibly have unspecified other impact via crafted H.264 data. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-7008 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2013-7009 CVE STATUS: Patched CVE SUMMARY: The rpza_decode_stream function in libavcodec/rpza.c in FFmpeg before 2.1 does not properly maintain a pointer to pixel data, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Apple RPZA data. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-7009 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2013-7010 CVE STATUS: Patched CVE SUMMARY: Multiple integer signedness errors in libavcodec/dsputil.c in FFmpeg before 2.1 allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted data. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-7010 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2013-7011 CVE STATUS: Patched CVE SUMMARY: The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not prevent changes to global parameters, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted FFV1 data. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-7011 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2013-7012 CVE STATUS: Patched CVE SUMMARY: The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not prevent attempts to use non-zero image offsets, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-7012 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2013-7013 CVE STATUS: Patched CVE SUMMARY: The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before 2.1 uses an incorrect ordering of arithmetic operations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Go2Webinar data. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-7013 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2013-7014 CVE STATUS: Patched CVE SUMMARY: Integer signedness error in the add_bytes_l2_c function in libavcodec/pngdsp.c in FFmpeg before 2.1 allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted PNG data. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-7014 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2013-7015 CVE STATUS: Patched CVE SUMMARY: The flashsv_decode_frame function in libavcodec/flashsv.c in FFmpeg before 2.1 does not properly validate a certain height value, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Flash Screen Video data. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-7015 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2013-7016 CVE STATUS: Patched CVE SUMMARY: The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not ensure the expected sample separation, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-7016 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2013-7017 CVE STATUS: Patched CVE SUMMARY: libavcodec/jpeg2000.c in FFmpeg before 2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via crafted JPEG2000 data. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-7017 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2013-7018 CVE STATUS: Patched CVE SUMMARY: libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not ensure the use of valid code-block dimension values, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-7018 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2013-7019 CVE STATUS: Patched CVE SUMMARY: The get_cox function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not properly validate the reduction factor, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-7019 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2013-7020 CVE STATUS: Patched CVE SUMMARY: The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not properly enforce certain bit-count and colorspace constraints, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted FFV1 data. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-7020 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2013-7021 CVE STATUS: Patched CVE SUMMARY: The filter_frame function in libavfilter/vf_fps.c in FFmpeg before 2.1 does not properly ensure the availability of FIFO content, which allows remote attackers to cause a denial of service (double free) or possibly have unspecified other impact via crafted data. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-7021 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2013-7022 CVE STATUS: Patched CVE SUMMARY: The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before 2.1 does not properly allocate memory for tiles, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Go2Webinar data. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-7022 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2013-7023 CVE STATUS: Patched CVE SUMMARY: The ff_combine_frame function in libavcodec/parser.c in FFmpeg before 2.1 does not properly handle certain memory-allocation errors, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted data. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-7023 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2013-7024 CVE STATUS: Patched CVE SUMMARY: The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not consider the component number in certain calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-7024 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2014-125002 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in FFmpeg 2.0. It has been classified as problematic. Affected is the function dnxhd_init_rc of the file libavcodec/dnxhdenc.c. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-125002 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2014-125003 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in FFmpeg 2.0 and classified as problematic. This issue affects the function get_siz of the file libavcodec/jpeg2000dec.c. The manipulation leads to memory corruption. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-125003 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2014-125004 CVE STATUS: Patched CVE SUMMARY: A vulnerability has been found in FFmpeg 2.0 and classified as problematic. This vulnerability affects the function decode_hextile of the file libavcodec/vmnc.c. The manipulation leads to memory corruption. The attack can be initiated remotely. It is recommended to apply a patch to fix this issue. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-125004 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2014-125005 CVE STATUS: Patched CVE SUMMARY: A vulnerability, which was classified as problematic, was found in FFmpeg 2.0. This affects the function decode_vol_header of the file libavcodec/mpeg4videodec.c. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-125005 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2014-125006 CVE STATUS: Patched CVE SUMMARY: A vulnerability, which was classified as problematic, has been found in FFmpeg 2.0. Affected by this issue is the function output_frame of the file libavcodec/h264.c. The manipulation leads to memory corruption. The attack may be launched remotely. It is recommended to apply a patch to fix this issue. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-125006 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2014-125007 CVE STATUS: Patched CVE SUMMARY: A vulnerability classified as problematic was found in FFmpeg 2.0. Affected by this vulnerability is the function intra_pred of the file libavcodec/hevcpred_template.c. The manipulation leads to memory corruption. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-125007 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2014-125008 CVE STATUS: Patched CVE SUMMARY: A vulnerability classified as problematic has been found in FFmpeg 2.0. Affected is the function vorbis_header of the file libavformat/oggparsevorbis.c. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-125008 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2014-125009 CVE STATUS: Patched CVE SUMMARY: A vulnerability classified as problematic has been found in FFmpeg 2.0. This affects the function add_yblock of the file libavcodec/snow.h. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-125009 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2014-125010 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in FFmpeg 2.0. It has been rated as critical. Affected by this issue is the function decode_slice_header of the file libavcodec/h64.c. The manipulation leads to memory corruption. The attack may be launched remotely. It is recommended to apply a patch to fix this issue. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-125010 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2014-125011 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in FFmpeg 2.0. It has been declared as problematic. Affected by this vulnerability is the function decode_frame of the file libavcodec/ansi.c. The manipulation leads to integer coercion error. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-125011 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2014-125012 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in FFmpeg 2.0. It has been classified as problematic. Affected is an unknown function of the file libavcodec/dxtroy.c. The manipulation leads to integer coercion error. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-125012 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2014-125013 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in FFmpeg 2.0 and classified as problematic. This issue affects the function msrle_decode_frame of the file libavcodec/msrle.c. The manipulation leads to memory corruption. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-125013 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2014-125014 CVE STATUS: Patched CVE SUMMARY: A vulnerability classified as problematic was found in FFmpeg 2.0. Affected by this vulnerability is an unknown functionality of the component HEVC Video Decoder. The manipulation leads to memory corruption. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-125014 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2014-125015 CVE STATUS: Patched CVE SUMMARY: A vulnerability classified as critical has been found in FFmpeg 2.0. Affected is the function read_var_block_data. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-125015 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2014-125016 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in FFmpeg 2.0. It has been rated as problematic. This issue affects the function ff_init_buffer_info of the file utils.c. The manipulation leads to memory corruption. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-125016 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2014-125017 CVE STATUS: Patched CVE SUMMARY: A vulnerability classified as critical was found in FFmpeg 2.0. This vulnerability affects the function rpza_decode_stream. The manipulation leads to memory corruption. The attack can be initiated remotely. The name of the patch is Fixes Invalid Writes. It is recommended to apply a patch to fix this issue. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-125017 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2014-125018 CVE STATUS: Patched CVE SUMMARY: A vulnerability, which was classified as problematic, has been found in FFmpeg 2.0. Affected by this issue is the function decode_slice_header. The manipulation leads to memory corruption. The attack may be launched remotely. It is recommended to apply a patch to fix this issue. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-125018 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2014-125019 CVE STATUS: Patched CVE SUMMARY: A vulnerability, which was classified as problematic, was found in FFmpeg 2.0. This affects the function decode_nal_unit of the component Slice Segment Handler. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-125019 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2014-125020 CVE STATUS: Patched CVE SUMMARY: A vulnerability has been found in FFmpeg 2.0 and classified as critical. This vulnerability affects the function decode_update_thread_context. The manipulation leads to memory corruption. The attack can be initiated remotely. It is recommended to apply a patch to fix this issue. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-125020 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2014-125021 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in FFmpeg 2.0 and classified as problematic. This issue affects the function cmv_process_header. The manipulation leads to memory corruption. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-125021 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2014-125022 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in FFmpeg 2.0. It has been classified as problematic. Affected is the function shorten_decode_frame of the component Bitstream Buffer. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-125022 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2014-125023 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in FFmpeg 2.0. It has been declared as problematic. Affected by this vulnerability is the function truemotion1_decode_header of the component Truemotion1 Handler. The manipulation leads to memory corruption. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-125023 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2014-125024 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in FFmpeg 2.0. It has been rated as critical. Affected by this issue is the function lag_decode_frame. The manipulation leads to memory corruption. The attack may be launched remotely. It is recommended to apply a patch to fix this issue. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-125024 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2014-125025 CVE STATUS: Patched CVE SUMMARY: A vulnerability classified as problematic has been found in FFmpeg 2.0. This affects the function decode_pulses. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-125025 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2014-2097 CVE STATUS: Patched CVE SUMMARY: The tak_decode_frame function in libavcodec/takdec.c in FFmpeg before 2.1.4 does not properly validate a certain bits-per-sample value, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted TAK (aka Tom's lossless Audio Kompressor) data. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2097 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2014-2098 CVE STATUS: Patched CVE SUMMARY: libavcodec/wmalosslessdec.c in FFmpeg before 2.1.4 uses an incorrect data-structure size for certain coefficients, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted WMA data. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2098 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2014-2099 CVE STATUS: Patched CVE SUMMARY: The msrle_decode_frame function in libavcodec/msrle.c in FFmpeg before 2.1.4 does not properly calculate line sizes, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Microsoft RLE video data. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2099 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2014-2263 CVE STATUS: Patched CVE SUMMARY: The mpegts_write_pmt function in the MPEG2 transport stream (aka DVB) muxer (libavformat/mpegtsenc.c) in FFmpeg, possibly 2.1 and earlier, allows remote attackers to have unspecified impact and vectors, which trigger an out-of-bounds write. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2263 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2014-4610 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the get_len function in libavutil/lzo.c in FFmpeg before 0.10.14, 1.1.x before 1.1.12, 1.2.x before 1.2.7, 2.0.x before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.4 allows remote attackers to execute arbitrary code via a crafted Literal Run. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-4610 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2014-5271 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the encode_slice function in libavcodec/proresenc_kostya.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.x before 2.2.7, and 2.3.x before 2.3.3 and Libav before 10.5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-5271 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2014-5272 CVE STATUS: Patched CVE SUMMARY: libavcodec/iff.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.2.x before 2.2.7, and 2.3.x before 2.3.2 allows remote attackers to have unspecified impact via a crafted iff image, which triggers an out-of-bounds array access, related to the rgb8 and rgbn formats. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-5272 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2014-7933 CVE STATUS: Patched CVE SUMMARY: Use-after-free vulnerability in the matroska_read_seek function in libavformat/matroskadec.c in FFmpeg before 2.5.1, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Matroska file that triggers improper maintenance of tracks data. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-7933 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2014-7937 CVE STATUS: Patched CVE SUMMARY: Multiple off-by-one errors in libavcodec/vorbisdec.c in FFmpeg before 2.4.2, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Vorbis I data. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-7937 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2014-8541 CVE STATUS: Patched CVE SUMMARY: libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension differences, and not bits-per-pixel differences, when determining whether an image size has changed, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted MJPEG data. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8541 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2014-8542 CVE STATUS: Patched CVE SUMMARY: libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec ID during enforcement of alignment, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted JV data. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8542 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2014-8543 CVE STATUS: Patched CVE SUMMARY: libavcodec/mmvideo.c in FFmpeg before 2.4.2 does not consider all lines of HHV Intra blocks during validation of image height, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted MM video data. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8543 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2014-8544 CVE STATUS: Patched CVE SUMMARY: libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate bits-per-pixel fields, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted TIFF data. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8544 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2014-8545 CVE STATUS: Patched CVE SUMMARY: libavcodec/pngdec.c in FFmpeg before 2.4.2 accepts the monochrome-black format without verifying that the bits-per-pixel value is 1, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted PNG data. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8545 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2014-8546 CVE STATUS: Patched CVE SUMMARY: Integer underflow in libavcodec/cinepak.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Cinepak video data. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8546 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2014-8547 CVE STATUS: Patched CVE SUMMARY: libavcodec/gifdec.c in FFmpeg before 2.4.2 does not properly compute image heights, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted GIF data. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8547 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2014-8548 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in libavcodec/smc.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Quicktime Graphics (aka SMC) video data. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8548 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2014-8549 CVE STATUS: Patched CVE SUMMARY: libavcodec/on2avc.c in FFmpeg before 2.4.2 does not constrain the number of channels to at most 2, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted On2 data. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8549 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2014-9316 CVE STATUS: Patched CVE SUMMARY: The mjpeg_decode_app function in libavcodec/mjpegdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via vectors related to LJIF tags in an MJPEG file. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9316 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2014-9317 CVE STATUS: Patched CVE SUMMARY: The decode_ihdr_chunk function in libavcodec/pngdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via an IDAT before an IHDR in a PNG file. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9317 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2014-9318 CVE STATUS: Patched CVE SUMMARY: The raw_decode function in libavcodec/rawdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via a crafted .cine file that triggers the avpicture_get_size function to return a negative frame size. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9318 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2014-9319 CVE STATUS: Patched CVE SUMMARY: The ff_hevc_decode_nal_sps function in libavcodec/hevc_ps.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted .bit file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9319 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2014-9602 CVE STATUS: Patched CVE SUMMARY: libavcodec/xface.h in FFmpeg before 2.5.2 establishes certain digits and words array dimensions that do not satisfy a required mathematical relationship, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted X-Face image data. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9602 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2014-9603 CVE STATUS: Patched CVE SUMMARY: The vmd_decode function in libavcodec/vmdvideo.c in FFmpeg before 2.5.2 does not validate the relationship between a certain length value and the frame width, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Sierra VMD video data. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9603 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2014-9604 CVE STATUS: Patched CVE SUMMARY: libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for a zero value of a slice height, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Ut Video data, related to the (1) restore_median and (2) restore_median_il functions. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9604 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2014-9676 CVE STATUS: Patched CVE SUMMARY: The seg_write_packet function in libavformat/segment.c in ffmpeg 2.1.4 and earlier does not free the correct memory location, which allows remote attackers to cause a denial of service ("invalid memory handler") and possibly execute arbitrary code via a crafted video that triggers a use after free. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9676 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2015-1208 CVE STATUS: Patched CVE SUMMARY: Integer underflow in the mov_read_default function in libavformat/mov.c in FFmpeg before 2.4.6 allows remote attackers to obtain sensitive information from heap and/or stack memory via a crafted MP4 file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1208 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2015-1872 CVE STATUS: Patched CVE SUMMARY: The ff_mjpeg_decode_sof function in libavcodec/mjpegdec.c in FFmpeg before 2.5.4 does not validate the number of components in a JPEG-LS Start Of Frame segment, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Motion JPEG data. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1872 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2015-3395 CVE STATUS: Patched CVE SUMMARY: The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2 allows remote attackers to have unspecified impact via a crafted image, related to a pixel pointer, which triggers an out-of-bounds array access. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3395 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2015-3417 CVE STATUS: Patched CVE SUMMARY: Use-after-free vulnerability in the ff_h264_free_tables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references H.264 data. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3417 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2015-6761 CVE STATUS: Patched CVE SUMMARY: The update_dimensions function in libavcodec/vp8.c in FFmpeg through 2.8.1, as used in Google Chrome before 46.0.2490.71 and other products, relies on a coefficient-partition count during multi-threaded operation, which allows remote attackers to cause a denial of service (race condition and memory corruption) or possibly have unspecified other impact via a crafted WebM file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-6761 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2015-6818 CVE STATUS: Patched CVE SUMMARY: The decode_ihdr_chunk function in libavcodec/pngdec.c in FFmpeg before 2.7.2 does not enforce uniqueness of the IHDR (aka image header) chunk in a PNG image, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted image with two or more of these chunks. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-6818 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2015-6819 CVE STATUS: Patched CVE SUMMARY: Multiple integer underflows in the ff_mjpeg_decode_frame function in libavcodec/mjpegdec.c in FFmpeg before 2.7.2 allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted MJPEG data. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-6819 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2015-6820 CVE STATUS: Patched CVE SUMMARY: The ff_sbr_apply function in libavcodec/aacsbr.c in FFmpeg before 2.7.2 does not check for a matching AAC frame syntax element before proceeding with Spectral Band Replication calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted AAC data. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-6820 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2015-6821 CVE STATUS: Patched CVE SUMMARY: The ff_mpv_common_init function in libavcodec/mpegvideo.c in FFmpeg before 2.7.2 does not properly maintain the encoding context, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via crafted MPEG data. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-6821 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2015-6822 CVE STATUS: Patched CVE SUMMARY: The destroy_buffers function in libavcodec/sanm.c in FFmpeg before 2.7.2 does not properly maintain height and width values in the video context, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via crafted LucasArts Smush video data. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-6822 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2015-6823 CVE STATUS: Patched CVE SUMMARY: The allocate_buffers function in libavcodec/alac.c in FFmpeg before 2.7.2 does not initialize certain context data, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted Apple Lossless Audio Codec (ALAC) data. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-6823 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2015-6824 CVE STATUS: Patched CVE SUMMARY: The sws_init_context function in libswscale/utils.c in FFmpeg before 2.7.2 does not initialize certain pixbuf data structures, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted video data. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-6824 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2015-6825 CVE STATUS: Patched CVE SUMMARY: The ff_frame_thread_init function in libavcodec/pthread_frame.c in FFmpeg before 2.7.2 mishandles certain memory-allocation failures, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via a crafted file, as demonstrated by an AVI file. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-6825 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2015-6826 CVE STATUS: Patched CVE SUMMARY: The ff_rv34_decode_init_thread_copy function in libavcodec/rv34.c in FFmpeg before 2.7.2 does not initialize certain structure members, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via crafted (1) RV30 or (2) RV40 RealVideo data. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-6826 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2015-8216 CVE STATUS: Patched CVE SUMMARY: The ljpeg_decode_yuv_scan function in libavcodec/mjpegdec.c in FFmpeg before 2.8.2 omits certain width and height checks, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted MJPEG data. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8216 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2015-8217 CVE STATUS: Patched CVE SUMMARY: The ff_hevc_parse_sps function in libavcodec/hevc_ps.c in FFmpeg before 2.8.2 does not validate the Chroma Format Indicator, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted High Efficiency Video Coding (HEVC) data. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8217 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2015-8218 CVE STATUS: Patched CVE SUMMARY: The decode_uncompressed function in libavcodec/faxcompr.c in FFmpeg before 2.8.2 does not validate uncompressed runs, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted CCITT FAX data. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8218 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2015-8219 CVE STATUS: Patched CVE SUMMARY: The init_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.2 does not enforce minimum-value and maximum-value constraints on tile coordinates, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 data. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8219 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2015-8363 CVE STATUS: Patched CVE SUMMARY: The jpeg2000_read_main_headers function in libavcodec/jpeg2000dec.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 does not enforce uniqueness of the SIZ marker in a JPEG 2000 image, which allows remote attackers to cause a denial of service (out-of-bounds heap-memory access) or possibly have unspecified other impact via a crafted image with two or more of these markers. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8363 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2015-8364 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the ff_ivi_init_planes function in libavcodec/ivi.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 allows remote attackers to cause a denial of service (out-of-bounds heap-memory access) or possibly have unspecified other impact via crafted image dimensions in Indeo Video Interactive data. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8364 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2015-8365 CVE STATUS: Patched CVE SUMMARY: The smka_decode_frame function in libavcodec/smacker.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 does not verify that the data size is consistent with the number of channels, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Smacker data. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8365 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2015-8661 CVE STATUS: Patched CVE SUMMARY: The h264_slice_header_init function in libavcodec/h264_slice.c in FFmpeg before 2.8.3 does not validate the relationship between the number of threads and the number of slices, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted H.264 data. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 8.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8661 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2015-8662 CVE STATUS: Patched CVE SUMMARY: The ff_dwt_decode function in libavcodec/jpeg2000dwt.c in FFmpeg before 2.8.4 does not validate the number of decomposition levels before proceeding with Discrete Wavelet Transform decoding, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 data. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 7.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8662 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2015-8663 CVE STATUS: Patched CVE SUMMARY: The ff_get_buffer function in libavcodec/utils.c in FFmpeg before 2.8.4 preserves width and height values after a failure, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .mov file. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 8.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8663 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2016-10190 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote web servers to execute arbitrary code via a negative chunk size in an HTTP response. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10190 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2016-10191 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check for RTMP packet size mismatches. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10191 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2016-10192 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check chunk size. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10192 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2016-1897 CVE STATUS: Patched CVE SUMMARY: FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the concat protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains the first line of a local file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-1897 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2016-1898 CVE STATUS: Patched CVE SUMMARY: FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the subfile protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains an arbitrary line of a local file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-1898 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2016-2213 CVE STATUS: Patched CVE SUMMARY: The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.6 allows remote attackers to cause a denial of service (out-of-bounds array read access) via crafted JPEG 2000 data. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2213 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2016-2326 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the asf_write_packet function in libavformat/asfenc.c in FFmpeg before 2.8.5 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PTS (aka presentation timestamp) value in a .mov file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2326 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2016-2327 CVE STATUS: Patched CVE SUMMARY: libavcodec/pngenc.c in FFmpeg before 2.8.5 uses incorrect line sizes in certain row calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .avi file, related to the apng_encode_frame and encode_apng functions. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2327 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2016-2328 CVE STATUS: Patched CVE SUMMARY: libswscale/swscale_unscaled.c in FFmpeg before 2.8.6 does not validate certain height values, which allows remote attackers to cause a denial of service (out-of-bounds array read access) or possibly have unspecified other impact via a crafted .cine file, related to the bayer_to_rgb24_wrapper and bayer_to_yv12_wrapper functions. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2328 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2016-2329 CVE STATUS: Patched CVE SUMMARY: libavcodec/tiff.c in FFmpeg before 2.8.6 does not properly validate RowsPerStrip values and YCbCr chrominance subsampling factors, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted TIFF file, related to the tiff_decode_tag and decode_frame functions. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2329 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2016-2330 CVE STATUS: Patched CVE SUMMARY: libavcodec/gif.c in FFmpeg before 2.8.6 does not properly calculate a buffer size, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .tga file, related to the gif_image_write_image, gif_encode_init, and gif_encode_close functions. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2330 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2016-3062 CVE STATUS: Patched CVE SUMMARY: The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3062 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2016-6164 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the mov_build_index function in libavformat/mov.c in FFmpeg before 2.8.8, 3.0.x before 3.0.3 and 3.1.x before 3.1.1 allows remote attackers to have unspecified impact via vectors involving sample size. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6164 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2016-6671 CVE STATUS: Patched CVE SUMMARY: The raw_decode function in libavcodec/rawdec.c in FFmpeg before 3.1.2 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted SWF file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6671 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2016-6881 CVE STATUS: Patched CVE SUMMARY: The zlib_refill function in libavformat/swfdec.c in FFmpeg before 3.1.3 allows remote attackers to cause an infinite loop denial of service via a crafted SWF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6881 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2016-6920 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the decode_block function in libavcodec/exr.c in FFmpeg before 3.1.3 allows remote attackers to cause a denial of service (application crash) via vectors involving tile positions. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6920 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2016-7122 CVE STATUS: Patched CVE SUMMARY: The avi_read_nikon function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to infinite loop when it decodes an AVI file that has a crafted 'nctg' structure. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7122 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2016-7450 CVE STATUS: Patched CVE SUMMARY: The ff_log2_16bit_c function in libavutil/intmath.h in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when it decodes a malformed AIFF file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7450 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2016-7502 CVE STATUS: Patched CVE SUMMARY: The cavs_idct8_add_c function in libavcodec/cavsdsp.c in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when decoding with cavs_decode. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7502 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2016-7555 CVE STATUS: Patched CVE SUMMARY: The avi_read_header function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to memory leak when decoding an AVI file that has a crafted "strh" structure. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7555 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2016-7562 CVE STATUS: Patched CVE SUMMARY: The ff_draw_pc_font function in libavcodec/cga_data.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (buffer overflow) via a crafted AVI file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7562 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2016-7785 CVE STATUS: Patched CVE SUMMARY: The avi_read_seek function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7785 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2016-7905 CVE STATUS: Patched CVE SUMMARY: The read_gab2_sub function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (NULL pointer used) via a crafted AVI file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7905 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2016-8595 CVE STATUS: Patched CVE SUMMARY: The gsm_parse function in libavcodec/gsm_parser.c in FFmpeg before 3.1.5 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-8595 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2016-9561 CVE STATUS: Patched CVE SUMMARY: The che_configure function in libavcodec/aacdec_template.c in FFmpeg before 3.2.1 allows remote attackers to cause a denial of service (allocation of huge memory, and being killed by the OS) via a crafted MOV file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9561 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2017-1000460 CVE STATUS: Patched CVE SUMMARY: In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), chromium(56 prior Feb 13, 2017), the return value of init_get_bits is ignored and get_ue_golomb(&gb) is called on an uninitialized get_bits context, which causes a NULL deref exception. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-1000460 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2017-11399 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the ape_decode_frame function in libavcodec/apedec.c in FFmpeg 2.4 through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access and application crash) or possibly have unspecified other impact via a crafted APE file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11399 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2017-11665 CVE STATUS: Patched CVE SUMMARY: The ff_amf_get_field_value function in libavformat/rtmppkt.c in FFmpeg 3.3.2 allows remote RTMP servers to cause a denial of service (Segmentation Violation and application crash) via a crafted stream. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11665 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2017-11719 CVE STATUS: Patched CVE SUMMARY: The dnxhd_decode_header function in libavcodec/dnxhddec.c in FFmpeg 3.0 through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a crafted DNxHD file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11719 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2017-14054 CVE STATUS: Patched CVE SUMMARY: In libavformat/rmdec.c in FFmpeg 3.3.3, a DoS in ivr_read_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted IVR file, which claims a large "len" field in the header but does not contain sufficient backing data, is provided, the first type==4 loop would consume huge CPU resources, since there is no EOF check inside the loop. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14054 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2017-14055 CVE STATUS: Patched CVE SUMMARY: In libavformat/mvdec.c in FFmpeg 3.3.3, a DoS in mv_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MV file, which claims a large "nb_frames" field in the header but does not contain sufficient backing data, is provided, the loop over the frames would consume huge CPU and memory resources, since there is no EOF check inside the loop. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14055 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2017-14056 CVE STATUS: Patched CVE SUMMARY: In libavformat/rl2.c in FFmpeg 3.3.3, a DoS in rl2_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted RL2 file, which claims a large "frame_count" field in the header but does not contain sufficient backing data, is provided, the loops (for offset and size tables) would consume huge CPU and memory resources, since there is no EOF check inside these loops. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14056 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2017-14057 CVE STATUS: Patched CVE SUMMARY: In FFmpeg 3.3.3, a DoS in asf_read_marker() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted ASF file, which claims a large "name_len" or "count" field in the header but does not contain sufficient backing data, is provided, the loops over the name and markers would consume huge CPU and memory resources, since there is no EOF check inside these loops. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14057 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2017-14058 CVE STATUS: Patched CVE SUMMARY: In FFmpeg 2.4 and 3.3.3, the read_data function in libavformat/hls.c does not restrict reload attempts for an insufficient list, which allows remote attackers to cause a denial of service (infinite loop). CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14058 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2017-14059 CVE STATUS: Patched CVE SUMMARY: In FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an EOF check might cause huge CPU and memory consumption. When a crafted CINE file, which claims a large "duration" field in the header but does not contain sufficient backing data, is provided, the image-offset parsing loop would consume huge CPU and memory resources, since there is no EOF check inside the loop. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14059 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2017-14169 CVE STATUS: Patched CVE SUMMARY: In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, an integer signedness error might occur when a crafted file, which claims a large "item_num" field such as 0xffffffff, is provided. As a result, the variable "item_num" turns negative, bypassing the check for a large value. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14169 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2017-14170 CVE STATUS: Patched CVE SUMMARY: In libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, a DoS in mxf_read_index_entry_array() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted MXF file, which claims a large "nb_index_entries" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU resources, since there is no EOF check inside the loop. Moreover, this big loop can be invoked multiple times if there is more than one applicable data segment in the crafted MXF file. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14170 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2017-14171 CVE STATUS: Patched CVE SUMMARY: In libavformat/nsvdec.c in FFmpeg 2.4 and 3.3.3, a DoS in nsv_parse_NSVf_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted NSV file, which claims a large "table_entries_used" field in the header but does not contain sufficient backing data, is provided, the loop over 'table_entries_used' would consume huge CPU resources, since there is no EOF check inside the loop. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14171 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2017-14222 CVE STATUS: Patched CVE SUMMARY: In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MOV file, which claims a large "item_count" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU and memory resources, since there is no EOF check inside the loop. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14222 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2017-14223 CVE STATUS: Patched CVE SUMMARY: In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in asf_build_simple_index() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted ASF file, which claims a large "ict" field in the header but does not contain sufficient backing data, is provided, the for loop would consume huge CPU and memory resources, since there is no EOF check inside the loop. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14223 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2017-14225 CVE STATUS: Patched CVE SUMMARY: The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but callers do not anticipate this, as demonstrated by the avcodec_string function in libavcodec/utils.c, leading to a NULL pointer dereference. (It is also conceivable that there is security relevance for a NULL pointer dereference in av_color_primaries_name calls within the ffprobe command-line program.) CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14225 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2017-14767 CVE STATUS: Patched CVE SUMMARY: The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c in FFmpeg before 3.3.4 mishandles empty sprop-parameter-sets values, which allows remote attackers to cause a denial of service (heap buffer overflow) or possibly have unspecified other impact via a crafted sdp file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14767 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2017-15186 CVE STATUS: Patched CVE SUMMARY: Double free vulnerability in FFmpeg 3.3.4 and earlier allows remote attackers to cause a denial of service via a crafted AVI file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15186 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2017-15672 CVE STATUS: Patched CVE SUMMARY: The read_header function in libavcodec/ffv1dec.c in FFmpeg 2.4 and 3.3.4 and possibly earlier allows remote attackers to have unspecified impact via a crafted MP4 file, which triggers an out-of-bounds read. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15672 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2017-16840 CVE STATUS: Patched CVE SUMMARY: The VC-2 Video Compression encoder in FFmpeg 3.0 and 3.4 allows remote attackers to cause a denial of service (out-of-bounds read) because of incorrect buffer padding for non-Haar wavelets, related to libavcodec/vc2enc.c and libavcodec/vc2enc_dwt.c. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-16840 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2017-17081 CVE STATUS: Patched CVE SUMMARY: The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 2.3 and 3.4 does not properly validate widths and heights, which allows remote attackers to cause a denial of service (integer signedness error and out-of-array read) via a crafted MPEG file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17081 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2017-17555 CVE STATUS: Patched CVE SUMMARY: The swri_audio_convert function in audioconvert.c in FFmpeg libswresample through 3.0.101, as used in FFmpeg 3.4.1, aubio 0.4.6, and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted audio file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17555 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2017-7859 CVE STATUS: Patched CVE SUMMARY: FFmpeg before 2017-03-05 has an out-of-bounds write caused by a heap-based buffer overflow related to the ff_h264_slice_context_init function in libavcodec/h264dec.c. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7859 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2017-7862 CVE STATUS: Patched CVE SUMMARY: FFmpeg before 2017-02-07 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame function in libavcodec/pictordec.c. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7862 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2017-7863 CVE STATUS: Patched CVE SUMMARY: FFmpeg before 2017-02-04 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame_common function in libavcodec/pngdec.c. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7863 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2017-7865 CVE STATUS: Patched CVE SUMMARY: FFmpeg before 2017-01-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the ipvideo_decode_block_opcode_0xA function in libavcodec/interplayvideo.c and the avcodec_align_dimensions2 function in libavcodec/utils.c. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7865 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2017-7866 CVE STATUS: Patched CVE SUMMARY: FFmpeg before 2017-01-23 has an out-of-bounds write caused by a stack-based buffer overflow related to the decode_zbuf function in libavcodec/pngdec.c. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7866 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2017-9608 CVE STATUS: Patched CVE SUMMARY: The dnxhd decoder in FFmpeg before 3.2.6, and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted mov file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9608 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2017-9990 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the color_string_to_rgba function in libavcodec/xpmdec.c in FFmpeg 3.3 before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9990 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2017-9991 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the xwd_decode_frame function in libavcodec/xwddec.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9991 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2017-9992 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9992 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2017-9993 CVE STATUS: Patched CVE SUMMARY: FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streaming filename extensions and demuxer names, which allows attackers to read arbitrary files via crafted playlist data. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9993 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2017-9994 CVE STATUS: Patched CVE SUMMARY: libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not ensure that pix_fmt is set, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the vp8_decode_mb_row_no_filter and pred8x8_128_dc_8_c functions. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9994 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2017-9995 CVE STATUS: Patched CVE SUMMARY: libavcodec/scpr.c in FFmpeg 3.3 before 3.3.1 does not properly validate height and width data, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9995 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2017-9996 CVE STATUS: Patched CVE SUMMARY: The cdxl_decode_frame function in libavcodec/cdxl.c in FFmpeg 2.8.x before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not exclude the CHUNKY format, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9996 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2018-10001 CVE STATUS: Patched CVE SUMMARY: The decode_init function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out of array read) via an AVI file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-10001 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2018-12458 CVE STATUS: Patched CVE SUMMARY: An improper integer type in the mpeg4_encode_gop_header function in libavcodec/mpeg4videoenc.c in FFmpeg 2.8 and 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-12458 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2018-12459 CVE STATUS: Patched CVE SUMMARY: An inconsistent bits-per-sample value in the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c in FFmpeg 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-12459 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2018-12460 CVE STATUS: Patched CVE SUMMARY: libavcodec in FFmpeg 4.0 may trigger a NULL pointer dereference if the studio profile is incorrectly detected while converting a crafted AVI file to MPEG4, leading to a denial of service, related to idctdsp.c and mpegvideo.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-12460 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2018-13300 CVE STATUS: Patched CVE SUMMARY: In FFmpeg 3.2 and 4.0.1, an improper argument (AVCodecParameters) passed to the avpriv_request_sample function in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array read while converting a crafted AVI file to MPEG4, leading to a denial of service and possibly an information disclosure. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 8.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-13300 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2018-13301 CVE STATUS: Patched CVE SUMMARY: In FFmpeg 4.0.1, due to a missing check of a profile value before setting it, the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-13301 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2018-13302 CVE STATUS: Patched CVE SUMMARY: In FFmpeg 4.0.1, improper handling of frame types (other than EAC3_FRAME_TYPE_INDEPENDENT) that have multiple independent substreams in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to a denial of service or possibly unspecified other impact. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-13302 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2018-13303 CVE STATUS: Patched CVE SUMMARY: In FFmpeg 4.0.1, a missing check for failure of a call to init_get_bits8() in the avpriv_ac3_parse_header function in libavcodec/ac3_parser.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-13303 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2018-13304 CVE STATUS: Patched CVE SUMMARY: In libavcodec in FFmpeg 4.0.1, improper maintenance of the consistency between the context profile field and studio_profile in libavcodec may trigger an assertion failure while converting a crafted AVI file to MPEG4, leading to a denial of service, related to error_resilience.c, h263dec.c, and mpeg4videodec.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-13304 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2018-13305 CVE STATUS: Patched CVE SUMMARY: In FFmpeg 4.0.1, due to a missing check for negative values of the mquant variable, the vc1_put_blocks_clamped function in libavcodec/vc1_block.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to an information disclosure or a denial of service. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 8.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-13305 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2018-14394 CVE STATUS: Patched CVE SUMMARY: libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted Waveform audio file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14394 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2018-14395 CVE STATUS: Patched CVE SUMMARY: libavformat/movenc.c in FFmpeg 3.2 and 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted audio file when converting to the MOV audio format. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14395 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2018-15822 CVE STATUS: Patched CVE SUMMARY: The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 2.8 does not check for an empty audio packet, leading to an assertion failure. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-15822 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2018-1999010 CVE STATUS: Patched CVE SUMMARY: FFmpeg before commit cced03dd667a5df6df8fd40d8de0bff477ee02e8 contains multiple out of array access vulnerabilities in the mms protocol that can result in attackers accessing out of bound data. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in cced03dd667a5df6df8fd40d8de0bff477ee02e8 and later. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1999010 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2018-1999011 CVE STATUS: Patched CVE SUMMARY: FFmpeg before commit 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 contains a Buffer Overflow vulnerability in asf_o format demuxer that can result in heap-buffer-overflow that may result in remote code execution. This attack appears to be exploitable via specially crafted ASF file that has to be provided as input to FFmpeg. This vulnerability appears to have been fixed in 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 and later. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1999011 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2018-1999012 CVE STATUS: Patched CVE SUMMARY: FFmpeg before commit 9807d3976be0e92e4ece3b4b1701be894cd7c2e1 contains a CWE-835: Infinite loop vulnerability in pva format demuxer that can result in a Vulnerability that allows attackers to consume excessive amount of resources like CPU and RAM. This attack appear to be exploitable via specially crafted PVA file has to be provided as input. This vulnerability appears to have been fixed in 9807d3976be0e92e4ece3b4b1701be894cd7c2e1 and later. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1999012 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2018-1999013 CVE STATUS: Patched CVE SUMMARY: FFmpeg before commit a7e032a277452366771951e29fd0bf2bd5c029f0 contains a use-after-free vulnerability in the realmedia demuxer that can result in vulnerability allows attacker to read heap memory. This attack appear to be exploitable via specially crafted RM file has to be provided as input. This vulnerability appears to have been fixed in a7e032a277452366771951e29fd0bf2bd5c029f0 and later. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1999013 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2018-1999014 CVE STATUS: Patched CVE SUMMARY: FFmpeg before commit bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 contains an out of array access vulnerability in MXF format demuxer that can result in DoS. This attack appear to be exploitable via specially crafted MXF file which has to be provided as input. This vulnerability appears to have been fixed in bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 and later. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1999014 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2018-1999015 CVE STATUS: Patched CVE SUMMARY: FFmpeg before commit 5aba5b89d0b1d73164d3b81764828bb8b20ff32a contains an out of array read vulnerability in ASF_F format demuxer that can result in heap memory reading. This attack appear to be exploitable via specially crafted ASF file that has to provided as input. This vulnerability appears to have been fixed in 5aba5b89d0b1d73164d3b81764828bb8b20ff32a and later. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1999015 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2018-6392 CVE STATUS: Patched CVE SUMMARY: The filter_slice function in libavfilter/vf_transpose.c in FFmpeg through 3.4.1 allows remote attackers to cause a denial of service (out-of-array access) via a crafted MP4 file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-6392 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2018-6621 CVE STATUS: Patched CVE SUMMARY: The decode_frame function in libavcodec/utvideodec.c in FFmpeg through 3.2 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-6621 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2018-6912 CVE STATUS: Patched CVE SUMMARY: The decode_plane function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-6912 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2018-7557 CVE STATUS: Patched CVE SUMMARY: The decode_init function in libavcodec/utvideodec.c in FFmpeg 2.8 through 3.4.2 allows remote attackers to cause a denial of service (Out of array read) via an AVI file with crafted dimensions within chroma subsampling data. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7557 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2018-7751 CVE STATUS: Patched CVE SUMMARY: The svg_probe function in libavformat/img2dec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (Infinite Loop) via a crafted XML file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7751 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2018-9841 CVE STATUS: Patched CVE SUMMARY: The export function in libavfilter/vf_signature.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a long filename. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9841 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2019-1000016 CVE STATUS: Patched CVE SUMMARY: FFMPEG version 4.1 contains a CWE-129: Improper Validation of Array Index vulnerability in libavcodec/cbs_av1.c that can result in Denial of service. This attack appears to be exploitable via specially crafted AV1 file has to be provided as input. This vulnerability appears to have been fixed in after commit b97a4b658814b2de8b9f2a3bce491c002d34de31. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-1000016 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2019-11338 CVE STATUS: Patched CVE SUMMARY: libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-11338 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2019-11339 CVE STATUS: Patched CVE SUMMARY: The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 before 4.0.4 and 4.1 before 4.1.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via crafted MPEG-4 video data. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-11339 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2019-12730 CVE STATUS: Patched CVE SUMMARY: aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x before 4.1.4 does not check for sscanf failure and consequently allows use of uninitialized variables. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-12730 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2019-13312 CVE STATUS: Patched CVE SUMMARY: block_cmp() in libavcodec/zmbvenc.c in FFmpeg 4.1.3 has a heap-based buffer over-read. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-13312 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2019-13390 CVE STATUS: Patched CVE SUMMARY: In FFmpeg 4.1.3, there is a division by zero at adx_write_trailer in libavformat/rawenc.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-13390 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2019-15942 CVE STATUS: Patched CVE SUMMARY: FFmpeg through 4.2 has a "Conditional jump or move depends on uninitialised value" issue in h2645_parse because alloc_rbsp_buffer in libavcodec/h2645_parse.c mishandles rbsp_buffer. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-15942 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2019-17539 CVE STATUS: Patched CVE SUMMARY: In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-17539 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2019-17542 CVE STATUS: Patched CVE SUMMARY: FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-17542 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2019-9718 CVE STATUS: Patched CVE SUMMARY: In FFmpeg 3.2 and 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because ff_htmlmarkup_to_ass in libavcodec/htmlsubtitles.c has a complex format argument to sscanf. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9718 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2019-9721 CVE STATUS: Patched CVE SUMMARY: A denial of service in the subtitle decoder in FFmpeg 3.2 and 4.1 allows attackers to hog the CPU via a crafted video file in Matroska format, because handle_open_brace in libavcodec/htmlsubtitles.c has a complex format argument to sscanf. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9721 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2020-12284 CVE STATUS: Patched CVE SUMMARY: cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-12284 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2020-13904 CVE STATUS: Patched CVE SUMMARY: FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-13904 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2020-14212 CVE STATUS: Patched CVE SUMMARY: FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_str in libavformat/aviobuf.c because dnn_backend_native.c calls ff_dnn_load_model_native and a certain index check is omitted. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-14212 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2020-20445 CVE STATUS: Patched CVE SUMMARY: FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/lpc.h, which allows a remote malicious user to cause a Denial of Service. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-20445 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2020-20446 CVE STATUS: Patched CVE SUMMARY: FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aacpsy.c, which allows a remote malicious user to cause a Denial of Service. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-20446 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2020-20448 CVE STATUS: Patched CVE SUMMARY: FFmpeg 4.1.3 is affected by a Divide By Zero issue via libavcodec/ratecontrol.c, which allows a remote malicious user to cause a Denial of Service. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-20448 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2020-20450 CVE STATUS: Patched CVE SUMMARY: FFmpeg 4.2 is affected by null pointer dereference passed as argument to libavformat/aviobuf.c, which could cause a Denial of Service. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-20450 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2020-20451 CVE STATUS: Patched CVE SUMMARY: Denial of Service issue in FFmpeg 4.2 due to resource management errors via fftools/cmdutils.c. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-20451 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2020-20453 CVE STATUS: Patched CVE SUMMARY: FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aaccoder, which allows a remote malicious user to cause a Denial of Service CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-20453 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2020-20891 CVE STATUS: Patched CVE SUMMARY: Buffer Overflow vulnerability in function config_input in libavfilter/vf_gblur.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-20891 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2020-20892 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in function filter_frame in libavfilter/vf_lenscorrection.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts due to a division by zero. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-20892 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2020-20896 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in function latm_write_packet in libavformat/latmenc.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts due to a Null pointer dereference. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-20896 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2020-20898 CVE STATUS: Patched CVE SUMMARY: Integer Overflow vulnerability in function filter16_prewitt in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-20898 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2020-20902 CVE STATUS: Patched CVE SUMMARY: A CWE-125: Out-of-bounds read vulnerability exists in long_term_filter function in g729postfilter.c in FFmpeg 4.2.1 during computation of the denominator of pseudo-normalized correlation R'(0), that could result in disclosure of information. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-20902 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2020-21041 CVE STATUS: Patched CVE SUMMARY: Buffer Overflow vulnerability exists in FFmpeg 4.1 via apng_do_inverse_blend in libavcodec/pngenc.c, which could let a remote malicious user cause a Denial of Service CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-21041 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2020-21688 CVE STATUS: Patched CVE SUMMARY: A heap-use-after-free in the av_freep function in libavutil/mem.c of FFmpeg 4.2 allows attackers to execute arbitrary code. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-21688 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2020-21697 CVE STATUS: Patched CVE SUMMARY: A heap-use-after-free in the mpeg_mux_write_packet function in libavformat/mpegenc.c of FFmpeg 4.2 allows to cause a denial of service (DOS) via a crafted avi file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-21697 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2020-22015 CVE STATUS: Patched CVE SUMMARY: Buffer Overflow vulnerability in FFmpeg 4.2 in mov_write_video_tag due to the out of bounds in libavformat/movenc.c, which could let a remote malicious user obtain sensitive information, cause a Denial of Service, or execute arbitrary code. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-22015 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2020-22016 CVE STATUS: Patched CVE SUMMARY: A heap-based Buffer Overflow vulnerability in FFmpeg 4.2 at libavcodec/get_bits.h when writing .mov files, which might lead to memory corruption and other potential consequences. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-22016 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2020-22017 CVE STATUS: Patched CVE SUMMARY: A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at ff_fill_rectangle in libavfilter/drawutils.c, which might lead to memory corruption and other potential consequences. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-22017 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2020-22019 CVE STATUS: Patched CVE SUMMARY: Buffer Overflow vulnerability in FFmpeg 4.2 at convolution_y_10bit in libavfilter/vf_vmafmotion.c, which could let a remote malicious user cause a Denial of Service. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-22019 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2020-22020 CVE STATUS: Patched CVE SUMMARY: Buffer Overflow vulnerability in FFmpeg 4.2 in the build_diff_map function in libavfilter/vf_fieldmatch.c, which could let a remote malicious user cause a Denial of Service. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-22020 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2020-22021 CVE STATUS: Patched CVE SUMMARY: Buffer Overflow vulnerability in FFmpeg 4.2 at filter_edges function in libavfilter/vf_yadif.c, which could let a remote malicious user cause a Denial of Service. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-22021 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2020-22022 CVE STATUS: Patched CVE SUMMARY: A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_fieldorder.c, which might lead to memory corruption and other potential consequences. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-22022 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2020-22023 CVE STATUS: Patched CVE SUMMARY: A heap-based Buffer Overflow vulnerabililty exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_bitplanenoise.c, which might lead to memory corruption and other potential consequences. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-22023 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2020-22024 CVE STATUS: Patched CVE SUMMARY: Buffer Overflow vulnerability in FFmpeg 4.2 at the lagfun_frame16 function in libavfilter/vf_lagfun.c, which could let a remote malicious user cause Denial of Service. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-22024 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2020-22025 CVE STATUS: Patched CVE SUMMARY: A heap-based Buffer Overflow vulnerability exists in gaussian_blur at libavfilter/vf_edgedetect.c, which might lead to memory corruption and other potential consequences. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-22025 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2020-22026 CVE STATUS: Patched CVE SUMMARY: Buffer Overflow vulnerability exists in FFmpeg 4.2 in the config_input function at libavfilter/af_tremolo.c, which could let a remote malicious user cause a Denial of Service. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-22026 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2020-22027 CVE STATUS: Patched CVE SUMMARY: A heap-based Buffer Overflow vulnerability exits in FFmpeg 4.2 in deflate16 at libavfilter/vf_neighbor.c, which might lead to memory corruption and other potential consequences. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-22027 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2020-22028 CVE STATUS: Patched CVE SUMMARY: Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_vertically_8 at libavfilter/vf_avgblur.c, which could cause a remote Denial of Service. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-22028 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2020-22029 CVE STATUS: Patched CVE SUMMARY: A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/vf_colorconstancy.c: in slice_get_derivative, which crossfade_samples_fltp, which might lead to memory corruption and other potential consequences. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-22029 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2020-22030 CVE STATUS: Patched CVE SUMMARY: A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/af_afade.c in crossfade_samples_fltp, which might lead to memory corruption and other potential consequences. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-22030 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2020-22031 CVE STATUS: Patched CVE SUMMARY: A Heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/vf_w3fdif.c in filter16_complex_low, which might lead to memory corruption and other potential consequences. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-22031 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2020-22032 CVE STATUS: Patched CVE SUMMARY: A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavfilter/vf_edgedetect.c in gaussian_blur, which might lead to memory corruption and other potential consequences. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-22032 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2020-22033 CVE STATUS: Patched CVE SUMMARY: A heap-based Buffer Overflow Vulnerability exists FFmpeg 4.2 at libavfilter/vf_vmafmotion.c in convolution_y_8bit, which could let a remote malicious user cause a Denial of Service. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-22033 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2020-22034 CVE STATUS: Patched CVE SUMMARY: A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavfilter/vf_floodfill.c, which might lead to memory corruption and other potential consequences. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-22034 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2020-22035 CVE STATUS: Patched CVE SUMMARY: A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in get_block_row at libavfilter/vf_bm3d.c, which might lead to memory corruption and other potential consequences. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-22035 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2020-22036 CVE STATUS: Patched CVE SUMMARY: A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_intra at libavfilter/vf_bwdif.c, which might lead to memory corruption and other potential consequences. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-22036 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2020-22037 CVE STATUS: Patched CVE SUMMARY: A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in avcodec_alloc_context3 at options.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-22037 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2020-22038 CVE STATUS: Patched CVE SUMMARY: A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_v4l2_m2m_create_context function in v4l2_m2m.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-22038 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2020-22039 CVE STATUS: Patched CVE SUMMARY: A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the inavi_add_ientry function. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-22039 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2020-22040 CVE STATUS: Patched CVE SUMMARY: A Denial of Service vulnerability exists in FFmpeg 4.2 idue to a memory leak in the v_frame_alloc function in frame.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-22040 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2020-22041 CVE STATUS: Patched CVE SUMMARY: A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_buffersrc_add_frame_flags function in buffersrc. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-22041 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2020-22042 CVE STATUS: Patched CVE SUMMARY: A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak is affected by: memory leak in the link_filter_inouts function in libavfilter/graphparser.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-22042 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2020-22043 CVE STATUS: Patched CVE SUMMARY: A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak at the fifo_alloc_common function in libavutil/fifo.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-22043 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2020-22044 CVE STATUS: Patched CVE SUMMARY: A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the url_open_dyn_buf_internal function in libavformat/aviobuf.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-22044 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2020-22046 CVE STATUS: Patched CVE SUMMARY: A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the avpriv_float_dsp_allocl function in libavutil/float_dsp.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-22046 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2020-22048 CVE STATUS: Patched CVE SUMMARY: A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_frame_pool_get function in framepool.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-22048 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2020-22049 CVE STATUS: Patched CVE SUMMARY: A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the wtvfile_open_sector function in wtvdec.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-22049 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2020-22051 CVE STATUS: Patched CVE SUMMARY: A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the filter_frame function in vf_tile.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-22051 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2020-22054 CVE STATUS: Patched CVE SUMMARY: A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_dict_set function in dict.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-22054 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2020-22056 CVE STATUS: Patched CVE SUMMARY: A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the config_input function in af_acrossover.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-22056 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2020-23906 CVE STATUS: Patched CVE SUMMARY: FFmpeg N-98388-g76a3ee996b allows attackers to cause a denial of service (DoS) via a crafted audio file due to insufficient verification of data authenticity. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-23906 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2020-24020 CVE STATUS: Patched CVE SUMMARY: Buffer Overflow vulnerability in FFMpeg 4.2.3 in dnn_execute_layer_pad in libavfilter/dnn/dnn_backend_native_layer_pad.c due to a call to memcpy without length checks, which could let a remote malicious user execute arbitrary code. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-24020 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2020-24995 CVE STATUS: Patched CVE SUMMARY: Buffer overflow vulnerability in sniff_channel_order function in aacdec_template.c in ffmpeg 3.1.2, allows attackers to execute arbitrary code (local). CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-24995 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2020-35964 CVE STATUS: Patched CVE SUMMARY: track_header in libavformat/vividas.c in FFmpeg 4.3.1 has an out-of-bounds write because of incorrect extradata packing. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-35964 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2020-35965 CVE STATUS: Patched CVE SUMMARY: decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perform memset zero operations. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-35965 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2020-36138 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in decode_frame in libavcodec/tiff.c in FFmpeg version 4.3, allows remote attackers to cause a denial of service (DoS). CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-36138 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2021-28429 CVE STATUS: Patched CVE SUMMARY: Integer overflow vulnerability in av_timecode_make_string in libavutil/timecode.c in FFmpeg version 4.3.2, allows local attackers to cause a denial of service (DoS) via crafted .mov file. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-28429 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2021-30123 CVE STATUS: Patched CVE SUMMARY: FFmpeg <=4.3 contains a buffer overflow vulnerability in libavcodec through a crafted file that may lead to remote code execution. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-30123 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2021-33815 CVE STATUS: Patched CVE SUMMARY: dwa_uncompress in libavcodec/exr.c in FFmpeg 4.4 allows an out-of-bounds array access because dc_count is not strictly checked. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-33815 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2021-3566 CVE STATUS: Patched CVE SUMMARY: Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_probe' function assigned to it. By crafting a legitimate "ffconcat" file that references an image, followed by a file the triggers the tty demuxer, the contents of the second file will be copied into the output file verbatim (as long as the `-vcodec copy` option is passed to ffmpeg). CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3566 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2021-38090 CVE STATUS: Patched CVE SUMMARY: Integer Overflow vulnerability in function filter16_roberts in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-38090 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2021-38091 CVE STATUS: Patched CVE SUMMARY: Integer Overflow vulnerability in function filter16_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-38091 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2021-38092 CVE STATUS: Patched CVE SUMMARY: Integer Overflow vulnerability in function filter_prewitt in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-38092 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2021-38093 CVE STATUS: Patched CVE SUMMARY: Integer Overflow vulnerability in function filter_robert in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-38093 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2021-38094 CVE STATUS: Patched CVE SUMMARY: Integer Overflow vulnerability in function filter_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-38094 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2021-38114 CVE STATUS: Patched CVE SUMMARY: libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-38114 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2021-38171 CVE STATUS: Patched CVE SUMMARY: adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-38171 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2021-38291 CVE STATUS: Patched CVE SUMMARY: FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure at src/libavutil/mathematics.c. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-38291 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2022-1475 CVE STATUS: Patched CVE SUMMARY: An integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and before 5.0.1 in g729_parse() in llibavcodec/g729_parser.c when processing a specially crafted file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1475 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2022-2566 CVE STATUS: Patched CVE SUMMARY: A heap out-of-bounds memory write exists in FFMPEG since version 5.1. The size calculation in `build_open_gop_key_points()` goes through all entries in the loop and adds `sc->ctts_data[i].count` to `sc->sample_offsets_count`. This can lead to an integer overflow resulting in a small allocation with `av_calloc()`. An attacker can cause remote code execution via a malicious mp4 file. We recommend upgrading past commit c953baa084607dd1d84c3bfcce3cf6a87c3e6e05 CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2566 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2022-3109 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause a null pointer dereference, impacting availability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3109 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2022-3341 CVE STATUS: Patched CVE SUMMARY: A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() function of libavformat/nutdec.c file. The flaw occurs because the function lacks check of the return value of avformat_new_stream() and triggers the null pointer dereference error, causing an application to crash. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3341 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2022-3964 CVE STATUS: Patched CVE SUMMARY: A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file libavcodec/rpzaenc.c of the component QuickTime RPZA Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. It is possible to initiate the attack remotely. The name of the patch is 92f9b28ed84a77138105475beba16c146bdaf984. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213543. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3964 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2022-3965 CVE STATUS: Patched CVE SUMMARY: A vulnerability classified as problematic was found in ffmpeg. This vulnerability affects the function smc_encode_stream of the file libavcodec/smcenc.c of the component QuickTime Graphics Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. The attack can be initiated remotely. The name of the patch is 13c13109759090b7f7182480d075e13b36ed8edd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213544. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3965 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2022-48434 CVE STATUS: Patched CVE SUMMARY: libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-video SPS change when Direct3D11 is used). CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-48434 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2023-46407 CVE STATUS: Patched CVE SUMMARY: FFmpeg prior to commit bf814 was discovered to contain an out of bounds read via the dist->alphabet_size variable in the read_vlc_prefix() function. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-46407 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2023-47470 CVE STATUS: Patched CVE SUMMARY: Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct function in libavcodec/evc_ps.c CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-47470 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2023-49501 CVE STATUS: Patched CVE SUMMARY: Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the config_eq_output function in the libavfilter/asrc_afirsrc.c:495:30 component. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-49501 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2023-49502 CVE STATUS: Patched CVE SUMMARY: Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the ff_bwdif_filter_intra_c function in the libavfilter/bwdifdsp.c:125:5 component. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-49502 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2023-49528 CVE STATUS: Patched CVE SUMMARY: Buffer Overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, allows a local attacker to execute arbitrary code and cause a denial of service (DoS) via the af_dialoguenhance.c:261:5 in the de_stereo component. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-49528 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2023-50007 CVE STATUS: Patched CVE SUMMARY: Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via theav_samples_set_silence function in thelibavutil/samplefmt.c:260:9 component. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-50007 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2023-50008 CVE STATUS: Patched CVE SUMMARY: Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the av_malloc function in libavutil/mem.c:105:9 component. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-50008 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2024-22860 CVE STATUS: Patched CVE SUMMARY: Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the jpegxl_anim_read_packet component in the JPEG XL Animation decoder. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-22860 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2024-22861 CVE STATUS: Patched CVE SUMMARY: Integer overflow vulnerability in FFmpeg before n6.1, allows attackers to cause a denial of service (DoS) via the avcodec/osq module. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-22861 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2024-22862 CVE STATUS: Patched CVE SUMMARY: Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the JJPEG XL Parser. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-22862 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2024-31578 CVE STATUS: Patched CVE SUMMARY: FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init function. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-31578 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2024-31582 CVE STATUS: Patched CVE SUMMARY: FFmpeg version n6.1 was discovered to contain a heap buffer overflow vulnerability in the draw_block_rectangle function of libavfilter/vf_codecview.c. This vulnerability allows attackers to cause undefined behavior or a Denial of Service (DoS) via crafted input. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-31582 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2024-32230 CVE STATUS: Patched CVE SUMMARY: FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a negative-size-param bug at libavcodec/mpegvideo_enc.c:1216:21 in load_input_picture in FFmpeg7.0 CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-32230 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2024-35365 CVE STATUS: Patched CVE SUMMARY: FFmpeg version n6.1.1 has a double-free vulnerability in the fftools/ffmpeg_mux_init.c component of FFmpeg, specifically within the new_stream_audio function. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-35365 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2024-35366 CVE STATUS: Patched CVE SUMMARY: FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without proper bounds checking. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-35366 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2024-35367 CVE STATUS: Patched CVE SUMMARY: FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dsp_altivec.c, static const vec_s8 h_subpel_filters_outer CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-35367 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2024-35368 CVE STATUS: Patched CVE SUMMARY: FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-35368 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2024-35369 CVE STATUS: Patched CVE SUMMARY: In FFmpeg version n6.1.1, specifically within the avcodec/speexdec.c module, a potential security vulnerability exists due to insufficient validation of certain parameters when parsing Speex codec extradata. This vulnerability could lead to integer overflow conditions, potentially resulting in undefined behavior or crashes during the decoding process. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-35369 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2024-36613 CVE STATUS: Patched CVE SUMMARY: FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library allowing for an integer overflow, potentially resulting in a denial-of-service (DoS) condition or other undefined behavior. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.2 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-36613 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2024-36616 CVE STATUS: Patched CVE SUMMARY: An integer overflow in the component /libavformat/westwood_vqa.c of FFmpeg n6.1.1 allows attackers to cause a denial of service in the application via a crafted VQA file. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-36616 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2024-36617 CVE STATUS: Patched CVE SUMMARY: FFmpeg n6.1.1 has an integer overflow vulnerability in the FFmpeg CAF decoder. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.2 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-36617 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2024-36618 CVE STATUS: Patched CVE SUMMARY: FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library which allows for an integer overflow, potentially resulting in a denial-of-service (DoS) condition. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.2 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-36618 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2024-36619 CVE STATUS: Patched CVE SUMMARY: FFmpeg n6.1.1 has a vulnerability in the WAVARC decoder of the libavcodec library which allows for an integer overflow when handling certain block types, leading to a denial-of-service (DoS) condition. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-36619 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2024-7055 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-273651. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 6.3 CVSS v4 BASE SCORE: 6.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-7055 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2024-7272 CVE STATUS: Patched CVE SUMMARY: A vulnerability, which was classified as critical, was found in FFmpeg up to 5.1.5. This affects the function fill_audiodata of the file /libswresample/swresample.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. This issue was fixed in version 6.0 by 9903ba28c28ab18dc7b7b6fb8571cc8b5caae1a6 but a backport for 5.1 was forgotten. The exploit has been disclosed to the public and may be used. Upgrading to version 5.1.6 and 6.0 9903ba28c28ab18dc7b7b6fb8571cc8b5caae1a6 is able to address this issue. It is recommended to upgrade the affected component. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 6.3 CVSS v4 BASE SCORE: 6.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-7272 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2025-0518 CVE STATUS: Patched CVE SUMMARY: Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associated with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C . This issue affects FFmpeg: 7.1. Issue was fixed:  https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a This issue was discovered by: Simcha Kosman CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 4.8 VECTOR: NETWORK VECTORSTRING: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-0518 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2025-22919 CVE STATUS: Patched CVE SUMMARY: A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 allows attackers to cause a Denial of Service (DoS) via opening a crafted AAC file. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-22919 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2025-22921 CVE STATUS: Patched CVE SUMMARY: FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000dec.c. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-22921 LAYER: meta PACKAGE NAME: ffmpeg PACKAGE VERSION: 6.1.1 CVE: CVE-2025-25473 CVE STATUS: Patched CVE SUMMARY: FFmpeg git master before commit c08d30 was discovered to contain a NULL pointer dereference via the component libavformat/mov.c. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-25473 LAYER: meta PACKAGE NAME: strace PACKAGE VERSION: 6.7 CVE: CVE-2000-0006 CVE STATUS: Ignored CVE DETAIL: upstream-wontfix CVE DESCRIPTION: CVE is more than 20 years old with no resolution evident. Broken links in CVE database references make resolution impractical. CVE SUMMARY: strace allows local users to read arbitrary files via memory mapped file names. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2000-0006 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2002-1119 CVE STATUS: Patched CVE SUMMARY: os._execvpe from os.py in Python 2.2.1 and earlier creates temporary files with predictable names, which could allow local users to execute arbitrary code via a symlink attack. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-1119 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2004-0150 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the getaddrinfo function in Python 2.2 before 2.2.2, when IPv6 support is disabled, allows remote attackers to execute arbitrary code via an IPv6 address that is obtained using DNS. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0150 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2005-0089 CVE STATUS: Patched CVE SUMMARY: The SimpleXMLRPCServer library module in Python 2.2, 2.3 before 2.3.5, and 2.4, when used by XML-RPC servers that use the register_instance method to register an object without a _dispatch method, allows remote attackers to read or modify globals of the associated module, and possibly execute arbitrary code, via dotted attributes. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-0089 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2006-1542 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in Python 2.4.2 and earlier, running on Linux 2.6.12.5 under gcc 4.0.3 with libc 2.3.5, allows local users to cause a "stack overflow," and possibly gain privileges, by running a script from a current working directory that has a long name, related to the realpath function. NOTE: this might not be a vulnerability. However, the fact that it appears in a programming language interpreter could mean that some applications are affected, although attack scenarios might be limited because the attacker might already need to cross privilege boundaries to cause an exploitable program to be placed in a directory with a long name; or, depending on the method that Python uses to determine the current working directory, setuid applications might be affected. CVSS v2 BASE SCORE: 3.7 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-1542 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2006-4980 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the repr function in Python 2.3 through 2.6 before 20060822 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via crafted wide character UTF-32/UCS-4 strings to certain scripts. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-4980 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2007-1657 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the file_compress function in minigzip (Modules/zlib) in Python 2.5 allows context-dependent attackers to execute arbitrary code via a long file argument. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-1657 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2007-2052 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-2052 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2007-4559 CVE STATUS: Ignored CVE DETAIL: disputed CVE DESCRIPTION: Upstream consider this expected behaviour CVE SUMMARY: Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-4559 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2007-4965 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-4965 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2008-1679 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in imageop.c in Python before 2.5.3 allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows. NOTE: this issue is due to an incomplete fix for CVE-2007-4965. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1679 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2008-1721 CVE STATUS: Patched CVE SUMMARY: Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1721 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2008-1887 CVE STATUS: Patched CVE SUMMARY: Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyString_FromStringAndSize function, which allocates less memory than expected when assert() is disabled and triggers a buffer overflow. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1887 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2008-2315 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule modules. NOTE: The expandtabs integer overflows in stringobject and unicodeobject in 2.5.2 are covered by CVE-2008-5031. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-2315 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2008-2316 CVE STATUS: Patched CVE SUMMARY: Integer overflow in _hashopenssl.c in the hashlib module in Python 2.5.2 and earlier might allow context-dependent attackers to defeat cryptographic digests, related to "partial hashlib hashing of data exceeding 4GB." CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-2316 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2008-3142 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in Python 2.5.2 and earlier on 32bit platforms allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a long string that leads to incorrect memory allocation during Unicode string processing, related to the unicode_resize function and the PyMem_RESIZE macro. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3142 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2008-3143 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in Python before 2.5.2 might allow context-dependent attackers to have an unknown impact via vectors related to (1) Include/pymem.h; (2) _csv.c, (3) _struct.c, (4) arraymodule.c, (5) audioop.c, (6) binascii.c, (7) cPickle.c, (8) cStringIO.c, (9) cjkcodecs/multibytecodec.c, (10) datetimemodule.c, (11) md5.c, (12) rgbimgmodule.c, and (13) stropmodule.c in Modules/; (14) bufferobject.c, (15) listobject.c, and (16) obmalloc.c in Objects/; (17) Parser/node.c; and (18) asdl.c, (19) ast.c, (20) bltinmodule.c, and (21) compile.c in Python/, as addressed by "checks for integer overflows, contributed by Google." CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3143 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2008-3144 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in the PyOS_vsnprintf function in Python/mysnprintf.c in Python 2.5.2 and earlier allow context-dependent attackers to cause a denial of service (memory corruption) or have unspecified other impact via crafted input to string formatting operations. NOTE: the handling of certain integer values is also affected by related integer underflows and an off-by-one error. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3144 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2008-4108 CVE STATUS: Patched CVE SUMMARY: Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) in Python 2.4.5 might allow local users to overwrite arbitrary files via a symlink attack on a tmp$RANDOM.tmp temporary file. NOTE: there may not be common usage scenarios in which tmp$RANDOM.tmp is located in an untrusted directory. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-4108 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2008-4864 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer overflow, a different vulnerability than CVE-2007-4965 and CVE-2008-1679. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-4864 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2008-5031 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_expandtabs function in Objects/stringobject.c and (2) the unicode_expandtabs function in Objects/unicodeobject.c. NOTE: this vulnerability reportedly exists because of an incomplete fix for CVE-2008-2315. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-5031 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2008-5983 CVE STATUS: Patched CVE SUMMARY: Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse Python file in the current working directory. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-5983 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2009-4134 CVE STATUS: Patched CVE SUMMARY: Buffer underflow in the rgbimg module in Python 2.5 allows remote attackers to cause a denial of service (application crash) via a large ZSIZE value in a black-and-white (aka B/W) RGB image that triggers an invalid pointer dereference. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-4134 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2010-1449 CVE STATUS: Patched CVE SUMMARY: Integer overflow in rgbimgmodule.c in the rgbimg module in Python 2.5 allows remote attackers to have an unspecified impact via a large image that triggers a buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-3143.12. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-1449 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2010-1450 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in the RLE decoder in the rgbimg module in Python 2.5 allow remote attackers to have an unspecified impact via an image file containing crafted data that triggers improper processing within the (1) longimagedata or (2) expandrow function. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-1450 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2010-1634 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a denial of service (application crash) via a large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the first argument, leading to a buffer overflow. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3143.5. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-1634 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2010-2089 CVE STATUS: Patched CVE SUMMARY: The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one-byte string, a different vulnerability than CVE-2010-1634. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2089 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2010-3492 CVE STATUS: Patched CVE SUMMARY: The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remote attackers to conduct denial of service attacks that terminate these applications via network connections. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-3492 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2010-3493 CVE STATUS: Patched CVE SUMMARY: Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername function having an ENOTCONN error, a related issue to CVE-2010-3492. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-3493 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2011-1015 CVE STATUS: Patched CVE SUMMARY: The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / (slash) character at the beginning of the URI. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1015 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2011-1521 CVE STATUS: Patched CVE SUMMARY: The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1521 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2011-4940 CVE STATUS: Patched CVE SUMMARY: The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-4940 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2011-4944 CVE STATUS: Patched CVE SUMMARY: Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-4944 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2012-0845 CVE STATUS: Patched CVE SUMMARY: SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0845 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2012-0876 CVE STATUS: Patched CVE SUMMARY: The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0876 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2012-1150 CVE STATUS: Patched CVE SUMMARY: Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1150 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2012-2135 CVE STATUS: Patched CVE SUMMARY: The utf-16 decoder in Python 3.1 through 3.3 does not update the aligned_end variable after calling the unicode_decode_call_errorhandler function, which allows remote attackers to obtain sensitive information (process memory) or cause a denial of service (memory corruption and crash) via unspecified vectors. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2135 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2013-0340 CVE STATUS: Patched CVE SUMMARY: expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0340 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2013-1753 CVE STATUS: Patched CVE SUMMARY: The gzip_decode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP request. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1753 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2013-2099 CVE STATUS: Patched CVE SUMMARY: Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote attackers to cause a denial of service (CPU consumption) via multiple wildcard characters in the common name in a certificate. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2099 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2013-4238 CVE STATUS: Patched CVE SUMMARY: The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4238 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2013-7040 CVE STATUS: Patched CVE SUMMARY: Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-7040 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2013-7338 CVE STATUS: Patched CVE SUMMARY: Python before 3.3.4 RC1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a file size value larger than the size of the zip file to the (1) ZipExtFile.read, (2) ZipExtFile.read(n), (3) ZipExtFile.readlines, (4) ZipFile.extract, or (5) ZipFile.extractall function. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-7338 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2013-7440 CVE STATUS: Patched CVE SUMMARY: The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-7440 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2014-0224 CVE STATUS: Patched CVE SUMMARY: OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 7.4 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0224 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2014-1912 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-1912 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2014-2667 CVE STATUS: Patched CVE SUMMARY: Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging a separate application vulnerability before the umask has been set to the expected value. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2667 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2014-4616 CVE STATUS: Patched CVE SUMMARY: Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-4616 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2014-4650 CVE STATUS: Patched CVE SUMMARY: The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-4650 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2014-7185 CVE STATUS: Patched CVE SUMMARY: Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-7185 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2014-9365 CVE STATUS: Patched CVE SUMMARY: The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust store or verify that the server hostname matches a domain name in the subject's (b) Common Name or (c) subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9365 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2015-1283 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1283 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2015-20107 CVE STATUS: Ignored CVE DETAIL: upstream-wontfix CVE DESCRIPTION: The mailcap module is insecure by design, so this can't be fixed in a meaningful way CVE SUMMARY: In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9 CVSS v2 BASE SCORE: 8.0 CVSS v3 BASE SCORE: 7.6 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:C/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-20107 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2015-5652 CVE STATUS: Patched CVE SUMMARY: Untrusted search path vulnerability in python.exe in Python through 3.5.0 on Windows allows local users to gain privileges via a Trojan horse readline.pyd file in the current working directory. NOTE: the vendor says "It was determined that this is a longtime behavior of Python that cannot really be altered at this point." CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5652 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2016-0718 CVE STATUS: Patched CVE SUMMARY: Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-0718 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2016-0772 CVE STATUS: Patched CVE SUMMARY: The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack." CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-0772 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2016-1000110 CVE STATUS: Patched CVE SUMMARY: The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 6.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-1000110 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2016-2183 CVE STATUS: Patched CVE SUMMARY: The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2183 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2016-3189 CVE STATUS: Patched CVE SUMMARY: Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3189 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2016-4472 CVE STATUS: Patched CVE SUMMARY: The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4472 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2016-5636 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5636 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2016-5699 CVE STATUS: Patched CVE SUMMARY: CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5699 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2016-9063 CVE STATUS: Patched CVE SUMMARY: An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9063 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2017-1000158 CVE STATUS: Patched CVE SUMMARY: CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution) CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-1000158 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2017-17522 CVE STATUS: Patched CVE SUMMARY: Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that exploitation is impossible because the code relies on subprocess.Popen and the default shell=False setting CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17522 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2017-18207 CVE STATUS: Patched CVE SUMMARY: The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted wav format audio file. NOTE: the vendor disputes this issue because Python applications "need to be prepared to handle a wide variety of exceptions. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-18207 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2017-20052 CVE STATUS: Patched CVE SUMMARY: A vulnerability classified as problematic was found in Python 2.7.13. This vulnerability affects unknown code of the component pgAdmin4. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 5.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-20052 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2017-9233 CVE STATUS: Patched CVE SUMMARY: XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9233 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2018-1000030 CVE STATUS: Patched CVE SUMMARY: Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3->Malloc->Thread1->Free's->Thread2-Re-uses-Free'd Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 3.6 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000030 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2018-1000117 CVE STATUS: Patched CVE SUMMARY: Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink() function on Windows that can result in Arbitrary code execution, likely escalation of privilege. This attack appears to be exploitable via a python script that creates a symlink with an attacker controlled name or location. This vulnerability appears to have been fixed in 3.7.0 and 3.6.5. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 6.7 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000117 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2018-1000802 CVE STATUS: Patched CVE SUMMARY: Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive. This attack appear to be exploitable via Passage of unfiltered user input to the function. This vulnerability appears to have been fixed in after commit add531a1e55b0a739b0f42582f1c9747e5649ace. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000802 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2018-1060 CVE STATUS: Patched CVE SUMMARY: python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 4.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1060 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2018-1061 CVE STATUS: Patched CVE SUMMARY: python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1061 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2018-14647 CVE STATUS: Patched CVE SUMMARY: Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14647 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2018-20406 CVE STATUS: Patched CVE SUMMARY: Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of data. This issue is fixed in: v3.4.10, v3.4.10rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.7rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.7, v3.6.7rc1, v3.6.7rc2, v3.6.8, v3.6.8rc1, v3.6.9, v3.6.9rc1; v3.7.1, v3.7.1rc1, v3.7.1rc2, v3.7.2, v3.7.2rc1, v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20406 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2018-20852 CVE STATUS: Patched CVE SUMMARY: http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20852 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2018-25032 CVE STATUS: Patched CVE SUMMARY: zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-25032 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2019-10160 CVE STATUS: Patched CVE SUMMARY: A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-10160 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2019-12900 CVE STATUS: Patched CVE SUMMARY: BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-12900 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2019-13404 CVE STATUS: Patched CVE SUMMARY: The MSI installer for Python through 2.7.16 on Windows defaults to the C:\Python27 directory, which makes it easier for local users to deploy Trojan horse code. (This also affects old 3.x releases before 3.5.) NOTE: the vendor's position is that it is the user's responsibility to ensure C:\Python27 access control or choose a different directory, because backwards compatibility requires that C:\Python27 remain the default for 2.7.x CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-13404 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2019-15903 CVE STATUS: Patched CVE SUMMARY: In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-15903 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2019-16056 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-16056 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2019-16935 CVE STATUS: Patched CVE SUMMARY: The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-16935 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2019-17514 CVE STATUS: Patched CVE SUMMARY: library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross application domains, and thus it is likely that security-relevant code elsewhere is affected. This issue is not a Python implementation bug, and there are no reports that NMR researchers were specifically relying on library/glob.html. In other words, because the older documentation stated "finds all the pathnames matching a specified pattern according to the rules used by the Unix shell," one might have incorrectly inferred that the sorting that occurs in a Unix shell also occurred for glob.glob. There is a workaround in newer versions of Willoughby nmr-data_compilation-p2.py and nmr-data_compilation-p3.py, which call sort() directly. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-17514 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2019-18348 CVE STATUS: Ignored CVE DETAIL: not-applicable-config CVE DESCRIPTION: This is not exploitable when glibc has CVE-2016-10739 fixed CVE SUMMARY: An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the host component of a URL) followed by an HTTP header. This is similar to the CVE-2019-9740 query string issue and the CVE-2019-9947 path string issue. (This is not exploitable when glibc has CVE-2016-10739 fixed.). This is fixed in: v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1; v3.6.11, v3.6.11rc1, v3.6.12; v3.7.8, v3.7.8rc1, v3.7.9; v3.8.3, v3.8.3rc1, v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-18348 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2019-20907 CVE STATUS: Patched CVE SUMMARY: In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-20907 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2019-5010 CVE STATUS: Patched CVE SUMMARY: An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-5010 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2019-9636 CVE STATUS: Patched CVE SUMMARY: Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9636 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2019-9674 CVE STATUS: Patched CVE SUMMARY: Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9674 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2019-9740 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9740 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2019-9947 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9947 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2019-9948 CVE STATUS: Patched CVE SUMMARY: urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9948 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2020-10735 CVE STATUS: Patched CVE SUMMARY: A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-10735 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2020-14422 CVE STATUS: Patched CVE SUMMARY: Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created. This is fixed in: v3.5.10, v3.5.10rc1; v3.6.12; v3.7.9; v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1; v3.9.0, v3.9.0b4, v3.9.0b5, v3.9.0rc1, v3.9.0rc2. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-14422 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2020-15523 CVE STATUS: Ignored CVE DETAIL: not-applicable-platform CVE DESCRIPTION: Issue only applies on Windows CVE SUMMARY: In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading (after Py_SetPath has been used). NOTE: this issue CANNOT occur when using python.exe from a standard (non-embedded) Python installation on Windows. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-15523 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2020-15801 CVE STATUS: Patched CVE SUMMARY: In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The ._pth file (e.g., the python._pth file) is not affected. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-15801 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2020-26116 CVE STATUS: Patched CVE SUMMARY: http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 7.2 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-26116 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2020-27619 CVE STATUS: Patched CVE SUMMARY: In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-27619 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2020-8315 CVE STATUS: Patched CVE SUMMARY: In Python (CPython) 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1, an insecure dependency load upon launch on Windows 7 may result in an attacker's copy of api-ms-win-core-path-l1-1-0.dll being loaded and used instead of the system's copy. Windows 8 and later are unaffected. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-8315 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2020-8492 CVE STATUS: Patched CVE SUMMARY: Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-8492 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2021-23336 CVE STATUS: Patched CVE SUMMARY: The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-23336 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2021-28861 CVE STATUS: Patched CVE SUMMARY: Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks." CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.4 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-28861 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2021-29921 CVE STATUS: Patched CVE SUMMARY: In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-29921 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2021-3177 CVE STATUS: Patched CVE SUMMARY: Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3177 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2021-3426 CVE STATUS: Patched CVE SUMMARY: There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7. CVSS v2 BASE SCORE: 2.7 CVSS v3 BASE SCORE: 5.7 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:S/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3426 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2021-3733 CVE STATUS: Patched CVE SUMMARY: There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3733 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2021-3737 CVE STATUS: Patched CVE SUMMARY: A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3737 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2021-4189 CVE STATUS: Patched CVE SUMMARY: A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4189 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2022-0391 CVE STATUS: Patched CVE SUMMARY: A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0391 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2022-26488 CVE STATUS: Ignored CVE DETAIL: not-applicable-platform CVE DESCRIPTION: Issue only applies on Windows CVE SUMMARY: In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to the system search path. To exploit, an administrator must have installed Python for all users and enabled PATH entries. A non-administrative user can trigger a repair that incorrectly adds user-writable paths into PATH, enabling search-path hijacking of other users and system services. This affects Python (CPython) through 3.7.12, 3.8.x through 3.8.12, 3.9.x through 3.9.10, and 3.10.x through 3.10.2. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 7.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-26488 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2022-37454 CVE STATUS: Patched CVE SUMMARY: The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-37454 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2022-42919 CVE STATUS: Patched CVE SUMMARY: Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means any user on the same machine. Pickles can execute arbitrary code. Thus, this allows for local user privilege escalation to the user that any forkserver process is running as. Setting multiprocessing.util.abstract_sockets_supported to False is a workaround. The forkserver start method for multiprocessing is not the default start method. This issue is Linux specific because only Linux supports abstract namespace sockets. CPython before 3.9 does not make use of Linux abstract namespace sockets by default. Support for users manually specifying an abstract namespace socket was added as a bugfix in 3.7.8 and 3.8.3, but users would need to make specific uncommon API calls in order to do that in CPython before 3.9. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-42919 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2022-45061 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-45061 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2022-48560 CVE STATUS: Patched CVE SUMMARY: A use-after-free exists in Python through 3.9 via heappushpop in heapq. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-48560 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2022-48564 CVE STATUS: Patched CVE SUMMARY: read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-48564 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2022-48565 CVE STATUS: Patched CVE SUMMARY: An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-48565 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2022-48566 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-48566 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2023-24329 CVE STATUS: Patched CVE SUMMARY: An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-24329 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2023-27043 CVE STATUS: Patched CVE SUMMARY: The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-27043 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2023-33595 CVE STATUS: Patched CVE SUMMARY: CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function ascii_decode at /Objects/unicodeobject.c. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-33595 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2023-36632 CVE STATUS: Ignored CVE DETAIL: disputed CVE DESCRIPTION: Not an issue, in fact expected behaviour CVE SUMMARY: The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address. NOTE: email.utils.parseaddr is categorized as a Legacy API in the documentation of the Python email package. Applications should instead use the email.parser.BytesParser or email.parser.Parser class. NOTE: the vendor's perspective is that this is neither a vulnerability nor a bug. The email package is intended to have size limits and to throw an exception when limits are exceeded; they were exceeded by the example demonstration code. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-36632 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2023-38898 CVE STATUS: Patched CVE SUMMARY: An issue in Python cpython v.3.7 allows an attacker to obtain sensitive information via the _asyncio._swap_current_task component. NOTE: this is disputed by the vendor because (1) neither 3.7 nor any other release is affected (it is a bug in some 3.12 pre-releases); (2) there are no common scenarios in which an adversary can call _asyncio._swap_current_task but does not already have the ability to call arbitrary functions; and (3) there are no common scenarios in which sensitive information, which is not already accessible to an adversary, becomes accessible through this bug. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-38898 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2023-40217 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.) CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-40217 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2023-41105 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-41105 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2023-6507 CVE STATUS: Patched CVE SUMMARY: An issue was found in CPython 3.12.0 `subprocess` module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the `extra_groups=` parameter with an empty list as a value (ie `extra_groups=[]`) the logic regressed to not call `setgroups(0, NULL)` before calling `exec()`, thus not dropping the original processes' groups before starting the new process. There is no issue when the parameter isn't used or when any value is used besides an empty list. This issue only impacts CPython processes run with sufficient privilege to make the `setgroups` system call (typically `root`). CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.1 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-6507 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2024-6232 CVE STATUS: Patched CVE SUMMARY: There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-6232 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2024-7592 CVE STATUS: Patched CVE SUMMARY: There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-7592 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.9 CVE: CVE-2024-9287 CVE STATUS: Patched CVE SUMMARY: A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source venv/bin/activate"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren't activated before being used (ie "./venv/bin/python") are not affected. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 5.3 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-9287 LAYER: meta PACKAGE NAME: iproute2 PACKAGE VERSION: 6.7.0 CVE: CVE-2012-1088 CVE STATUS: Patched CVE SUMMARY: iproute2 before 3.3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file used by (1) configure or (2) examples/dhcp-client-script. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1088 LAYER: meta PACKAGE NAME: iproute2 PACKAGE VERSION: 6.7.0 CVE: CVE-2019-20795 CVE STATUS: Patched CVE SUMMARY: iproute2 before 5.1.0 has a use-after-free in get_netnsid_from_name in ip/ipnetns.c. NOTE: security relevance may be limited to certain uses of setuid that, although not a default, are sometimes a configuration option offered to end users. Even when setuid is used, other factors (such as C library configuration) may block exploitability. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 4.4 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-20795 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2008-5516 CVE STATUS: Patched CVE SUMMARY: The web interface in git (gitweb) 1.5.x before 1.5.5 allows remote attackers to execute arbitrary commands via shell metacharacters related to git_search. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-5516 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2010-2542 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the is_git_directory function in setup.c in Git before 1.7.2.1 allows local users to gain privileges via a long gitdir: field in a .git file in a working copy. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2542 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2010-3906 CVE STATUS: Patched CVE SUMMARY: Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) f and (2) fp parameters. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-3906 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2013-0308 CVE STATUS: Patched CVE SUMMARY: The imap-send command in GIT before 1.8.1.4 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0308 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2014-9390 CVE STATUS: Patched CVE SUMMARY: Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9390 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2014-9938 CVE STATUS: Patched CVE SUMMARY: contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9938 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2016-2315 CVE STATUS: Patched CVE SUMMARY: revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2315 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2016-2324 CVE STATUS: Patched CVE SUMMARY: Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2324 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2017-1000117 CVE STATUS: Patched CVE SUMMARY: A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-1000117 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2017-14867 CVE STATUS: Patched CVE SUMMARY: Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support. CVSS v2 BASE SCORE: 9.0 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14867 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2017-15298 CVE STATUS: Patched CVE SUMMARY: Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service (memory consumption) via a crafted repository, aka a Git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its attempt to build the data structure in memory before writing to disk. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15298 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2018-1000021 CVE STATUS: Patched CVE SUMMARY: GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack). CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 5.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000021 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2018-11233 CVE STATUS: Patched CVE SUMMARY: In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11233 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2018-11235 CVE STATUS: Patched CVE SUMMARY: In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11235 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2018-17456 CVE STATUS: Patched CVE SUMMARY: Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-17456 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2018-19486 CVE STATUS: Patched CVE SUMMARY: Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19486 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2019-1348 CVE STATUS: Patched CVE SUMMARY: An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 3.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-1348 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2019-1353 CVE STATUS: Patched CVE SUMMARY: An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as "WSL") while accessing a working directory on a regular Windows drive, none of the NTFS protections were active. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-1353 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2019-1387 CVE STATUS: Patched CVE SUMMARY: An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-1387 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2019-19604 CVE STATUS: Patched CVE SUMMARY: Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-19604 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2020-11008 CVE STATUS: Patched CVE SUMMARY: Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open for an exploit where _some_ credential is leaked (but the attacker cannot control which one). Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that are considered illegal as of the recently published Git versions can cause Git to send a "blank" pattern to helpers, missing hostname and protocol fields. Many helpers will interpret this as matching _any_ URL, and will return some unspecified stored password, leaking the password to an attacker's server. The vulnerability can be triggered by feeding a malicious URL to `git clone`. However, the affected URLs look rather suspicious; the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The root of the problem is in Git itself, which should not be feeding blank input to helpers. However, the ability to exploit the vulnerability in practice depends on which helpers are in use. Credential helpers which are known to trigger the vulnerability: - Git's "store" helper - Git's "cache" helper - the "osxkeychain" helper that ships in Git's "contrib" directory Credential helpers which are known to be safe even with vulnerable versions of Git: - Git Credential Manager for Windows Any helper not in this list should be assumed to trigger the vulnerability. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 4.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-11008 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2020-5260 CVE STATUS: Patched CVE SUMMARY: Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that contain an encoded newline can inject unintended values into the credential helper protocol stream, causing the credential helper to retrieve the password for one server (e.g., good.example.com) for an HTTP request being made to another server (e.g., evil.example.com), resulting in credentials for the former being sent to the latter. There are no restrictions on the relationship between the two, meaning that an attacker can craft a URL that will present stored credentials for any host to a host of their choosing. The vulnerability can be triggered by feeding a malicious URL to git clone. However, the affected URLs look rather suspicious; the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The problem has been patched in the versions published on April 14th, 2020, going back to v2.17.x. Anyone wishing to backport the change further can do so by applying commit 9a6bbee (the full release includes extra checks for git fsck, but that commit is sufficient to protect clients against the vulnerability). The patched versions are: 2.17.4, 2.18.3, 2.19.4, 2.20.3, 2.21.2, 2.22.3, 2.23.2, 2.24.2, 2.25.3, 2.26.1. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 9.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-5260 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2021-21300 CVE STATUS: Patched CVE SUMMARY: Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive file system such as NTFS, HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters have to be configured for that. Git for Windows configures Git LFS by default, and is therefore vulnerable. The problem has been patched in the versions published on Tuesday, March 9th, 2021. As a workaound, if symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. Likewise, if no clean/smudge filters such as Git LFS are configured globally (i.e. _before_ cloning), the attack is foiled. As always, it is best to avoid cloning repositories from untrusted sources. The earliest impacted version is 2.14.2. The fix versions are: 2.30.1, 2.29.3, 2.28.1, 2.27.1, 2.26.3, 2.25.5, 2.24.4, 2.23.4, 2.22.5, 2.21.4, 2.20.5, 2.19.6, 2.18.5, 2.17.62.17.6. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 8.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-21300 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2021-40330 CVE STATUS: Patched CVE SUMMARY: git_connect_git in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-40330 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2022-23521 CVE STATUS: Patched CVE SUMMARY: Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a `.gitattributes` file to the repository, which contains a set of file patterns and the attributes that should be set for paths matching this pattern. When parsing gitattributes, multiple integer overflows can occur when there is a huge number of path patterns, a huge number of attributes for a single pattern, or when the declared attribute names are huge. These overflows can be triggered via a crafted `.gitattributes` file that may be part of the commit history. Git silently splits lines longer than 2KB when parsing gitattributes from a file, but not when parsing them from the index. Consequentially, the failure mode depends on whether the file exists in the working tree, the index or both. This integer overflow can result in arbitrary heap reads and writes, which may result in remote code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. There are no known workarounds for this issue. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-23521 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2022-24765 CVE STATUS: Patched CVE SUMMARY: Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\.git\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run, and remove read/write access from those folders as a workaround. Alternatively, define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile, e.g. `C:\Users` if the user profile is located in `C:\Users\my-user-name`. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 6.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-24765 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2022-24975 CVE STATUS: Patched CVE SUMMARY: The --mirror documentation for Git through 2.35.1 does not mention the availability of deleted content, aka the "GitBleed" issue. This could present a security risk if information-disclosure auditing processes rely on a clone operation without the --mirror option. Note: This has been disputed by multiple 3rd parties who believe this is an intended feature of the git binary and does not pose a security risk. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-24975 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2022-29187 CVE STATUS: Patched CVE SUMMARY: Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a patch for this issue. The simplest way to avoid being affected by the exploit described in the example is to avoid running git as root (or an Administrator in Windows), and if needed to reduce its use to a minimum. While a generic workaround is not possible, a system could be hardened from the exploit described in the example by removing any such repository if it exists already and creating one as root to block any future attacks. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-29187 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2022-39253 CVE STATUS: Patched CVE SUMMARY: Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source's `$GIT_DIR/objects` directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via `--no-hardlinks`). A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim's machine. This can be done either by having the victim clone a malicious repository on the same machine, or having them clone a malicious repository embedded as a bare repository via a submodule from any source, provided they clone with the `--recurse-submodules` option. Git does not create symbolic links in the `$GIT_DIR/objects` directory. The problem has been patched in the versions published on 2022-10-18, and backported to v2.30.x. Potential workarounds: Avoid cloning untrusted repositories using the `--local` optimization when on a shared machine, either by passing the `--no-local` option to `git clone` or cloning from a URL that uses the `file://` scheme. Alternatively, avoid cloning repositories from untrusted sources with `--recurse-submodules` or run `git config --global protocol.file.allow user`. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-39253 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2022-39260 CVE STATUS: Patched CVE SUMMARY: Git is an open source, scalable, distributed revision control system. `git shell` is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an `int` to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Because the resulting array is then passed to `execv()`, it is possible to leverage this attack to gain remote code execution on a victim machine. Note that a victim must first allow access to `git shell` as a login shell in order to be vulnerable to this attack. This problem is patched in versions 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 and users are advised to upgrade to the latest version. Disabling `git shell` access via remote logins is a viable short-term workaround. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-39260 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2022-41903 CVE STATUS: Patched CVE SUMMARY: Git is distributed revision control system. `git log` can display commits in an arbitrary format using its `--format` specifiers. This functionality is also exposed to `git archive` via the `export-subst` gitattribute. When processing the padding operators, there is a integer overflow in `pretty.c::format_and_pad_commit()` where a `size_t` is stored improperly as an `int`, and then added as an offset to a `memcpy()`. This overflow can be triggered directly by a user running a command which invokes the commit formatting machinery (e.g., `git log --format=...`). It may also be triggered indirectly through git archive via the export-subst mechanism, which expands format specifiers inside of files within the repository during a git archive. This integer overflow can result in arbitrary heap writes, which may result in arbitrary code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. Users who are unable to upgrade should disable `git archive` in untrusted repositories. If you expose git archive via `git daemon`, disable it by running `git config --global daemon.uploadArch false`. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-41903 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2022-41953 CVE STATUS: Patched CVE SUMMARY: Git GUI is a convenient graphical tool that comes with Git for Windows. Its target audience is users who are uncomfortable with using Git on the command-line. Git GUI has a function to clone repositories. Immediately after the local clone is available, Git GUI will automatically post-process it, among other things running a spell checker called `aspell.exe` if it was found. Git GUI is implemented as a Tcl/Tk script. Due to the unfortunate design of Tcl on Windows, the search path when looking for an executable _always includes the current directory_. Therefore, malicious repositories can ship with an `aspell.exe` in their top-level directory which is executed by Git GUI without giving the user a chance to inspect it first, i.e. running untrusted code. This issue has been addressed in version 2.39.1. Users are advised to upgrade. Users unable to upgrade should avoid using Git GUI for cloning. If that is not a viable option, at least avoid cloning from untrusted sources. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.6 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-41953 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2023-22490 CVE STATUS: Patched CVE SUMMARY: Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source `$GIT_DIR/objects` directory contains symbolic links, the `objects` directory itself may still be a symbolic link. These two may be combined to include arbitrary files based on known paths on the victim's filesystem within the malicious repository's working copy, allowing for data exfiltration in a similar manner as CVE-2022-39253. A fix has been prepared and will appear in v2.39.2 v2.38.4 v2.37.6 v2.36.5 v2.35.7 v2.34.7 v2.33.7 v2.32.6, v2.31.7 and v2.30.8. If upgrading is impractical, two short-term workarounds are available. Avoid cloning repositories from untrusted sources with `--recurse-submodules`. Instead, consider cloning repositories without recursively cloning their submodules, and instead run `git submodule update` at each layer. Before doing so, inspect each new `.gitmodules` file to ensure that it does not contain suspicious module URLs. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-22490 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2023-23946 CVE STATUS: Patched CVE SUMMARY: Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. By feeding a crafted input to `git apply`, a path outside the working tree can be overwritten as the user who is running `git apply`. A fix has been prepared and will appear in v2.39.2, v2.38.4, v2.37.6, v2.36.5, v2.35.7, v2.34.7, v2.33.7, v2.32.6, v2.31.7, and v2.30.8. As a workaround, use `git apply --stat` to inspect a patch before applying; avoid applying one that creates a symbolic link and then creates a file beyond the symbolic link. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.2 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-23946 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2023-25652 CVE STATUS: Patched CVE SUMMARY: Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying patches from an untrusted source. Use `git apply --stat` to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file exists. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-25652 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2023-29007 CVE STATUS: Patched CVE SUMMARY: Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug can be used to inject arbitrary configuration into a user's `$GIT_DIR/config` when attempting to remove the configuration section associated with that submodule. When the attacker injects configuration values which specify executables to run (such as `core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code execution. A fix A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running `git submodule deinit` on untrusted repositories or without prior inspection of any submodule sections in `$GIT_DIR/config`. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-29007 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2005-0876 CVE STATUS: Patched CVE SUMMARY: Off-by-one buffer overflow in Dnsmasq before 2.21 may allow attackers to execute arbitrary code via the DHCP lease file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-0876 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2005-0877 CVE STATUS: Patched CVE SUMMARY: Dnsmasq before 2.21 allows remote attackers to poison the DNS cache via answers to queries that were not made by Dnsmasq. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-0877 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2006-2017 CVE STATUS: Patched CVE SUMMARY: Dnsmasq 2.29 allows remote attackers to cause a denial of service (application crash) via a DHCP client broadcast reply request. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-2017 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2008-3214 CVE STATUS: Patched CVE SUMMARY: dnsmasq 2.25 allows remote attackers to cause a denial of service (daemon crash) by (1) renewing a nonexistent lease or (2) sending a DHCPREQUEST for an IP address that is not in the same network, related to the DHCP NAK response from the daemon. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3214 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2008-3350 CVE STATUS: Patched CVE SUMMARY: dnsmasq 2.43 allows remote attackers to cause a denial of service (daemon crash) by (1) sending a DHCPINFORM while lacking a DHCP lease, or (2) attempting to renew a nonexistent DHCP lease for an invalid subnet as an "unknown client," a different vulnerability than CVE-2008-3214. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3350 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2009-2957 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, might allow remote attackers to execute arbitrary code via a long filename in a TFTP packet, as demonstrated by a read (aka RRQ) request. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-2957 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2009-2958 CVE STATUS: Patched CVE SUMMARY: The tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a TFTP read (aka RRQ) request with a malformed blksize option. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-2958 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2012-3411 CVE STATUS: Patched CVE SUMMARY: Dnsmasq before 2.63test1, when used with certain libvirt configurations, replies to requests from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed DNS query. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-3411 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2013-0198 CVE STATUS: Patched CVE SUMMARY: Dnsmasq before 2.66test2, when used with certain libvirt configurations, replies to queries from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via spoofed TCP based DNS queries. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3411. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0198 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2015-3294 CVE STATUS: Patched CVE SUMMARY: The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setup_reply function, which allows remote attackers to read process memory and cause a denial of service (out-of-bounds read and crash) via a malformed DNS request. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3294 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2015-8899 CVE STATUS: Patched CVE SUMMARY: Dnsmasq before 2.76 allows remote servers to cause a denial of service (crash) via a reply with an empty DNS address that has an (1) A or (2) AAAA record defined locally. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8899 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2017-13704 CVE STATUS: Patched CVE SUMMARY: In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's (0xffffffffffffffff in 64 bit platforms), making dnsmasq crash. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13704 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2017-14491 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14491 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2017-14492 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14492 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2017-14493 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14493 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2017-14494 CVE STATUS: Patched CVE SUMMARY: dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14494 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2017-14495 CVE STATUS: Patched CVE SUMMARY: Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14495 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2017-14496 CVE STATUS: Patched CVE SUMMARY: Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14496 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2017-15107 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in the implementation of DNSSEC in Dnsmasq up to and including 2.78. Wildcard synthesized NSEC records could be improperly interpreted to prove the non-existence of hostnames that actually exist. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15107 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2019-14513 CVE STATUS: Patched CVE SUMMARY: Improper bounds checking in Dnsmasq before 2.76 allows an attacker controlled DNS server to send large DNS packets that result in a read operation beyond the buffer allocated for the packet, a different vulnerability than CVE-2017-14491. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-14513 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2019-14834 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in dnsmasq before version 2.81, where the memory leak allows remote attackers to cause a denial of service (memory consumption) via vectors involving DHCP response creation. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 3.7 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-14834 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2020-25681 CVE STATUS: Patched CVE SUMMARY: A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with DNSSEC data. An attacker on the network, who can forge DNS replies such as that they are accepted as valid, could use this flaw to cause a buffer overflow with arbitrary data in a heap memory segment, possibly executing code on the machine. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVSS v2 BASE SCORE: 8.3 CVSS v3 BASE SCORE: 8.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-25681 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2020-25682 CVE STATUS: Patched CVE SUMMARY: A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network, who can create valid DNS replies, could use this flaw to cause an overflow with arbitrary data in a heap-allocated memory, possibly executing code on the machine. The flaw is in the rfc1035.c:extract_name() function, which writes data to the memory pointed by name assuming MAXDNAME*2 bytes are available in the buffer. However, in some code execution paths, it is possible extract_name() gets passed an offset from the base buffer, thus reducing, in practice, the number of available bytes that can be written in the buffer. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVSS v2 BASE SCORE: 8.3 CVSS v3 BASE SCORE: 8.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-25682 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2020-25683 CVE STATUS: Patched CVE SUMMARY: A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. A remote attacker, who can create valid DNS replies, could use this flaw to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in get_rdata() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-25683 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2020-25684 CVE STATUS: Patched CVE SUMMARY: A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query() if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to retrieve the exact forwarded query, substantially reducing the number of attempts an attacker on the network would have to perform to forge a reply and get it accepted by dnsmasq. This issue contrasts with RFC5452, which specifies a query's attributes that all must be used to match a reply. This flaw allows an attacker to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25685 or CVE-2020-25686, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 3.7 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-25684 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2020-25685 CVE STATUS: Patched CVE SUMMARY: A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_query(), which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash (CRC32 when dnsmasq is compiled without DNSSEC, SHA-1 when it is) this flaw allows an off-path attacker to find several different domains all having the same hash, substantially reducing the number of attempts they would have to perform to forge a reply and get it accepted by dnsmasq. This is in contrast with RFC5452, which specifies that the query name is one of the attributes of a query that must be used to match a reply. This flaw could be abused to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25684 the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 3.7 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-25685 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2020-25686 CVE STATUS: Patched CVE SUMMARY: A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw allows an off-path attacker on the network to substantially reduce the number of attempts that it would have to perform to forge a reply and have it accepted by dnsmasq. This issue is mentioned in the "Birthday Attacks" section of RFC5452. If chained with CVE-2020-25684, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 3.7 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-25686 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2020-25687 CVE STATUS: Patched CVE SUMMARY: A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. This flaw allows a remote attacker, who can create valid DNS replies, to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in sort_rrset() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-25687 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2021-3448 CVE STATUS: Patched CVE SUMMARY: A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This flaw makes a DNS Cache Poisoning attack much easier. The highest threat from this vulnerability is to data integrity. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 4.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3448 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2021-45951 CVE STATUS: Patched CVE SUMMARY: Dnsmasq 2.86 has a heap-based buffer overflow in check_bad_address (called from check_for_bogus_wildcard and FuzzCheckForBogusWildcard). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-45951 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2021-45952 CVE STATUS: Patched CVE SUMMARY: Dnsmasq 2.86 has a heap-based buffer overflow in dhcp_reply (called from dhcp_packet and FuzzDhcp). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-45952 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2021-45953 CVE STATUS: Patched CVE SUMMARY: Dnsmasq 2.86 has a heap-based buffer overflow in extract_name (called from hash_questions and fuzz_util.c). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-45953 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2021-45954 CVE STATUS: Patched CVE SUMMARY: Dnsmasq 2.86 has a heap-based buffer overflow in extract_name (called from answer_auth and FuzzAuth). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-45954 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2021-45955 CVE STATUS: Patched CVE SUMMARY: Dnsmasq 2.86 has a heap-based buffer overflow in resize_packet (called from FuzzResizePacket and fuzz_rfc1035.c) because of the lack of a proper bounds check upon pseudo header re-insertion. NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge." However, a contributor states that a security patch (mentioned in 016162.html) is needed CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-45955 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2021-45956 CVE STATUS: Patched CVE SUMMARY: Dnsmasq 2.86 has a heap-based buffer overflow in print_mac (called from log_packet and dhcp_reply). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-45956 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2021-45957 CVE STATUS: Patched CVE SUMMARY: Dnsmasq 2.86 has a heap-based buffer overflow in answer_request (called from FuzzAnswerTheRequest and fuzz_rfc1035.c). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-45957 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2022-0934 CVE STATUS: Patched CVE SUMMARY: A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0934 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2023-28450 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-28450 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2023-49441 CVE STATUS: Patched CVE SUMMARY: dnsmasq 2.9 is vulnerable to Integer Overflow via forward_query. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-49441 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2023-50387 CVE STATUS: Patched CVE SUMMARY: Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-50387 LAYER: meta-oe PACKAGE NAME: s-nail PACKAGE VERSION: 14.9.24 CVE: CVE-2017-5899 CVE STATUS: Patched CVE SUMMARY: Directory traversal vulnerability in the setuid root helper binary in S-nail (later S-mailx) before 14.8.16 allows local users to write to arbitrary files and consequently gain root privileges via a .. (dot dot) in the randstr argument. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 7.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5899 LAYER: meta-ros-common PACKAGE NAME: yaml-cpp PACKAGE VERSION: 0.6.2 CVE: CVE-2017-11692 CVE STATUS: Patched CVE SUMMARY: The function "Token& Scanner::peek" in scanner.cpp in yaml-cpp 0.5.3 and earlier allows remote attackers to cause a denial of service (assertion failure and application exit) via a '!2' string. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11692 LAYER: meta-ros-common PACKAGE NAME: yaml-cpp PACKAGE VERSION: 0.6.2 CVE: CVE-2017-5950 CVE STATUS: Patched CVE SUMMARY: The SingleDocParser::HandleNode function in yaml-cpp (aka LibYaml-C++) 0.5.3 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5950 LAYER: meta-ros-common PACKAGE NAME: yaml-cpp PACKAGE VERSION: 0.6.2 CVE: CVE-2018-20573 CVE STATUS: Unpatched CVE SUMMARY: The Scanner::EnsureTokensInQueue function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20573 LAYER: meta-ros-common PACKAGE NAME: yaml-cpp PACKAGE VERSION: 0.6.2 CVE: CVE-2018-20574 CVE STATUS: Unpatched CVE SUMMARY: The SingleDocParser::HandleFlowMap function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20574 LAYER: meta-ros-common PACKAGE NAME: yaml-cpp PACKAGE VERSION: 0.6.2 CVE: CVE-2019-6285 CVE STATUS: Unpatched CVE SUMMARY: The SingleDocParser::HandleFlowSequence function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-6285 LAYER: meta-ros-common PACKAGE NAME: yaml-cpp PACKAGE VERSION: 0.6.2 CVE: CVE-2019-6292 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in singledocparser.cpp in yaml-cpp (aka LibYaml-C++) 0.6.2. Stack Exhaustion occurs in YAML::SingleDocParser, and there is a stack consumption problem caused by recursive stack frames: HandleCompactMap, HandleMap, HandleFlowSequence, HandleSequence, HandleNode. Remote attackers could leverage this vulnerability to cause a denial-of-service via a cpp file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-6292 LAYER: meta PACKAGE NAME: bash PACKAGE VERSION: 5.2.21 CVE: CVE-1999-0491 CVE STATUS: Patched CVE SUMMARY: The prompt parsing in bash allows a local user to execute commands as another user by creating a directory with the name of the command to execute. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-1999-0491 LAYER: meta PACKAGE NAME: bash PACKAGE VERSION: 5.2.21 CVE: CVE-1999-1383 CVE STATUS: Patched CVE SUMMARY: (1) bash before 1.14.7, and (2) tcsh 6.05 allow local users to gain privileges via directory names that contain shell metacharacters (` back-tick), which can cause the commands enclosed in the directory name to be executed when the shell expands filenames using the \w option in the PS1 variable. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-1999-1383 LAYER: meta PACKAGE NAME: bash PACKAGE VERSION: 5.2.21 CVE: CVE-2010-0002 CVE STATUS: Patched CVE SUMMARY: The /etc/profile.d/60alias.sh script in the Mandriva bash package for Bash 2.05b, 3.0, 3.2, 3.2.48, and 4.0 enables the --show-control-chars option in LS_OPTIONS, which allows local users to send escape sequences to terminal emulators, or hide the existence of a file, via a crafted filename. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-0002 LAYER: meta PACKAGE NAME: bash PACKAGE VERSION: 5.2.21 CVE: CVE-2012-3410 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in lib/sh/eaccess.c in GNU Bash before 4.2 patch 33 might allow local users to bypass intended restricted shell access via a long filename in /dev/fd, which is not properly handled when expanding the /dev/fd prefix. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-3410 LAYER: meta PACKAGE NAME: bash PACKAGE VERSION: 5.2.21 CVE: CVE-2012-6711 CVE STATUS: Patched CVE SUMMARY: A heap-based buffer overflow exists in GNU Bash before 4.3 when wide characters, not supported by the current locale set in the LC_CTYPE environment variable, are printed through the echo built-in function. A local attacker, who can provide data to print through the "echo -e" built-in function, may use this flaw to crash a script or execute code with the privileges of the bash process. This occurs because ansicstr() in lib/sh/strtrans.c mishandles u32cconv(). CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6711 LAYER: meta PACKAGE NAME: bash PACKAGE VERSION: 5.2.21 CVE: CVE-2014-6271 CVE STATUS: Patched CVE SUMMARY: GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6271 LAYER: meta PACKAGE NAME: bash PACKAGE VERSION: 5.2.21 CVE: CVE-2014-6277 CVE STATUS: Patched CVE SUMMARY: GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write operations) via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271 and CVE-2014-7169. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6277 LAYER: meta PACKAGE NAME: bash PACKAGE VERSION: 5.2.21 CVE: CVE-2014-6278 CVE STATUS: Patched CVE SUMMARY: GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6278 LAYER: meta PACKAGE NAME: bash PACKAGE VERSION: 5.2.21 CVE: CVE-2014-7169 CVE STATUS: Patched CVE SUMMARY: GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-7169 LAYER: meta PACKAGE NAME: bash PACKAGE VERSION: 5.2.21 CVE: CVE-2014-7186 CVE STATUS: Patched CVE SUMMARY: The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted use of here documents, aka the "redir_stack" issue. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-7186 LAYER: meta PACKAGE NAME: bash PACKAGE VERSION: 5.2.21 CVE: CVE-2014-7187 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the "word_lineno" issue. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-7187 LAYER: meta PACKAGE NAME: bash PACKAGE VERSION: 5.2.21 CVE: CVE-2016-0634 CVE STATUS: Patched CVE SUMMARY: The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine. CVSS v2 BASE SCORE: 6.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-0634 LAYER: meta PACKAGE NAME: bash PACKAGE VERSION: 5.2.21 CVE: CVE-2016-7543 CVE STATUS: Patched CVE SUMMARY: Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 8.4 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7543 LAYER: meta PACKAGE NAME: bash PACKAGE VERSION: 5.2.21 CVE: CVE-2016-9401 CVE STATUS: Patched CVE SUMMARY: popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9401 LAYER: meta PACKAGE NAME: bash PACKAGE VERSION: 5.2.21 CVE: CVE-2017-5932 CVE STATUS: Patched CVE SUMMARY: The path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a " (double quote) character and a command substitution metacharacter. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5932 LAYER: meta PACKAGE NAME: bash PACKAGE VERSION: 5.2.21 CVE: CVE-2019-18276 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support "saved UID" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use "enable -f" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-18276 LAYER: meta PACKAGE NAME: bash PACKAGE VERSION: 5.2.21 CVE: CVE-2019-9924 CVE STATUS: Patched CVE SUMMARY: rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9924 LAYER: meta PACKAGE NAME: bash PACKAGE VERSION: 5.2.21 CVE: CVE-2022-3715 CVE STATUS: Patched CVE SUMMARY: A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform. This issue may lead to memory problems. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3715 LAYER: meta PACKAGE NAME: libcap PACKAGE VERSION: 2.69 CVE: CVE-2011-4099 CVE STATUS: Patched CVE SUMMARY: The capsh program in libcap before 2.22 does not change the current working directory when the --chroot option is specified, which allows local users to bypass the chroot restrictions via unspecified vectors. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-4099 LAYER: meta PACKAGE NAME: libcap PACKAGE VERSION: 2.69 CVE: CVE-2023-2602 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 3.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-2602 LAYER: meta PACKAGE NAME: libcap PACKAGE VERSION: 2.69 CVE: CVE-2023-2603 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-2603 LAYER: meta PACKAGE NAME: libcap PACKAGE VERSION: 2.69 CVE: CVE-2025-1390 CVE STATUS: Patched CVE SUMMARY: The PAM module pam_cap.so of libcap configuration supports group names starting with “@”, during actual parsing, configurations not starting with “@” are incorrectly recognized as group names. This may result in nonintended users being granted an inherited capability set, potentially leading to security risks. Attackers can exploit this vulnerability to achieve local privilege escalation on systems where /etc/security/capability.conf is used to configure user inherited privileges by constructing specific usernames. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.1 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-1390 LAYER: meta PACKAGE NAME: texinfo PACKAGE VERSION: 7.0.3 CVE: CVE-2005-3011 CVE STATUS: Patched CVE SUMMARY: The sort_offline function for texindex in texinfo 4.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files. CVSS v2 BASE SCORE: 1.2 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-3011 LAYER: meta PACKAGE NAME: texinfo PACKAGE VERSION: 7.0.3 CVE: CVE-2006-4810 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the readline function in util/texindex.c, as used by the (1) texi2dvi and (2) texindex commands, in texinfo 4.8 and earlier allows local users to execute arbitrary code via a crafted Texinfo file. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-4810 LAYER: meta PACKAGE NAME: dbus-glib PACKAGE VERSION: 0.112 CVE: CVE-2010-1172 CVE STATUS: Patched CVE SUMMARY: DBus-GLib 0.73 disregards the access flag of exported GObject properties, which allows local users to bypass intended access restrictions and possibly cause a denial of service by modifying properties, as demonstrated by properties of the (1) DeviceKit-Power, (2) NetworkManager, and (3) ModemManager services. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-1172 LAYER: meta PACKAGE NAME: dbus-glib PACKAGE VERSION: 0.112 CVE: CVE-2013-0292 CVE STATUS: Patched CVE SUMMARY: The dbus_g_proxy_manager_filter function in dbus-gproxy in Dbus-glib before 0.100.1 does not properly verify the sender of NameOwnerChanged signals, which allows local users to gain privileges via a spoofed signal. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0292 LAYER: meta PACKAGE NAME: make PACKAGE VERSION: 4.4.1 CVE: CVE-2000-0151 CVE STATUS: Patched CVE SUMMARY: GNU make follows symlinks when it reads a Makefile from stdin, which allows other local users to execute commands. CVSS v2 BASE SCORE: 6.2 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2000-0151 LAYER: meta PACKAGE NAME: gcc-runtime PACKAGE VERSION: 13.3.0 CVE: CVE-1999-1439 CVE STATUS: Patched CVE SUMMARY: gcc 2.7.2 allows local users to overwrite arbitrary files via a symlink attack on temporary .i, .s, or .o files. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-1999-1439 LAYER: meta PACKAGE NAME: gcc-runtime PACKAGE VERSION: 13.3.0 CVE: CVE-2000-1219 CVE STATUS: Patched CVE SUMMARY: The -ftrapv compiler option in gcc and g++ 3.3.3 and earlier does not handle all types of integer overflows, which may leave applications vulnerable to vulnerabilities related to overflows. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2000-1219 LAYER: meta PACKAGE NAME: gcc-runtime PACKAGE VERSION: 13.3.0 CVE: CVE-2002-2439 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the new[] operator in gcc before 4.8.0 allows attackers to have unspecified impacts. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-2439 LAYER: meta PACKAGE NAME: gcc-runtime PACKAGE VERSION: 13.3.0 CVE: CVE-2006-1902 CVE STATUS: Patched CVE SUMMARY: fold_binary in fold-const.c in GNU Compiler Collection (gcc) 4.1 improperly handles pointer overflow when folding a certain expr comparison to a corresponding offset comparison in cases other than EQ_EXPR and NE_EXPR, which might introduce buffer overflow vulnerabilities into applications that could be exploited by context-dependent attackers.NOTE: the vendor states that the essence of the issue is "not correctly interpreting an offset to a pointer as a signed value." CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-1902 LAYER: meta PACKAGE NAME: gcc-runtime PACKAGE VERSION: 13.3.0 CVE: CVE-2008-1367 CVE STATUS: Patched CVE SUMMARY: gcc 4.3.x does not generate a cld instruction while compiling functions used for string manipulation such as memcpy and memmove on x86 and i386, which can prevent the direction flag (DF) from being reset in violation of ABI conventions and cause data to be copied in the wrong direction during signal handling in the Linux kernel, which might allow context-dependent attackers to trigger memory corruption. NOTE: this issue was originally reported for CPU consumption in SBCL. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1367 LAYER: meta PACKAGE NAME: gcc-runtime PACKAGE VERSION: 13.3.0 CVE: CVE-2008-1685 CVE STATUS: Patched CVE SUMMARY: gcc 4.2.0 through 4.3.0 in GNU Compiler Collection, when casts are not used, considers the sum of a pointer and an int to be greater than or equal to the pointer, which might lead to removal of length testing code that was intended as a protection mechanism against integer overflow and buffer overflow attacks, and provide no diagnostic message about this removal. NOTE: the vendor has determined that this compiler behavior is correct according to section 6.5.6 of the C99 standard (aka ISO/IEC 9899:1999) CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1685 LAYER: meta PACKAGE NAME: gcc-runtime PACKAGE VERSION: 13.3.0 CVE: CVE-2013-4598 CVE STATUS: Patched CVE SUMMARY: The Groups, Communities and Co (GCC) module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permission, which allows remote attackers to access the configuration pages via unspecified vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4598 LAYER: meta PACKAGE NAME: gcc-runtime PACKAGE VERSION: 13.3.0 CVE: CVE-2015-5276 CVE STATUS: Patched CVE SUMMARY: The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5276 LAYER: meta PACKAGE NAME: gcc-runtime PACKAGE VERSION: 13.3.0 CVE: CVE-2017-11671 CVE STATUS: Patched CVE SUMMARY: Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 4.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11671 LAYER: meta PACKAGE NAME: gcc-runtime PACKAGE VERSION: 13.3.0 CVE: CVE-2018-12886 CVE STATUS: Patched CVE SUMMARY: stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-12886 LAYER: meta PACKAGE NAME: gcc-runtime PACKAGE VERSION: 13.3.0 CVE: CVE-2019-15847 CVE STATUS: Patched CVE SUMMARY: The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-15847 LAYER: meta PACKAGE NAME: gcc-runtime PACKAGE VERSION: 13.3.0 CVE: CVE-2021-37322 CVE STATUS: Ignored CVE DETAIL: cpe-incorrect CVE DESCRIPTION: Is a binutils 2.26 issue, not gcc CVE SUMMARY: GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via the component cplus-dem.c. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-37322 LAYER: meta PACKAGE NAME: gcc-runtime PACKAGE VERSION: 13.3.0 CVE: CVE-2021-3826 CVE STATUS: Patched CVE SUMMARY: Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3826 LAYER: meta PACKAGE NAME: gcc-runtime PACKAGE VERSION: 13.3.0 CVE: CVE-2021-46195 CVE STATUS: Patched CVE SUMMARY: GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-46195 LAYER: meta PACKAGE NAME: gcc-runtime PACKAGE VERSION: 13.3.0 CVE: CVE-2022-27943 CVE STATUS: Patched CVE SUMMARY: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-27943 LAYER: meta PACKAGE NAME: gcc-runtime PACKAGE VERSION: 13.3.0 CVE: CVE-2023-4039 CVE STATUS: Patched CVE DETAIL: fixed-version CVE DESCRIPTION: Fixed via CVE-2023-4039.patch included here. Set the status explictly to deal with all recipes that share the gcc-source CVE SUMMARY: **DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables. The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4039 LAYER: meta PACKAGE NAME: librsvg PACKAGE VERSION: 2.57.1 CVE: CVE-2011-3146 CVE STATUS: Patched CVE SUMMARY: librsvg before 2.34.1 uses the node name to identify the type of node, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference) and possibly execute arbitrary code via a SVG file with a node with the element name starting with "fe," which is misidentified as a RsvgFilterPrimitive. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3146 LAYER: meta PACKAGE NAME: librsvg PACKAGE VERSION: 2.57.1 CVE: CVE-2013-1881 CVE STATUS: Patched CVE SUMMARY: GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1881 LAYER: meta PACKAGE NAME: librsvg PACKAGE VERSION: 2.57.1 CVE: CVE-2015-7557 CVE STATUS: Patched CVE SUMMARY: The _rsvg_node_poly_build_path function in rsvg-shapes.c in librsvg before 2.40.7 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via an odd number of elements in a coordinate pair in an SVG document. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7557 LAYER: meta PACKAGE NAME: librsvg PACKAGE VERSION: 2.57.1 CVE: CVE-2015-7558 CVE STATUS: Patched CVE SUMMARY: librsvg before 2.40.12 allows context-dependent attackers to cause a denial of service (infinite loop, stack consumption, and application crash) via cyclic references in an SVG document. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7558 LAYER: meta PACKAGE NAME: librsvg PACKAGE VERSION: 2.57.1 CVE: CVE-2016-4348 CVE STATUS: Patched CVE SUMMARY: The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via circular definitions in an SVG document. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4348 LAYER: meta PACKAGE NAME: librsvg PACKAGE VERSION: 2.57.1 CVE: CVE-2016-6163 CVE STATUS: Patched CVE SUMMARY: The rsvg_pattern_fix_fallback function in rsvg-paint_server.c in librsvg2 2.40.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted svg file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6163 LAYER: meta PACKAGE NAME: librsvg PACKAGE VERSION: 2.57.1 CVE: CVE-2017-11464 CVE STATUS: Patched CVE SUMMARY: A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file, because of incorrect protection against division by zero. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11464 LAYER: meta PACKAGE NAME: librsvg PACKAGE VERSION: 2.57.1 CVE: CVE-2018-1000041 CVE STATUS: Ignored CVE DETAIL: not-applicable-platform CVE DESCRIPTION: Issue only applies on Windows CVE SUMMARY: GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victim's Windows username and NTLM password hash being leaked to remote attackers through SMB. This attack appear to be exploitable via The victim must process a specially crafted SVG file containing an UNC path on Windows. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000041 LAYER: meta PACKAGE NAME: librsvg PACKAGE VERSION: 2.57.1 CVE: CVE-2019-20446 CVE STATUS: Patched CVE SUMMARY: In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-20446 LAYER: meta PACKAGE NAME: librsvg PACKAGE VERSION: 2.57.1 CVE: CVE-2023-38633 CVE STATUS: Patched CVE SUMMARY: A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-38633 LAYER: meta-virtualization PACKAGE NAME: docker-moby PACKAGE VERSION: 25.0.3+gitf417435e5f6216828dec57958c490c4f8bae4f98 CVE: CVE-2014-0047 CVE STATUS: Patched CVE SUMMARY: Docker before 1.5 allows local users to have unspecified impact via vectors involving unsafe /tmp usage. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0047 LAYER: meta-virtualization PACKAGE NAME: docker-moby PACKAGE VERSION: 25.0.3+gitf417435e5f6216828dec57958c490c4f8bae4f98 CVE: CVE-2014-0048 CVE STATUS: Patched CVE SUMMARY: An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0048 LAYER: meta-virtualization PACKAGE NAME: docker-moby PACKAGE VERSION: 25.0.3+gitf417435e5f6216828dec57958c490c4f8bae4f98 CVE: CVE-2014-3499 CVE STATUS: Patched CVE SUMMARY: Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3499 LAYER: meta-virtualization PACKAGE NAME: docker-moby PACKAGE VERSION: 25.0.3+gitf417435e5f6216828dec57958c490c4f8bae4f98 CVE: CVE-2014-5277 CVE STATUS: Patched CVE SUMMARY: Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to block HTTPS traffic. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-5277 LAYER: meta-virtualization PACKAGE NAME: docker-moby PACKAGE VERSION: 25.0.3+gitf417435e5f6216828dec57958c490c4f8bae4f98 CVE: CVE-2014-5278 CVE STATUS: Patched CVE SUMMARY: A vulnerability exists in Docker before 1.2 via container names, which may collide with and override container IDs. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-5278 LAYER: meta-virtualization PACKAGE NAME: docker-moby PACKAGE VERSION: 25.0.3+gitf417435e5f6216828dec57958c490c4f8bae4f98 CVE: CVE-2014-5282 CVE STATUS: Patched CVE SUMMARY: Docker before 1.3 does not properly validate image IDs, which allows remote attackers to redirect to another image through the loading of untrusted images via 'docker load'. CVSS v2 BASE SCORE: 5.5 CVSS v3 BASE SCORE: 8.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-5282 LAYER: meta-virtualization PACKAGE NAME: docker-moby PACKAGE VERSION: 25.0.3+gitf417435e5f6216828dec57958c490c4f8bae4f98 CVE: CVE-2014-6407 CVE STATUS: Patched CVE SUMMARY: Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6407 LAYER: meta-virtualization PACKAGE NAME: docker-moby PACKAGE VERSION: 25.0.3+gitf417435e5f6216828dec57958c490c4f8bae4f98 CVE: CVE-2014-6408 CVE STATUS: Patched CVE SUMMARY: Docker 1.3.0 through 1.3.1 allows remote attackers to modify the default run profile of image containers and possibly bypass the container by applying unspecified security options to an image. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6408 LAYER: meta-virtualization PACKAGE NAME: docker-moby PACKAGE VERSION: 25.0.3+gitf417435e5f6216828dec57958c490c4f8bae4f98 CVE: CVE-2014-8178 CVE STATUS: Patched CVE SUMMARY: Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a crafted image in pull or push commands. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8178 LAYER: meta-virtualization PACKAGE NAME: docker-moby PACKAGE VERSION: 25.0.3+gitf417435e5f6216828dec57958c490c4f8bae4f98 CVE: CVE-2014-8179 CVE STATUS: Patched CVE SUMMARY: Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8179 LAYER: meta-virtualization PACKAGE NAME: docker-moby PACKAGE VERSION: 25.0.3+gitf417435e5f6216828dec57958c490c4f8bae4f98 CVE: CVE-2014-9356 CVE STATUS: Patched CVE SUMMARY: Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an (1) image or (2) build in a Dockerfile. CVSS v2 BASE SCORE: 8.5 CVSS v3 BASE SCORE: 8.6 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:C/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9356 LAYER: meta-virtualization PACKAGE NAME: docker-moby PACKAGE VERSION: 25.0.3+gitf417435e5f6216828dec57958c490c4f8bae4f98 CVE: CVE-2014-9357 CVE STATUS: Patched CVE SUMMARY: Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build in a Dockerfile in an LZMA (.xz) archive, related to the chroot for archive extraction. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9357 LAYER: meta-virtualization PACKAGE NAME: docker-moby PACKAGE VERSION: 25.0.3+gitf417435e5f6216828dec57958c490c4f8bae4f98 CVE: CVE-2014-9358 CVE STATUS: Patched CVE SUMMARY: Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a (1) "docker load" operation or (2) "registry communications." CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9358 LAYER: meta-virtualization PACKAGE NAME: docker-moby PACKAGE VERSION: 25.0.3+gitf417435e5f6216828dec57958c490c4f8bae4f98 CVE: CVE-2015-1843 CVE STATUS: Patched CVE SUMMARY: The Red Hat docker package before 1.5.0-28, when using the --add-registry option, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to block HTTPS traffic. NOTE: this vulnerability exists because of a CVE-2014-5277 regression. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1843 LAYER: meta-virtualization PACKAGE NAME: docker-moby PACKAGE VERSION: 25.0.3+gitf417435e5f6216828dec57958c490c4f8bae4f98 CVE: CVE-2015-3627 CVE STATUS: Patched CVE SUMMARY: Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3627 LAYER: meta-virtualization PACKAGE NAME: docker-moby PACKAGE VERSION: 25.0.3+gitf417435e5f6216828dec57958c490c4f8bae4f98 CVE: CVE-2015-3630 CVE STATUS: Patched CVE SUMMARY: Docker Engine before 1.6.1 uses weak permissions for (1) /proc/asound, (2) /proc/timer_stats, (3) /proc/latency_stats, and (4) /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3630 LAYER: meta-virtualization PACKAGE NAME: docker-moby PACKAGE VERSION: 25.0.3+gitf417435e5f6216828dec57958c490c4f8bae4f98 CVE: CVE-2015-3631 CVE STATUS: Patched CVE SUMMARY: Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules (LSM) and docker_t policies via an image that allows volumes to override files in /proc. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3631 LAYER: meta-virtualization PACKAGE NAME: docker-moby PACKAGE VERSION: 25.0.3+gitf417435e5f6216828dec57958c490c4f8bae4f98 CVE: CVE-2016-3697 CVE STATUS: Patched CVE SUMMARY: libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3697 LAYER: meta-virtualization PACKAGE NAME: docker-moby PACKAGE VERSION: 25.0.3+gitf417435e5f6216828dec57958c490c4f8bae4f98 CVE: CVE-2016-6595 CVE STATUS: Patched CVE SUMMARY: The SwarmKit toolkit 1.12.0 for Docker allows remote authenticated users to cause a denial of service (prevention of cluster joins) via a long sequence of join and quit actions. NOTE: the vendor disputes this issue, stating that this sequence is not "removing the state that is left by old nodes. At some point the manager obviously stops being able to accept new nodes, since it runs out of memory. Given that both for Docker swarm and for Docker Swarmkit nodes are *required* to provide a secret token (it's actually the only mode of operation), this means that no adversary can simply join nodes and exhaust manager resources. We can't do anything about a manager running out of memory and not being able to add new legitimate nodes to the system. This is merely a resource provisioning issue, and definitely not a CVE worthy vulnerability. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6595 LAYER: meta-virtualization PACKAGE NAME: docker-moby PACKAGE VERSION: 25.0.3+gitf417435e5f6216828dec57958c490c4f8bae4f98 CVE: CVE-2016-8867 CVE STATUS: Patched CVE SUMMARY: Docker Engine 1.12.2 enabled ambient capabilities with misconfigured capability policies. This allowed malicious images to bypass user permissions to access files within the container filesystem or mounted volumes. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-8867 LAYER: meta-virtualization PACKAGE NAME: docker-moby PACKAGE VERSION: 25.0.3+gitf417435e5f6216828dec57958c490c4f8bae4f98 CVE: CVE-2016-9962 CVE STATUS: Patched CVE SUMMARY: RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or modification of runC state before the process is fully placed inside the container. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 6.4 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9962 LAYER: meta-virtualization PACKAGE NAME: docker-moby PACKAGE VERSION: 25.0.3+gitf417435e5f6216828dec57958c490c4f8bae4f98 CVE: CVE-2017-14992 CVE STATUS: Patched CVE SUMMARY: Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14992 LAYER: meta-virtualization PACKAGE NAME: docker-moby PACKAGE VERSION: 25.0.3+gitf417435e5f6216828dec57958c490c4f8bae4f98 CVE: CVE-2017-16539 CVE STATUS: Patched CVE SUMMARY: The DefaultLinuxSpec function in oci/defaults.go in Docker Moby through 17.03.2-ce does not block /proc/scsi pathnames, which allows attackers to trigger data loss (when certain older Linux kernels are used) by leveraging Docker container access to write a "scsi remove-single-device" line to /proc/scsi/scsi, aka SCSI MICDROP. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-16539 LAYER: meta-virtualization PACKAGE NAME: docker-moby PACKAGE VERSION: 25.0.3+gitf417435e5f6216828dec57958c490c4f8bae4f98 CVE: CVE-2018-10892 CVE STATUS: Patched CVE SUMMARY: The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling bluetooth or turning up/down keyboard brightness. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 6.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-10892 LAYER: meta-virtualization PACKAGE NAME: docker-moby PACKAGE VERSION: 25.0.3+gitf417435e5f6216828dec57958c490c4f8bae4f98 CVE: CVE-2018-12608 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Docker Moby before 17.06.0. The Docker engine validated a client TLS certificate using both the configured client CA root certificate and all system roots on non-Windows systems. This allowed a client with any domain validated certificate signed by a system-trusted root CA (as opposed to one signed by the configured CA root certificate) to authenticate. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-12608 LAYER: meta-virtualization PACKAGE NAME: docker-moby PACKAGE VERSION: 25.0.3+gitf417435e5f6216828dec57958c490c4f8bae4f98 CVE: CVE-2018-15514 CVE STATUS: Patched CVE SUMMARY: HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable) deserialized requests over the \\.\pipe\dockerBackend named pipe without verifying the validity of the deserialized .NET objects. This would allow a malicious user in the "docker-users" group (who may not otherwise have administrator access) to escalate to administrator privileges. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-15514 LAYER: meta-virtualization PACKAGE NAME: docker-moby PACKAGE VERSION: 25.0.3+gitf417435e5f6216828dec57958c490c4f8bae4f98 CVE: CVE-2018-15664 CVE STATUS: Patched CVE SUMMARY: In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker cp' command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go does not do archive operations on a frozen filesystem (or from within a chroot). CVSS v2 BASE SCORE: 6.2 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-15664 LAYER: meta-virtualization PACKAGE NAME: docker-moby PACKAGE VERSION: 25.0.3+gitf417435e5f6216828dec57958c490c4f8bae4f98 CVE: CVE-2019-10340 CVE STATUS: Patched CVE SUMMARY: A cross-site request forgery vulnerability in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-10340 LAYER: meta-virtualization PACKAGE NAME: docker-moby PACKAGE VERSION: 25.0.3+gitf417435e5f6216828dec57958c490c4f8bae4f98 CVE: CVE-2019-10341 CVE STATUS: Patched CVE SUMMARY: A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-10341 LAYER: meta-virtualization PACKAGE NAME: docker-moby PACKAGE VERSION: 25.0.3+gitf417435e5f6216828dec57958c490c4f8bae4f98 CVE: CVE-2019-10342 CVE STATUS: Patched CVE SUMMARY: A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in various 'fillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 4.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-10342 LAYER: meta-virtualization PACKAGE NAME: docker-moby PACKAGE VERSION: 25.0.3+gitf417435e5f6216828dec57958c490c4f8bae4f98 CVE: CVE-2019-13139 CVE STATUS: Patched CVE SUMMARY: In Docker before 18.09.4, an attacker who is capable of supplying or manipulating the build path for the "docker build" command would be able to gain command execution. An issue exists in the way "docker build" processes remote git URLs, and results in command injection into the underlying "git clone" command, leading to code execution in the context of the user executing the "docker build" command. This occurs because git ref can be misinterpreted as a flag. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 8.4 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-13139 LAYER: meta-virtualization PACKAGE NAME: docker-moby PACKAGE VERSION: 25.0.3+gitf417435e5f6216828dec57958c490c4f8bae4f98 CVE: CVE-2019-13509 CVE STATUS: Patched CVE SUMMARY: In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes (non external) secrets. It potentially applies to other API users of the stack API if they resend the secret. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-13509 LAYER: meta-virtualization PACKAGE NAME: docker-moby PACKAGE VERSION: 25.0.3+gitf417435e5f6216828dec57958c490c4f8bae4f98 CVE: CVE-2019-14271 CVE STATUS: Patched CVE SUMMARY: In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-14271 LAYER: meta-virtualization PACKAGE NAME: docker-moby PACKAGE VERSION: 25.0.3+gitf417435e5f6216828dec57958c490c4f8bae4f98 CVE: CVE-2019-15752 CVE STATUS: Patched CVE SUMMARY: Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a low-privilege user, and then waiting for an admin or service user to authenticate with Docker, restart Docker, or run 'docker login' to force the command. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-15752 LAYER: meta-virtualization PACKAGE NAME: docker-moby PACKAGE VERSION: 25.0.3+gitf417435e5f6216828dec57958c490c4f8bae4f98 CVE: CVE-2019-16884 CVE STATUS: Patched CVE SUMMARY: runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-16884 LAYER: meta-virtualization PACKAGE NAME: docker-moby PACKAGE VERSION: 25.0.3+gitf417435e5f6216828dec57958c490c4f8bae4f98 CVE: CVE-2019-5736 CVE STATUS: Patched CVE SUMMARY: runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 8.6 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-5736 LAYER: meta-virtualization PACKAGE NAME: docker-moby PACKAGE VERSION: 25.0.3+gitf417435e5f6216828dec57958c490c4f8bae4f98 CVE: CVE-2020-14298 CVE STATUS: Patched CVE SUMMARY: The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed via RHSA-2019:0304. This issue could allow a malicious or compromised container to compromise the container host and other containers running on the same host. This issue only affects docker version 1.13.1-108.git4ef4b30.el7, shipped in Red Hat Enterprise Linux 7 Extras. Both earlier and later versions are not affected. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-14298 LAYER: meta-virtualization PACKAGE NAME: docker-moby PACKAGE VERSION: 25.0.3+gitf417435e5f6216828dec57958c490c4f8bae4f98 CVE: CVE-2020-14300 CVE STATUS: Patched CVE SUMMARY: The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 (https://access.redhat.com/errata/RHBA-2020:0053) included an incorrect version of runc that was missing multiple bug and security fixes. One of the fixes regressed in that update was the fix for CVE-2016-9962, that was previously corrected in the docker packages in Red Hat Enterprise Linux 7 Extras via RHSA-2017:0116 (https://access.redhat.com/errata/RHSA-2017:0116). The CVE-2020-14300 was assigned to this security regression and it is specific to the docker packages produced by Red Hat. The original issue - CVE-2016-9962 - could possibly allow a process inside container to compromise a process entering container namespace and execute arbitrary code outside of the container. This could lead to compromise of the container host or other containers running on the same container host. This issue only affects a single version of Docker, 1.13.1-108.git4ef4b30, shipped in Red Hat Enterprise Linux 7. Both earlier and later versions are not affected. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-14300 LAYER: meta-virtualization PACKAGE NAME: docker-moby PACKAGE VERSION: 25.0.3+gitf417435e5f6216828dec57958c490c4f8bae4f98 CVE: CVE-2020-27534 CVE STATUS: Patched CVE SUMMARY: util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-27534 LAYER: meta-virtualization PACKAGE NAME: docker-moby PACKAGE VERSION: 25.0.3+gitf417435e5f6216828dec57958c490c4f8bae4f98 CVE: CVE-2021-21284 CVE STATUS: Patched CVE SUMMARY: In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using "--userns-remap", if the root user in the remapped namespace has access to the host filesystem they can modify files under "/var/lib/docker/" that cause writing files with extended privileges. Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user. CVSS v2 BASE SCORE: 2.7 CVSS v3 BASE SCORE: 6.8 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:S/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-21284 LAYER: meta-virtualization PACKAGE NAME: docker-moby PACKAGE VERSION: 25.0.3+gitf417435e5f6216828dec57958c490c4f8bae4f98 CVE: CVE-2021-21285 CVE STATUS: Patched CVE SUMMARY: In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-21285 LAYER: meta-virtualization PACKAGE NAME: docker-moby PACKAGE VERSION: 25.0.3+gitf417435e5f6216828dec57958c490c4f8bae4f98 CVE: CVE-2021-3162 CVE STATUS: Patched CVE SUMMARY: Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3162 LAYER: meta-virtualization PACKAGE NAME: docker-moby PACKAGE VERSION: 25.0.3+gitf417435e5f6216828dec57958c490c4f8bae4f98 CVE: CVE-2021-33183 CVE STATUS: Patched CVE SUMMARY: Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability container volume management component in Synology Docker before 18.09.0-0515 allows local users to read or write arbitrary files via unspecified vectors. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 7.9 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-33183 LAYER: meta-virtualization PACKAGE NAME: docker-moby PACKAGE VERSION: 25.0.3+gitf417435e5f6216828dec57958c490c4f8bae4f98 CVE: CVE-2021-41089 CVE STATUS: Patched CVE SUMMARY: Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host’s filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 2.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-41089 LAYER: meta-virtualization PACKAGE NAME: docker-moby PACKAGE VERSION: 25.0.3+gitf417435e5f6216828dec57958c490c4f8bae4f98 CVE: CVE-2021-41091 CVE STATUS: Patched CVE SUMMARY: Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as `setuid`), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade limit access to the host to trusted users. Limit access to host volumes to trusted containers. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 6.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-41091 LAYER: meta-virtualization PACKAGE NAME: docker-moby PACKAGE VERSION: 25.0.3+gitf417435e5f6216828dec57958c490c4f8bae4f98 CVE: CVE-2022-24769 CVE STATUS: Patched CVE SUMMARY: Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise unprivileged users and processes can execute those programs and gain the specified file capabilities up to the bounding set. Due to this bug, containers which included executable programs with inheritable file capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable file capabilities up to the container's bounding set. Containers which use Linux users and groups to perform privilege separation inside the container are most directly impacted. This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in Moby (Docker Engine) 20.10.14. Running containers should be stopped, deleted, and recreated for the inheritable capabilities to be reset. This fix changes Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment. As a workaround, the entry point of a container can be modified to use a utility like `capsh(1)` to drop inheritable capabilities prior to the primary process starting. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-24769 LAYER: meta-virtualization PACKAGE NAME: docker-moby PACKAGE VERSION: 25.0.3+gitf417435e5f6216828dec57958c490c4f8bae4f98 CVE: CVE-2022-25365 CVE STATUS: Patched CVE SUMMARY: Docker Desktop before 4.5.1 on Windows allows attackers to move arbitrary files. NOTE: this issue exists because of an incomplete fix for CVE-2022-23774. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-25365 LAYER: meta-virtualization PACKAGE NAME: docker-moby PACKAGE VERSION: 25.0.3+gitf417435e5f6216828dec57958c490c4f8bae4f98 CVE: CVE-2022-27652 CVE STATUS: Patched CVE SUMMARY: A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-27652 LAYER: meta-virtualization PACKAGE NAME: docker-moby PACKAGE VERSION: 25.0.3+gitf417435e5f6216828dec57958c490c4f8bae4f98 CVE: CVE-2022-36109 CVE STATUS: Patched CVE SUMMARY: Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where supplementary groups are not set up properly. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. This bug is fixed in Moby (Docker Engine) 20.10.18. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade, this problem can be worked around by not using the `"USER $USERNAME"` Dockerfile instruction. Instead by calling `ENTRYPOINT ["su", "-", "user"]` the supplementary groups will be set up properly. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-36109 LAYER: meta-virtualization PACKAGE NAME: docker-moby PACKAGE VERSION: 25.0.3+gitf417435e5f6216828dec57958c490c4f8bae4f98 CVE: CVE-2023-28840 CVE STATUS: Patched CVE SUMMARY: Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby, is commonly referred to as *Docker*. Swarm Mode, which is compiled in and delivered by default in dockerd and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of SwarmKit and supporting network code. The overlay network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of VXLAN, which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes. Encrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the IPsec Encapsulating Security Payload protocol in Transport mode. By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption. When setting an endpoint up on an encrypted overlay network, Moby installs three iptables (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the u32 iptables extension provided by the xt_u32 kernel module to directly filter on a VXLAN packet's VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN. Two iptables rules serve to filter incoming VXLAN datagrams with a VNI that corresponds to an encrypted network and discards unencrypted datagrams. The rules are appended to the end of the INPUT filter chain, following any rules that have been previously set by the system administrator. Administrator-set rules take precedence over the rules Moby sets to discard unencrypted VXLAN datagrams, which can potentially admit unencrypted datagrams that should have been discarded. The injection of arbitrary Ethernet frames can enable a Denial of Service attack. A sophisticated attacker may be able to establish a UDP or TCP connection by way of the container’s outbound gateway that would otherwise be blocked by a stateful firewall, or carry out other escalations beyond simple injection by smuggling packets into the overlay network. Patches are available in Moby releases 23.0.3 and 20.10.24. As Mirantis Container Runtime's 20.10 releases are numbered differently, users of that platform should update to 20.10.16. Some workarounds are available. Close the VXLAN port (by default, UDP port 4789) to incoming traffic at the Internet boundary to prevent all VXLAN packet injection, and/or ensure that the `xt_u32` kernel module is available on all nodes of the Swarm cluster. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-28840 LAYER: meta-virtualization PACKAGE NAME: docker-moby PACKAGE VERSION: 25.0.3+gitf417435e5f6216828dec57958c490c4f8bae4f98 CVE: CVE-2023-28841 CVE STATUS: Patched CVE SUMMARY: Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby is commonly referred to as *Docker*. Swarm Mode, which is compiled in and delivered by default in `dockerd` and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of SwarmKit and supporting network code. The `overlay` network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of VXLAN, which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with the VXLAN metadata, including a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes. Encrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the IPsec Encapsulating Security Payload protocol in Transport mode. By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption. When setting an endpoint up on an encrypted overlay network, Moby installs three iptables (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the `u32` iptables extension provided by the `xt_u32` kernel module to directly filter on a VXLAN packet's VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN. An iptables rule designates outgoing VXLAN datagrams with a VNI that corresponds to an encrypted overlay network for IPsec encapsulation. Encrypted overlay networks on affected platforms silently transmit unencrypted data. As a result, `overlay` networks may appear to be functional, passing traffic as expected, but without any of the expected confidentiality or data integrity guarantees. It is possible for an attacker sitting in a trusted position on the network to read all of the application traffic that is moving across the overlay network, resulting in unexpected secrets or user data disclosure. Thus, because many database protocols, internal APIs, etc. are not protected by a second layer of encryption, a user may use Swarm encrypted overlay networks to provide confidentiality, which due to this vulnerability this is no longer guaranteed. Patches are available in Moby releases 23.0.3, and 20.10.24. As Mirantis Container Runtime's 20.10 releases are numbered differently, users of that platform should update to 20.10.16. Some workarounds are available. Close the VXLAN port (by default, UDP port 4789) to outgoing traffic at the Internet boundary in order to prevent unintentionally leaking unencrypted traffic over the Internet, and/or ensure that the `xt_u32` kernel module is available on all nodes of the Swarm cluster. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-28841 LAYER: meta-virtualization PACKAGE NAME: docker-moby PACKAGE VERSION: 25.0.3+gitf417435e5f6216828dec57958c490c4f8bae4f98 CVE: CVE-2023-28842 CVE STATUS: Patched CVE SUMMARY: Moby) is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby is commonly referred to as *Docker*. Swarm Mode, which is compiled in and delivered by default in `dockerd` and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of SwarmKit and supporting network code. The `overlay` network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of VXLAN, which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with the VXLAN metadata, including a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes. Encrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the IPsec Encapsulating Security Payload protocol in Transport mode. By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption. When setting an endpoint up on an encrypted overlay network, Moby installs three iptables (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the `u32` iptables extension provided by the `xt_u32` kernel module to directly filter on a VXLAN packet's VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN. The `overlay` driver dynamically and lazily defines the kernel configuration for the VXLAN network on each node as containers are attached and detached. Routes and encryption parameters are only defined for destination nodes that participate in the network. The iptables rules that prevent encrypted overlay networks from accepting unencrypted packets are not created until a peer is available with which to communicate. Encrypted overlay networks silently accept cleartext VXLAN datagrams that are tagged with the VNI of an encrypted overlay network. As a result, it is possible to inject arbitrary Ethernet frames into the encrypted overlay network by encapsulating them in VXLAN datagrams. The implications of this can be quite dire, and GHSA-vwm3-crmr-xfxw should be referenced for a deeper exploration. Patches are available in Moby releases 23.0.3, and 20.10.24. As Mirantis Container Runtime's 20.10 releases are numbered differently, users of that platform should update to 20.10.16. Some workarounds are available. In multi-node clusters, deploy a global ‘pause’ container for each encrypted overlay network, on every node. For a single-node cluster, do not use overlay networks of any sort. Bridge networks provide the same connectivity on a single node and have no multi-node features. The Swarm ingress feature is implemented using an overlay network, but can be disabled by publishing ports in `host` mode instead of `ingress` mode (allowing the use of an external load balancer), and removing the `ingress` network. If encrypted overlay networks are in exclusive use, block UDP port 4789 from traffic that has not been validated by IPSec. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-28842 LAYER: meta-virtualization PACKAGE NAME: docker-moby PACKAGE VERSION: 25.0.3+gitf417435e5f6216828dec57958c490c4f8bae4f98 CVE: CVE-2024-24557 CVE STATUS: Patched CVE SUMMARY: Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions (most important being HEALTHCHECK and ONBUILD) would not cause a cache miss. An attacker with the knowledge of the Dockerfile someone is using could poison their cache by making them pull a specially crafted image that would be considered as a valid cache candidate for some build steps. 23.0+ users are only affected if they explicitly opted out of Buildkit (DOCKER_BUILDKIT=0 environment variable) or are using the /build API endpoint. All users on versions older than 23.0 could be impacted. Image build API endpoint (/build) and ImageBuild function from github.com/docker/docker/client is also affected as it the uses classic builder by default. Patches are included in 24.0.9 and 25.0.2 releases. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.9 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-24557 LAYER: meta-virtualization PACKAGE NAME: docker-moby PACKAGE VERSION: 25.0.3+gitf417435e5f6216828dec57958c490c4f8bae4f98 CVE: CVE-2024-29018 CVE STATUS: Unpatched CVE SUMMARY: Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. Moby's networking implementation allows for many networks, each with their own IP address range and gateway, to be defined. This feature is frequently referred to as custom networks, as each network can have a different driver, set of parameters and thus behaviors. When creating a network, the `--internal` flag is used to designate a network as _internal_. The `internal` attribute in a docker-compose.yml file may also be used to mark a network _internal_, and other API clients may specify the `internal` parameter as well. When containers with networking are created, they are assigned unique network interfaces and IP addresses. The host serves as a router for non-internal networks, with a gateway IP that provides SNAT/DNAT to/from container IPs. Containers on an internal network may communicate between each other, but are precluded from communicating with any networks the host has access to (LAN or WAN) as no default route is configured, and firewall rules are set up to drop all outgoing traffic. Communication with the gateway IP address (and thus appropriately configured host services) is possible, and the host may communicate with any container IP directly. In addition to configuring the Linux kernel's various networking features to enable container networking, `dockerd` directly provides some services to container networks. Principal among these is serving as a resolver, enabling service discovery, and resolution of names from an upstream resolver. When a DNS request for a name that does not correspond to a container is received, the request is forwarded to the configured upstream resolver. This request is made from the container's network namespace: the level of access and routing of traffic is the same as if the request was made by the container itself. As a consequence of this design, containers solely attached to an internal network will be unable to resolve names using the upstream resolver, as the container itself is unable to communicate with that nameserver. Only the names of containers also attached to the internal network are able to be resolved. Many systems run a local forwarding DNS resolver. As the host and any containers have separate loopback devices, a consequence of the design described above is that containers are unable to resolve names from the host's configured resolver, as they cannot reach these addresses on the host loopback device. To bridge this gap, and to allow containers to properly resolve names even when a local forwarding resolver is used on a loopback address, `dockerd` detects this scenario and instead forward DNS requests from the host namework namespace. The loopback resolver then forwards the requests to its configured upstream resolvers, as expected. Because `dockerd` forwards DNS requests to the host loopback device, bypassing the container network namespace's normal routing semantics entirely, internal networks can unexpectedly forward DNS requests to an external nameserver. By registering a domain for which they control the authoritative nameservers, an attacker could arrange for a compromised container to exfiltrate data by encoding it in DNS queries that will eventually be answered by their nameservers. Docker Desktop is not affected, as Docker Desktop always runs an internal resolver on a RFC 1918 address. Moby releases 26.0.0, 25.0.4, and 23.0.11 are patched to prevent forwarding any DNS requests from internal networks. As a workaround, run containers intended to be solely attached to internal networks with a custom upstream address, which will force all upstream DNS queries to be resolved from the container's network namespace. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-29018 LAYER: meta PACKAGE NAME: expect PACKAGE VERSION: 5.45.4 CVE: CVE-2001-1374 CVE STATUS: Patched CVE SUMMARY: expect before 5.32 searches for its libraries in /var/tmp before other directories, which could allow local users to gain root privileges via a Trojan horse library that is accessed by mkpasswd. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2001-1374 LAYER: meta PACKAGE NAME: expect PACKAGE VERSION: 5.45.4 CVE: CVE-2001-1467 CVE STATUS: Patched CVE SUMMARY: mkpasswd in expect 5.2.8, as used by Red Hat Linux 6.2 through 7.0, seeds its random number generator with its process ID, which limits the space of possible seeds and makes it easier for attackers to conduct brute force password attacks. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2001-1467 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2004-0803 CVE STATUS: Patched CVE SUMMARY: Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0803 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2004-0804 CVE STATUS: Patched CVE SUMMARY: Vulnerability in tif_dirread.c for libtiff allows remote attackers to cause a denial of service (application crash) via a TIFF image that causes a divide-by-zero error when the number of row bytes is zero, a different vulnerability than CVE-2005-2452. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0804 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2004-0886 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0886 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2004-0929 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the OJPEGVSetField function in tif_ojpeg.c for libtiff 3.6.1 and earlier, when compiled with the OJPEG_SUPPORT (old JPEG support) option, allows remote attackers to execute arbitrary code via a malformed TIFF image. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0929 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2004-1183 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the tiffdump utility for libtiff 3.7.1 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF file. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-1183 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2004-1307 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-1307 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2004-1308 CVE STATUS: Patched CVE SUMMARY: Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for libtiff 3.5.7 and 3.7.0 allows remote attackers to execute arbitrary code via a TIFF file containing a TIFF_ASCII or TIFF_UNDEFINED directory entry with a -1 entry count, which leads to a heap-based buffer overflow. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-1308 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2005-1544 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in libTIFF before 3.7.2 allows remote attackers to execute arbitrary code via a TIFF file with a malformed BitsPerSample tag. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-1544 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2005-2452 CVE STATUS: Patched CVE SUMMARY: libtiff up to 3.7.0 allows remote attackers to cause a denial of service (application crash) via a TIFF image header with a zero "YCbCr subsampling" value, which causes a divide-by-zero error in (1) tif_strip.c and (2) tif_tile.c, a different vulnerability than CVE-2004-0804. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-2452 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2006-0405 CVE STATUS: Patched CVE SUMMARY: The TIFFFetchShortPair function in tif_dirread.c in libtiff 3.8.0 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers a NULL pointer dereference, possibly due to changes in type declarations and/or the TIFFVSetField function. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-0405 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2006-2024 CVE STATUS: Patched CVE SUMMARY: Multiple vulnerabilities in libtiff before 3.8.1 allow context-dependent attackers to cause a denial of service via a TIFF image that triggers errors in (1) the TIFFFetchAnyArray function in (a) tif_dirread.c; (2) certain "codec cleanup methods" in (b) tif_lzw.c, (c) tif_pixarlog.c, and (d) tif_zip.c; (3) and improper restoration of setfield and getfield methods in cleanup functions within (e) tif_jpeg.c, tif_pixarlog.c, (f) tif_fax3.c, and tif_zip.c. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-2024 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2006-2025 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the TIFFFetchData function in tif_dirread.c for libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted TIFF image. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-2025 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2006-2026 CVE STATUS: Patched CVE SUMMARY: Double free vulnerability in tif_jpeg.c in libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers errors related to "setfield/getfield methods in cleanup functions." CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-2026 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2006-2120 CVE STATUS: Patched CVE SUMMARY: The TIFFToRGB function in libtiff before 3.8.1 allows remote attackers to cause a denial of service (crash) via a crafted TIFF image with Yr/Yg/Yb values that exceed the YCR/YCG/YCB values, which triggers an out-of-bounds read. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-2120 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2006-2193 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the t2p_write_pdf_string function in tiff2pdf in libtiff 3.8.2 and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a TIFF file with a DocumentName tag that contains UTF-8 characters, which triggers the overflow when a character is sign extended to an integer that produces more digits than expected in an sprintf call. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-2193 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2006-2656 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and earlier might might allow attackers to execute arbitrary code via a long filename. NOTE: tiffsplit is not setuid. If there is not a common scenario under which tiffsplit is called with attacker-controlled command line arguments, then perhaps this issue should not be included in CVE. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-2656 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2006-3459 CVE STATUS: Patched CVE SUMMARY: Multiple stack-based buffer overflows in the TIFF library (libtiff) before 3.8.2, as used in Adobe Reader 9.3.0 and other products, allow context-dependent attackers to execute arbitrary code or cause a denial of service via unspecified vectors, including a large tdir_count value in the TIFFFetchShortPair function in tif_dirread.c. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-3459 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2006-3460 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the JPEG decoder in the TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an encoded JPEG stream that is longer than the scan line size (TiffScanLineSize). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-3460 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2006-3461 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the PixarLog decoder in the TIFF library (libtiff) before 3.8.2 might allow context-dependent attackers to execute arbitrary code via unknown vectors. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-3461 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2006-3462 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the NeXT RLE decoder in the TIFF library (libtiff) before 3.8.2 might allow context-dependent attackers to execute arbitrary code via unknown vectors involving decoding large RLE images. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-3462 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2006-3463 CVE STATUS: Patched CVE SUMMARY: The EstimateStripByteCounts function in TIFF library (libtiff) before 3.8.2 uses a 16-bit unsigned short when iterating over an unsigned 32-bit value, which allows context-dependent attackers to cause a denial of service via a large td_nstrips value, which triggers an infinite loop. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-3463 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2006-3464 CVE STATUS: Patched CVE SUMMARY: TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to pass numeric range checks and possibly execute code, and trigger assert errors, via large offset values in a TIFF directory that lead to an integer overflow and other unspecified vectors involving "unchecked arithmetic operations". CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-3464 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2006-3465 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the custom tag support for the TIFF library (libtiff) before 3.8.2 allows remote attackers to cause a denial of service (instability or crash) and execute arbitrary code via unknown vectors. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-3465 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2008-2327 CVE STATUS: Patched CVE SUMMARY: Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat, and (3) LZWDecodeVector functions in tif_lzw.c in the LZW decoder in LibTIFF 3.8.2 and earlier allow context-dependent attackers to execute arbitrary code via a crafted TIFF file, related to improper handling of the CODE_CLEAR code. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-2327 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2009-2285 CVE STATUS: Patched CVE SUMMARY: Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-2285 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2009-2347 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-2347 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2009-5022 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in tif_ojpeg.c in the OJPEG decoder in LibTIFF before 3.9.5 allows remote attackers to execute arbitrary code via a crafted TIFF file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-5022 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2010-2065 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the TIFFroundup macro in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF file that triggers a buffer overflow. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2065 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2010-2067 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the TIFFFetchSubjectDistance function in tif_dirread.c in LibTIFF before 3.9.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long EXIF SubjectDistance field in a TIFF file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2067 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2010-2233 CVE STATUS: Patched CVE SUMMARY: tif_getimage.c in LibTIFF 3.9.0 and 3.9.2 on 64-bit platforms, as used in ImageMagick, does not properly perform vertical flips, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF image, related to "downsampled OJPEG input." CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2233 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2010-2443 CVE STATUS: Patched CVE SUMMARY: The OJPEGReadBufferFill function in tif_ojpeg.c in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an OJPEG image with undefined strip offsets, related to the TIFFVGetField function. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2443 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2010-2481 CVE STATUS: Patched CVE SUMMARY: The TIFFExtractData macro in LibTIFF before 3.9.4 does not properly handle unknown tag types in TIFF directory entries, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2481 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2010-2482 CVE STATUS: Patched CVE SUMMARY: LibTIFF 3.9.4 and earlier does not properly handle an invalid td_stripbytecount field, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted TIFF file, a different vulnerability than CVE-2010-2443. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2482 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2010-2483 CVE STATUS: Patched CVE SUMMARY: The TIFFRGBAImageGet function in LibTIFF 3.9.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a TIFF file with an invalid combination of SamplesPerPixel and Photometric values. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2483 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2010-2595 CVE STATUS: Patched CVE SUMMARY: The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ImageMagick, does not properly handle invalid ReferenceBlackWhite values, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers an array index error, related to "downsampled OJPEG input." CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2595 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2010-2596 CVE STATUS: Patched CVE SUMMARY: The OJPEGPostDecode function in tif_ojpeg.c in LibTIFF 3.9.0 and 3.9.2, as used in tiff2ps, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF image, related to "downsampled OJPEG input." CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2596 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2010-2597 CVE STATUS: Patched CVE SUMMARY: The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 3.9.2 makes incorrect calls to the TIFFGetField function, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image, related to "downsampled OJPEG input" and possibly related to a compiler optimization that triggers a divide-by-zero error. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2597 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2010-2630 CVE STATUS: Patched CVE SUMMARY: The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly validate the data types of codec-specific tags that have an out-of-order position in a TIFF file, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2630 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2010-2631 CVE STATUS: Patched CVE SUMMARY: LibTIFF 3.9.0 ignores tags in certain situations during the first stage of TIFF file processing and does not properly handle this during the second stage, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2631 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2010-3087 CVE STATUS: Patched CVE SUMMARY: LibTIFF before 3.9.2-5.2.1 in SUSE openSUSE 11.3 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TIFF image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-3087 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2010-4665 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the ReadDirectory function in tiffdump.c in tiffdump in LibTIFF before 3.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF file containing a directory data structure with many directory entries. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-4665 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2011-1167 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1167 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2012-1173 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in tiff_getimage.c in LibTIFF 3.9.4 allow remote attackers to execute arbitrary code via a crafted tile size in a TIFF file, which is not properly handled by the (1) gtTileSeparate or (2) gtStripSeparate function, leading to a heap-based buffer overflow. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1173 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2012-2088 CVE STATUS: Patched CVE SUMMARY: Integer signedness error in the TIFFReadDirectory function in tif_dirread.c in libtiff 3.9.4 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a negative tile depth in a tiff image, which triggers an improper conversion between signed and unsigned types, leading to a heap-based buffer overflow. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2088 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2012-2113 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in tiff2pdf in libtiff before 4.0.2 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2113 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2012-3401 CVE STATUS: Patched CVE SUMMARY: The t2p_read_tiff_init function in tiff2pdf (tools/tiff2pdf.c) in LibTIFF 4.0.2 and earlier does not properly initialize the T2P context struct pointer in certain error conditions, which allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-3401 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2012-4447 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in tif_pixarlog.c in LibTIFF before 4.0.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF image using the PixarLog Compression format. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4447 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2012-4564 CVE STATUS: Patched CVE SUMMARY: ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4564 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2012-5581 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in tif_dir.c in LibTIFF before 4.0.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DOTRANGE tag in a TIFF image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-5581 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2013-1960 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the t2p_process_jpeg_strip function in tiff2pdf in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image file. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1960 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2013-1961 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the t2p_write_pdf_page function in tiff2pdf in libtiff before 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted image length and resolution in a TIFF image file. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1961 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2013-4231 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) extension block in a GIF image or (2) GIF raster image to tools/gif2tiff.c or (3) a long filename for a TIFF image to tools/rgb2ycbcr.c. NOTE: vectors 1 and 3 are disputed by Red Hat, which states that the input cannot exceed the allocated buffer size. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4231 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2013-4232 CVE STATUS: Patched CVE SUMMARY: Use-after-free vulnerability in the t2p_readwrite_pdf_image function in tools/tiff2pdf.c in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted TIFF image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4232 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2013-4243 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the readgifimage function in the gif2tiff tool in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted height and width values in a GIF image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4243 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2013-4244 CVE STATUS: Patched CVE SUMMARY: The LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted GIF image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4244 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2014-8127 CVE STATUS: Patched CVE SUMMARY: LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tif_getimage.c in the tiff2rgba tool, LZWPreDecode function in tif_lzw.c in the (4) tiff2ps or (5) tiffdither tool, (6) NeXTDecode function in tif_next.c in the tiffmedian tool, or (7) TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8127 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2014-8128 CVE STATUS: Patched CVE SUMMARY: LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before 10.10.4 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8128 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2014-8129 CVE STATUS: Patched CVE SUMMARY: LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in tiff2pdf.c. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8129 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2014-8130 CVE STATUS: Patched CVE SUMMARY: The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8130 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2014-9330 CVE STATUS: Patched CVE SUMMARY: Integer overflow in tif_packbits.c in bmp2tif in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) via crafted BMP image, related to dimensions, which triggers an out-of-bounds read. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9330 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2014-9655 CVE STATUS: Patched CVE SUMMARY: The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff-cvs-1.tif and libtiff-cvs-2.tif. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9655 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2015-1547 CVE STATUS: Patched CVE SUMMARY: The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff5.tif. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1547 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2015-7313 CVE STATUS: Patched CVE DETAIL: fixed-version CVE DESCRIPTION: Tested with check from https://security-tracker.debian.org/tracker/CVE-2015-7313 and already 4.3.0 doesn't have the issue CVE SUMMARY: LibTIFF allows remote attackers to cause a denial of service (memory consumption and crash) via a crafted tiff file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7313 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2015-7554 CVE STATUS: Patched CVE SUMMARY: The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via crafted field data in an extension tag in a TIFF image. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7554 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2015-8665 CVE STATUS: Patched CVE SUMMARY: tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via the SamplesPerPixel tag in a TIFF image. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8665 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2015-8668 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote attackers to execute arbitrary code or cause a denial of service via a large width field in a BMP image. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8668 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2015-8683 CVE STATUS: Patched CVE SUMMARY: The putcontig8bitCIELab function in tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a packed TIFF image. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8683 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2015-8781 CVE STATUS: Patched CVE SUMMARY: tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds write) via an invalid number of samples per pixel in a LogL compressed TIFF image, a different vulnerability than CVE-2015-8782. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8781 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2015-8782 CVE STATUS: Patched CVE SUMMARY: tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds writes) via a crafted TIFF image, a different vulnerability than CVE-2015-8781. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8782 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2015-8783 CVE STATUS: Patched CVE SUMMARY: tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds reads) via a crafted TIFF image. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8783 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2015-8784 CVE STATUS: Patched CVE SUMMARY: The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image, as demonstrated by libtiff5.tif. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8784 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2015-8870 CVE STATUS: Patched CVE SUMMARY: Integer overflow in tools/bmp2tiff.c in LibTIFF before 4.0.4 allows remote attackers to cause a denial of service (heap-based buffer over-read), or possibly obtain sensitive information from process memory, via crafted width and length values in RLE4 or RLE8 data in a BMP file. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 7.4 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8870 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-10092 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the readContigStripsIntoBuffer function in tif_unix.c in LibTIFF 4.0.7, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5 and 4.0.6 allows remote attackers to have unspecified impact via a crafted image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10092 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-10093 CVE STATUS: Patched CVE SUMMARY: Integer overflow in tools/tiffcp.c in LibTIFF 4.0.7, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5 and 4.0.6 allows remote attackers to have unspecified impact via a crafted image, which triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10093 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-10094 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the t2p_readwrite_pdf_image_tile function in tools/tiff2pdf.c in LibTIFF 4.0.7 allows remote attackers to have unspecified impact via a crafted image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10094 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-10095 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the _TIFFVGetField function in tif_dir.c in LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7 and 4.0.8 allows remote attackers to cause a denial of service (crash) via a crafted TIFF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10095 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-10266 CVE STATUS: Patched CVE SUMMARY: LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_read.c:351:22. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10266 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-10267 CVE STATUS: Patched CVE SUMMARY: LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_ojpeg.c:816:8. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10267 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-10268 CVE STATUS: Patched CVE SUMMARY: tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 78490" and libtiff/tif_unix.c:115:23. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10268 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-10269 CVE STATUS: Patched CVE SUMMARY: LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6 and 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 512" and libtiff/tif_unix.c:340:2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10269 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-10270 CVE STATUS: Patched CVE SUMMARY: LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 8" and libtiff/tif_read.c:523:22. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10270 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-10271 CVE STATUS: Patched CVE SUMMARY: tools/tiffcrop.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read and buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 1" and libtiff/tif_fax3.c:413:13. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10271 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-10272 CVE STATUS: Patched CVE SUMMARY: LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to "WRITE of size 2048" and libtiff/tif_next.c:64:9. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10272 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-10371 CVE STATUS: Patched CVE SUMMARY: The TIFFWriteDirectoryTagCheckedRational function in tif_dirwrite.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10371 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-3186 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted GIF file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 6.2 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3186 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-3619 CVE STATUS: Patched CVE SUMMARY: The DumpModeEncode function in tif_dumpmode.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c none" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3619 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-3620 CVE STATUS: Patched CVE SUMMARY: The ZIPEncode function in tif_zip.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c zip" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3620 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-3621 CVE STATUS: Patched CVE SUMMARY: The LZWEncode function in tif_lzw.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c lzw" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3621 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-3622 CVE STATUS: Patched CVE SUMMARY: The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted TIFF image. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3622 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-3623 CVE STATUS: Patched CVE SUMMARY: The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero) by setting the (1) v or (2) h parameter to 0. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3623 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-3624 CVE STATUS: Patched CVE SUMMARY: The cvtClump function in the rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) by setting the "-v" option to -1. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3624 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-3625 CVE STATUS: Patched CVE SUMMARY: tif_read.c in the tiff2bw tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3625 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-3631 CVE STATUS: Patched CVE SUMMARY: The (1) cpStrips and (2) cpTiles functions in the thumbnail tool in LibTIFF 4.0.6 and earlier allow remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the bytecounts[] array variable. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3631 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-3632 CVE STATUS: Patched CVE SUMMARY: The _TIFFVGetField function in tif_dirinfo.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3632 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-3633 CVE STATUS: Patched CVE SUMMARY: The setrow function in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the src variable. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3633 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-3634 CVE STATUS: Patched CVE SUMMARY: The tagCompare function in tif_dirinfo.c in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to field_tag matching. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3634 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-3658 CVE STATUS: Patched CVE SUMMARY: The TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving the ma variable. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3658 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-3945 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile functions in the tiff2rgba tool in LibTIFF 4.0.6 and earlier, when -b mode is enabled, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image, which triggers an out-of-bounds write. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3945 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-3990 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the horizontalDifference8 function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image to tiffcp. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3990 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-3991 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the loadImage function in the tiffcrop tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image with zero tiles. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3991 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-5102 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the readgifimage function in gif2tiff.c in the gif2tiff tool in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (segmentation fault) via a crafted gif file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5102 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-5314 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5314 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-5315 CVE STATUS: Patched CVE SUMMARY: The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5315 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-5316 CVE STATUS: Patched CVE SUMMARY: Out-of-bounds read in the PixarLogCleanup function in tif_pixarlog.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application by sending a crafted TIFF image to the rgb2ycbcr tool. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5316 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-5317 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the PixarLogDecode function in libtiff.so in the PixarLogDecode function in libtiff 4.0.6 and earlier, as used in GNOME nautilus, allows attackers to cause a denial of service attack (crash) via a crafted TIFF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5317 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-5318 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the _TIFFVGetField function in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted tiff. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5318 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-5319 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in tif_packbits.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted bmp file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5319 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-5321 CVE STATUS: Patched CVE SUMMARY: The DumpModeDecode function in libtiff 4.0.6 and earlier allows attackers to cause a denial of service (invalid read and crash) via a crafted tiff image. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5321 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-5322 CVE STATUS: Patched CVE SUMMARY: The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5322 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-5323 CVE STATUS: Patched CVE SUMMARY: The _TIFFFax3fillruns function in libtiff before 4.0.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted Tiff image. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5323 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-5652 CVE STATUS: Patched CVE SUMMARY: An exploitable heap-based buffer overflow exists in the handling of TIFF images in LibTIFF's TIFF2PDF tool. A crafted TIFF document can lead to a heap-based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved TIFF file delivered by other means. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5652 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-6223 CVE STATUS: Patched CVE SUMMARY: The TIFFReadRawStrip1 and TIFFReadRawTile1 functions in tif_read.c in libtiff before 4.0.7 allows remote attackers to cause a denial of service (crash) or possibly obtain sensitive information via a negative index in a file-content buffer. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6223 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-8331 CVE STATUS: Patched CVE SUMMARY: An exploitable remote code execution vulnerability exists in the handling of TIFF images in LibTIFF version 4.0.6. A crafted TIFF document can lead to a type confusion vulnerability resulting in remote code execution. This vulnerability can be triggered via a TIFF file delivered to the application using LibTIFF's tag extension functionality. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-8331 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-9273 CVE STATUS: Patched CVE SUMMARY: tiffsplit in libtiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file, related to changing td_nstrips in TIFF_STRIPCHOP mode. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9273 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-9297 CVE STATUS: Patched CVE SUMMARY: The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII tag values. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9297 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-9448 CVE STATUS: Patched CVE SUMMARY: The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by setting the tags TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII to values that access 0-byte arrays. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9297. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9448 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-9453 CVE STATUS: Patched CVE SUMMARY: The t2p_readwrite_pdf_image_tile function in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a JPEG file with a TIFFTAG_JPEGTABLES of length one. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9453 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-9532 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the writeBufferToSeparateStrips function in tiffcrop.c in LibTIFF before 4.0.7 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tif file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9532 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-9533 CVE STATUS: Patched CVE SUMMARY: tif_pixarlog.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers. Reported as MSVR 35094, aka "PixarLog horizontalDifference heap-buffer-overflow." CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9533 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-9534 CVE STATUS: Patched CVE SUMMARY: tif_write.c in libtiff 4.0.6 has an issue in the error code path of TIFFFlushData1() that didn't reset the tif_rawcc and tif_rawcp members. Reported as MSVR 35095, aka "TIFFFlushData1 heap-buffer-overflow." CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9534 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-9535 CVE STATUS: Patched CVE SUMMARY: tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow." CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9535 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-9536 CVE STATUS: Patched CVE SUMMARY: tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers in t2p_process_jpeg_strip(). Reported as MSVR 35098, aka "t2p_process_jpeg_strip heap-buffer-overflow." CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9536 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-9537 CVE STATUS: Patched CVE SUMMARY: tools/tiffcrop.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in buffers. Reported as MSVR 35093, MSVR 35096, and MSVR 35097. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9537 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-9538 CVE STATUS: Patched CVE SUMMARY: tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readContigStripsIntoBuffer() because of a uint16 integer overflow. Reported as MSVR 35100. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9538 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-9539 CVE STATUS: Patched CVE SUMMARY: tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in readContigTilesIntoBuffer(). Reported as MSVR 35092. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9539 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-9540 CVE STATUS: Patched CVE SUMMARY: tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled images with odd tile width versus image width. Reported as MSVR 35103, aka "cpStripToTile heap-buffer-overflow." CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9540 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2017-10688 CVE STATUS: Patched CVE SUMMARY: In LibTIFF 4.0.8, there is a assertion abort in the TIFFWriteDirectoryTagCheckedLong8Array function in tif_dirwrite.c. A crafted input will lead to a remote denial of service attack. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-10688 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2017-11335 CVE STATUS: Patched CVE SUMMARY: There is a heap based buffer overflow in tools/tiff2pdf.c of LibTIFF 4.0.8 via a PlanarConfig=Contig image, which causes a more than one hundred bytes out-of-bounds write (related to the ZIPDecode function in tif_zip.c). A crafted input may lead to a remote denial of service attack or an arbitrary code execution attack. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11335 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2017-11613 CVE STATUS: Patched CVE SUMMARY: In LibTIFF 4.0.8, there is a denial of service vulnerability in the TIFFOpen function. A crafted input will lead to a denial of service attack. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In the ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is called based on td_imagelength. If we set the value of td_imagelength close to the amount of system memory, it will hang the system or trigger the OOM killer. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11613 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2017-12944 CVE STATUS: Patched CVE SUMMARY: The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mishandles memory allocation for short files, which allows remote attackers to cause a denial of service (allocation failure and application crash) in the TIFFFetchStripThing function in tif_dirread.c during a tiff2pdf invocation. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12944 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2017-13726 CVE STATUS: Patched CVE SUMMARY: There is a reachable assertion abort in the function TIFFWriteDirectorySec() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13726 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2017-13727 CVE STATUS: Patched CVE SUMMARY: There is a reachable assertion abort in the function TIFFWriteDirectoryTagSubifd() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13727 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2017-16232 CVE STATUS: Patched CVE SUMMARY: LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-16232 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2017-17095 CVE STATUS: Patched CVE SUMMARY: tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17095 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2017-17942 CVE STATUS: Patched CVE SUMMARY: In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function PackBitsEncode in tif_packbits.c. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17942 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2017-17973 CVE STATUS: Patched CVE SUMMARY: In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-party report of inability to reproduce this issue CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17973 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2017-18013 CVE STATUS: Patched CVE SUMMARY: In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-18013 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2017-5225 CVE STATUS: Patched CVE SUMMARY: LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code execution via a crafted BitsPerSample value. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5225 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2017-5563 CVE STATUS: Patched CVE SUMMARY: LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in DoS or code execution via a crafted bmp image to tools/bmp2tiff. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5563 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2017-7592 CVE STATUS: Patched CVE SUMMARY: The putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7592 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2017-7593 CVE STATUS: Patched CVE SUMMARY: tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7593 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2017-7594 CVE STATUS: Patched CVE SUMMARY: The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (memory leak) via a crafted image. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7594 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2017-7595 CVE STATUS: Patched CVE SUMMARY: The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7595 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2017-7596 CVE STATUS: Patched CVE SUMMARY: LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7596 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2017-7597 CVE STATUS: Patched CVE SUMMARY: tif_dirread.c in LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7597 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2017-7598 CVE STATUS: Patched CVE SUMMARY: tif_dirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7598 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2017-7599 CVE STATUS: Patched CVE SUMMARY: LibTIFF 4.0.7 has an "outside the range of representable values of type short" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7599 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2017-7600 CVE STATUS: Patched CVE SUMMARY: LibTIFF 4.0.7 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7600 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2017-7601 CVE STATUS: Patched CVE SUMMARY: LibTIFF 4.0.7 has a "shift exponent too large for 64-bit type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7601 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2017-7602 CVE STATUS: Patched CVE SUMMARY: LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7602 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2017-9117 CVE STATUS: Patched CVE SUMMARY: In LibTIFF 4.0.6 and possibly other versions, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, as demonstrated by a heap-based buffer over-read in bmp2tiff. NOTE: mentioning bmp2tiff does not imply that the activation point is in the bmp2tiff.c file (which was removed before the 4.0.7 release). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9117 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2017-9147 CVE STATUS: Patched CVE SUMMARY: LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField function in tif_dir.c, which might allow remote attackers to cause a denial of service (crash) via a crafted TIFF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9147 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2017-9403 CVE STATUS: Patched CVE SUMMARY: In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEntryLong8Array in tif_dirread.c, which allows attackers to cause a denial of service via a crafted file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9403 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2017-9404 CVE STATUS: Patched CVE SUMMARY: In LibTIFF 4.0.7, a memory leak vulnerability was found in the function OJPEGReadHeaderInfoSecTablesQTable in tif_ojpeg.c, which allows attackers to cause a denial of service via a crafted file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9404 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2017-9815 CVE STATUS: Patched CVE SUMMARY: In LibTIFF 4.0.7, the TIFFReadDirEntryLong8Array function in libtiff/tif_dirread.c mishandles a malloc operation, which allows attackers to cause a denial of service (memory leak within the function _TIFFmalloc in tif_unix.c) via a crafted file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9815 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2017-9935 CVE STATUS: Patched CVE SUMMARY: In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in t2p_free. Given these possibilities, it probably could cause arbitrary code execution. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9935 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2017-9936 CVE STATUS: Patched CVE SUMMARY: In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF document can lead to a memory leak resulting in a remote denial of service attack. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9936 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2017-9937 CVE STATUS: Patched CVE SUMMARY: In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted TIFF document can lead to an abort resulting in a remote denial of service attack. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9937 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2018-10126 CVE STATUS: Patched CVE SUMMARY: ijg-libjpeg before 9d, as used in tiff2pdf (from LibTIFF) and other products, does not check for a NULL pointer at a certain place in jpeg_fdct_16x16 in jfdctint.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-10126 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2018-10779 CVE STATUS: Patched CVE SUMMARY: TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-10779 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2018-10801 CVE STATUS: Patched CVE SUMMARY: TIFFClientOpen in tif_unix.c in LibTIFF 3.8.2 has memory leaks, as demonstrated by bmp2tiff. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-10801 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2018-10963 CVE STATUS: Patched CVE SUMMARY: The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-10963 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2018-12900 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-12900 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2018-15209 CVE STATUS: Patched CVE SUMMARY: ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-15209 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2018-16335 CVE STATUS: Patched CVE SUMMARY: newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. This is a different vulnerability than CVE-2018-15209. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16335 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2018-17000 CVE STATUS: Patched CVE SUMMARY: A NULL pointer dereference in the function _TIFFmemcmp at tif_unix.c (called from TIFFWriteDirectoryTagTransferfunction) in LibTIFF 4.0.9 allows an attacker to cause a denial-of-service through a crafted tiff file. This vulnerability can be triggered by the executable tiffcp. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-17000 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2018-17100 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-17100 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2018-17101 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-17101 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2018-17795 CVE STATUS: Patched CVE SUMMARY: The function t2p_write_pdf in tiff2pdf.c in LibTIFF 4.0.9 and earlier allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-17795 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2018-18557 CVE STATUS: Patched CVE SUMMARY: LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18557 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2018-18661 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18661 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2018-19210 CVE STATUS: Patched CVE SUMMARY: In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by tiffset. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19210 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2018-5360 CVE STATUS: Patched CVE SUMMARY: LibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstrated by a heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c in GraphicsMagick 1.3.27. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-5360 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2018-5784 CVE STATUS: Patched CVE SUMMARY: In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file. This occurs because the declared number of directory entries is not validated against the actual number of directory entries. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-5784 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2018-7456 CVE STATUS: Patched CVE SUMMARY: A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch.) CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7456 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2018-8905 CVE STATUS: Patched CVE SUMMARY: In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-8905 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2019-14973 CVE STATUS: Patched CVE SUMMARY: _TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards. This can, for example, lead to an application crash. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-14973 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2019-17546 CVE STATUS: Patched CVE SUMMARY: tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-17546 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2019-6128 CVE STATUS: Patched CVE SUMMARY: The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-6128 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2019-7663 CVE STATUS: Patched CVE SUMMARY: An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted tiff file. This is different from CVE-2018-12900. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-7663 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2020-18768 CVE STATUS: Patched CVE SUMMARY: There exists one heap buffer overflow in _TIFFmemcpy in tif_unix.c in libtiff 4.0.10, which allows an attacker to cause a denial-of-service through a crafted tiff file. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-18768 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2020-19131 CVE STATUS: Patched CVE SUMMARY: Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "invertImage()" function in the component "tiffcrop". CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-19131 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2020-19143 CVE STATUS: Patched CVE SUMMARY: Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "TIFFVGetField" funtion in the component 'libtiff/tif_dir.c'. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-19143 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2020-19144 CVE STATUS: Patched CVE SUMMARY: Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the 'in _TIFFmemcpy' funtion in the component 'tif_unix.c'. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-19144 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2020-35521 CVE STATUS: Patched CVE SUMMARY: A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-35521 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2020-35522 CVE STATUS: Patched CVE SUMMARY: In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-35522 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2020-35523 CVE STATUS: Patched CVE SUMMARY: An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-35523 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2020-35524 CVE STATUS: Patched CVE SUMMARY: A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-35524 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-0561 CVE STATUS: Patched CVE SUMMARY: Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0561 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-0562 CVE STATUS: Patched CVE SUMMARY: Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0562 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-0865 CVE STATUS: Patched CVE SUMMARY: Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0865 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-0891 CVE STATUS: Patched CVE SUMMARY: A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 6.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0891 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-0907 CVE STATUS: Patched CVE SUMMARY: Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0907 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-0908 CVE STATUS: Patched CVE SUMMARY: Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 7.7 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0908 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-0909 CVE STATUS: Patched CVE SUMMARY: Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0909 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-0924 CVE STATUS: Patched CVE SUMMARY: Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0924 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-1056 CVE STATUS: Patched CVE SUMMARY: Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 46dc8fcd. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1056 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-1210 CVE STATUS: Patched CVE SUMMARY: A vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interaction. The exploit has been disclosed to the public and may be used. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 4.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1210 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-1354 CVE STATUS: Patched CVE SUMMARY: A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffinfo tool, triggering a heap buffer overflow issue and causing a crash that leads to a denial of service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1354 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-1355 CVE STATUS: Patched CVE SUMMARY: A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, possibly corrupting the memory, and causing a crash that leads to a denial of service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.1 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1355 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-1622 CVE STATUS: Patched CVE SUMMARY: LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1622 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-1623 CVE STATUS: Patched CVE SUMMARY: LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:624, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1623 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-2056 CVE STATUS: Patched CVE SUMMARY: Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2056 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-2057 CVE STATUS: Patched CVE SUMMARY: Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2057 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-2058 CVE STATUS: Patched CVE SUMMARY: Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2058 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-22844 CVE STATUS: Patched CVE SUMMARY: LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-22844 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-2519 CVE STATUS: Patched CVE SUMMARY: There is a double free or corruption in rotateImage() at tiffcrop.c:8839 found in libtiff 4.4.0rc1 CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2519 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-2520 CVE STATUS: Patched CVE SUMMARY: A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage() at tiffcrop.c:8621 that can cause program crash when reading a crafted input. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2520 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-2521 CVE STATUS: Patched CVE SUMMARY: It was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in TIFFClose() at tif_close.c:131 called by tiffcrop.c:2522 that can cause a program crash and denial of service while processing crafted input. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2521 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-2867 CVE STATUS: Patched CVE SUMMARY: libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it with certain parameters) could cause a crash or in some cases, further exploitation. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2867 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-2868 CVE STATUS: Patched CVE SUMMARY: libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2868 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-2869 CVE STATUS: Patched CVE SUMMARY: libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker who supplies a crafted file to tiffcrop could trigger this flaw, most likely by tricking a user into opening the crafted file with tiffcrop. Triggering this flaw could cause a crash or potentially further exploitation. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2869 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-2953 CVE STATUS: Patched CVE SUMMARY: LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 48d6ece8. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2953 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-34266 CVE STATUS: Patched CVE SUMMARY: The libtiff-4.0.3-35.amzn2.0.1 package for LibTIFF on Amazon Linux 2 allows attackers to cause a denial of service (application crash), a different vulnerability than CVE-2022-0562. When processing a malicious TIFF file, an invalid range may be passed as an argument to the memset() function within TIFFFetchStripThing() in tif_dirread.c. This will cause TIFFFetchStripThing() to segfault after use of an uninitialized resource. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-34266 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-34526 CVE STATUS: Patched CVE SUMMARY: A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted TIFF file parsed by the "tiffsplit" or "tiffcrop" utilities. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-34526 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-3570 CVE STATUS: Patched CVE SUMMARY: Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.7 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3570 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-3597 CVE STATUS: Patched CVE SUMMARY: LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6826, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3597 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-3598 CVE STATUS: Patched CVE SUMMARY: LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit cfbb883b. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3598 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-3599 CVE STATUS: Patched CVE SUMMARY: LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3599 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-3626 CVE STATUS: Patched CVE SUMMARY: LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c:340 when called from processCropSelections, tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3626 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-3627 CVE STATUS: Patched CVE SUMMARY: LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3627 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-3970 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 227500897dfb07fb7d27f7aa570050e62617e3be. It is recommended to apply a patch to fix this issue. The identifier VDB-213549 was assigned to this vulnerability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3970 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-40090 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in function TIFFReadDirectory libtiff before 4.4.0 allows attackers to cause a denial of service via crafted TIFF file. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-40090 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-4645 CVE STATUS: Patched CVE SUMMARY: LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-4645 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-48281 CVE STATUS: Patched CVE SUMMARY: processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted TIFF image. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-48281 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2023-0795 CVE STATUS: Patched CVE SUMMARY: LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0795 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2023-0796 CVE STATUS: Patched CVE SUMMARY: LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0796 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2023-0797 CVE STATUS: Patched CVE SUMMARY: LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0797 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2023-0798 CVE STATUS: Patched CVE SUMMARY: LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0798 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2023-0799 CVE STATUS: Patched CVE SUMMARY: LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0799 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2023-0800 CVE STATUS: Patched CVE SUMMARY: LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0800 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2023-0801 CVE STATUS: Patched CVE SUMMARY: LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0801 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2023-0802 CVE STATUS: Patched CVE SUMMARY: LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0802 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2023-0803 CVE STATUS: Patched CVE SUMMARY: LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0803 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2023-0804 CVE STATUS: Patched CVE SUMMARY: LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0804 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2023-1916 CVE STATUS: Patched CVE SUMMARY: A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure. This issue affects libtiff versions 4.x. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.1 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-1916 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2023-25433 CVE STATUS: Patched CVE SUMMARY: libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Incorrect updating of buffer size after rotateImage() in tiffcrop cause heap-buffer-overflow and SEGV. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-25433 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2023-25434 CVE STATUS: Patched CVE SUMMARY: libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesBytes() at /libtiff/tools/tiffcrop.c:3215. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-25434 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2023-25435 CVE STATUS: Patched CVE SUMMARY: libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesShifted8bits() at /libtiff/tools/tiffcrop.c:3753. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-25435 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2023-26965 CVE STATUS: Patched CVE SUMMARY: loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-26965 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2023-26966 CVE STATUS: Patched CVE SUMMARY: libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-26966 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2023-2731 CVE STATUS: Patched CVE SUMMARY: A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-2731 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2023-2908 CVE STATUS: Patched CVE SUMMARY: A null pointer dereference issue was found in Libtiff's tif_dir.c file. This issue may allow an attacker to pass a crafted TIFF image file to the tiffcp utility which triggers a runtime error that causes undefined behavior. This will result in an application crash, eventually leading to a denial of service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-2908 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2023-30086 CVE STATUS: Patched CVE SUMMARY: Buffer Overflow vulnerability found in Libtiff V.4.0.7 allows a local attacker to cause a denial of service via the tiffcp function in tiffcp.c. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-30086 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2023-30774 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-30774 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2023-30775 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow in extractContigSamples32bits, tiffcrop.c. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-30775 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2023-3164 CVE STATUS: Ignored CVE DETAIL: cpe-incorrect CVE DESCRIPTION: Issue only affects the tiffcrop tool not compiled by default since 4.6.0 CVE SUMMARY: A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw allows attackers to cause a denial of service via a crafted tiff file. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-3164 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2023-3316 CVE STATUS: Patched CVE SUMMARY: A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-3316 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2023-3576 CVE STATUS: Patched CVE SUMMARY: A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-3576 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2023-3618 CVE STATUS: Patched CVE SUMMARY: A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-3618 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2023-40745 CVE STATUS: Patched CVE SUMMARY: LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-40745 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2023-41175 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-41175 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2023-52355 CVE STATUS: Patched CVE SUMMARY: An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-52355 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2023-52356 CVE STATUS: Patched CVE SUMMARY: A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-52356 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2023-6228 CVE STATUS: Patched CVE SUMMARY: An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 3.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-6228 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2023-6277 CVE STATUS: Patched CVE SUMMARY: An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-6277 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2024-7006 CVE STATUS: Patched CVE SUMMARY: A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an application crash, eventually leading to a denial of service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-7006 LAYER: meta PACKAGE NAME: libpcre PACKAGE VERSION: 8.45 CVE: CVE-2005-2491 CVE STATUS: Patched CVE SUMMARY: Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-2491 LAYER: meta PACKAGE NAME: libpcre PACKAGE VERSION: 8.45 CVE: CVE-2005-4872 CVE STATUS: Patched CVE SUMMARY: Perl-Compatible Regular Expression (PCRE) library before 6.2 does not properly count the number of named capturing subpatterns, which allows context-dependent attackers to cause a denial of service (crash) via a regular expression with a large number of named subpatterns, which triggers a buffer overflow. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-4872 LAYER: meta PACKAGE NAME: libpcre PACKAGE VERSION: 8.45 CVE: CVE-2006-7225 CVE STATUS: Patched CVE SUMMARY: Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to cause a denial of service (error or crash) via a regular expression that involves a "malformed POSIX character class", as demonstrated via an invalid character after a [[ sequence. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-7225 LAYER: meta PACKAGE NAME: libpcre PACKAGE VERSION: 8.45 CVE: CVE-2006-7227 CVE STATUS: Patched CVE SUMMARY: Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to execute arbitrary code via a regular expression containing a large number of named subpatterns (name_count) or long subpattern names (max_name_size), which triggers a buffer overflow. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-7227 LAYER: meta PACKAGE NAME: libpcre PACKAGE VERSION: 8.45 CVE: CVE-2006-7228 CVE STATUS: Patched CVE SUMMARY: Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 might allow context-dependent attackers to execute arbitrary code via a regular expression that involves large (1) min, (2) max, or (3) duplength values that cause an incorrect length calculation and trigger a buffer overflow, a different vulnerability than CVE-2006-7227. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-7228 LAYER: meta PACKAGE NAME: libpcre PACKAGE VERSION: 8.45 CVE: CVE-2006-7230 CVE STATUS: Patched CVE SUMMARY: Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate the amount of memory needed for a compiled regular expression pattern when the (1) -x or (2) -i UTF-8 options change within the pattern, which allows context-dependent attackers to cause a denial of service (PCRE or glibc crash) via crafted regular expressions. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-7230 LAYER: meta PACKAGE NAME: libpcre PACKAGE VERSION: 8.45 CVE: CVE-2007-1659 CVE STATUS: Patched CVE SUMMARY: Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via regex patterns containing unmatched "\Q\E" sequences with orphan "\E" codes. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-1659 LAYER: meta PACKAGE NAME: libpcre PACKAGE VERSION: 8.45 CVE: CVE-2007-1660 CVE STATUS: Patched CVE SUMMARY: Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate sizes for unspecified "multiple forms of character class", which triggers a buffer overflow that allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-1660 LAYER: meta PACKAGE NAME: libpcre PACKAGE VERSION: 8.45 CVE: CVE-2007-1662 CVE STATUS: Patched CVE SUMMARY: Perl-Compatible Regular Expression (PCRE) library before 7.3 reads past the end of the string when searching for unmatched brackets and parentheses, which allows context-dependent attackers to cause a denial of service (crash), possibly involving forward references. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-1662 LAYER: meta PACKAGE NAME: libpcre PACKAGE VERSION: 8.45 CVE: CVE-2007-4766 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in Perl-Compatible Regular Expression (PCRE) library before 7.3 allow context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via unspecified escape (backslash) sequences. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-4766 LAYER: meta PACKAGE NAME: libpcre PACKAGE VERSION: 8.45 CVE: CVE-2007-4767 CVE STATUS: Patched CVE SUMMARY: Perl-Compatible Regular Expression (PCRE) library before 7.3 does not properly compute the length of (1) a \p sequence, (2) a \P sequence, or (3) a \P{x} sequence, which allows context-dependent attackers to cause a denial of service (infinite loop or crash) or execute arbitrary code. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-4767 LAYER: meta PACKAGE NAME: libpcre PACKAGE VERSION: 8.45 CVE: CVE-2007-4768 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-4768 LAYER: meta PACKAGE NAME: libpcre PACKAGE VERSION: 8.45 CVE: CVE-2008-0674 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in PCRE before 7.6 allows remote attackers to execute arbitrary code via a regular expression containing a character class with a large number of characters with Unicode code points greater than 255. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-0674 LAYER: meta PACKAGE NAME: libpcre PACKAGE VERSION: 8.45 CVE: CVE-2008-2371 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a regular expression that begins with an option and contains multiple branches. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-2371 LAYER: meta PACKAGE NAME: libpcre PACKAGE VERSION: 8.45 CVE: CVE-2014-8964 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8964 LAYER: meta PACKAGE NAME: libpcre PACKAGE VERSION: 8.45 CVE: CVE-2014-9769 CVE STATUS: Patched CVE SUMMARY: pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 7.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9769 LAYER: meta PACKAGE NAME: libpcre PACKAGE VERSION: 8.45 CVE: CVE-2015-2325 CVE STATUS: Patched CVE SUMMARY: The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-2325 LAYER: meta PACKAGE NAME: libpcre PACKAGE VERSION: 8.45 CVE: CVE-2015-2326 CVE STATUS: Patched CVE SUMMARY: The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/". CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-2326 LAYER: meta PACKAGE NAME: libpcre PACKAGE VERSION: 8.45 CVE: CVE-2015-2328 CVE STATUS: Patched CVE SUMMARY: PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-2328 LAYER: meta PACKAGE NAME: libpcre PACKAGE VERSION: 8.45 CVE: CVE-2015-3210 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 allows remote attackers to execute arbitrary code via a crafted regular expression, as demonstrated by /^(?P=B)((?P=B)(?J:(?Pc)(?Pa(?P=B)))>WGXCREDITS)/, a different vulnerability than CVE-2015-8384. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3210 LAYER: meta PACKAGE NAME: libpcre PACKAGE VERSION: 8.45 CVE: CVE-2015-3217 CVE STATUS: Patched CVE SUMMARY: PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\.|([^\\\\W_])?)+)+$/. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3217 LAYER: meta PACKAGE NAME: libpcre PACKAGE VERSION: 8.45 CVE: CVE-2015-5073 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5073 LAYER: meta PACKAGE NAME: libpcre PACKAGE VERSION: 8.45 CVE: CVE-2015-8391 CVE STATUS: Patched CVE SUMMARY: The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. CVSS v2 BASE SCORE: 9.0 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8391 LAYER: meta PACKAGE NAME: libpcre PACKAGE VERSION: 8.45 CVE: CVE-2016-1283 CVE STATUS: Patched CVE SUMMARY: The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-1283 LAYER: meta PACKAGE NAME: libpcre PACKAGE VERSION: 8.45 CVE: CVE-2016-3191 CVE STATUS: Patched CVE SUMMARY: The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3191 LAYER: meta PACKAGE NAME: libpcre PACKAGE VERSION: 8.45 CVE: CVE-2017-11164 CVE STATUS: Patched CVE SUMMARY: In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11164 LAYER: meta PACKAGE NAME: libpcre PACKAGE VERSION: 8.45 CVE: CVE-2017-16231 CVE STATUS: Patched CVE SUMMARY: In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is used CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-16231 LAYER: meta PACKAGE NAME: libpcre PACKAGE VERSION: 8.45 CVE: CVE-2017-6004 CVE STATUS: Patched CVE SUMMARY: The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled version) allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted regular expression. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6004 LAYER: meta PACKAGE NAME: libpcre PACKAGE VERSION: 8.45 CVE: CVE-2017-7186 CVE STATUS: Patched CVE SUMMARY: libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7186 LAYER: meta PACKAGE NAME: libpcre PACKAGE VERSION: 8.45 CVE: CVE-2017-7244 CVE STATUS: Patched CVE SUMMARY: The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7244 LAYER: meta PACKAGE NAME: libpcre PACKAGE VERSION: 8.45 CVE: CVE-2017-7245 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7245 LAYER: meta PACKAGE NAME: libpcre PACKAGE VERSION: 8.45 CVE: CVE-2017-7246 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7246 LAYER: meta PACKAGE NAME: libpcre PACKAGE VERSION: 8.45 CVE: CVE-2019-20838 CVE STATUS: Patched CVE SUMMARY: libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-20838 LAYER: meta PACKAGE NAME: libpcre PACKAGE VERSION: 8.45 CVE: CVE-2020-14155 CVE STATUS: Patched CVE SUMMARY: libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-14155 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2006-3627 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the GSM BSSMAP dissector in Wireshark (aka Ethereal) 0.10.11 to 0.99.0 allows remote attackers to cause a denial of service (crash) via unspecified vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-3627 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2006-3628 CVE STATUS: Patched CVE SUMMARY: Multiple format string vulnerabilities in Wireshark (aka Ethereal) 0.10.x to 0.99.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) ANSI MAP, (2) Checkpoint FW-1, (3) MQ, (4) XML, and (5) NTP dissectors. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-3628 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2006-3630 CVE STATUS: Patched CVE SUMMARY: Multiple off-by-one errors in Wireshark (aka Ethereal) 0.9.7 to 0.99.0 have unknown impact and remote attack vectors via the (1) NCP NMAS and (2) NDPS dissectors. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-3630 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2006-3631 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the SSH dissector in Wireshark (aka Ethereal) 0.9.10 to 0.99.0 allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-3631 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2006-4330 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the SCSI dissector in Wireshark (formerly Ethereal) 0.99.2 allows remote attackers to cause a denial of service (crash) via unspecified vectors. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-4330 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2006-4331 CVE STATUS: Patched CVE SUMMARY: Multiple off-by-one errors in the IPSec ESP preference parser in Wireshark (formerly Ethereal) 0.99.2 allow remote attackers to cause a denial of service (crash) via unspecified vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-4331 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2006-4332 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the DHCP dissector in Wireshark (formerly Ethereal) 0.10.13 through 0.99.2, when run on Windows, allows remote attackers to cause a denial of service (crash) via unspecified vectors that trigger a bug in Glib. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-4332 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2006-4333 CVE STATUS: Patched CVE SUMMARY: The SSCOP dissector in Wireshark (formerly Ethereal) before 0.99.3 allows remote attackers to cause a denial of service (resource consumption) via malformed packets that cause the Q.2391 dissector to use excessive memory. CVSS v2 BASE SCORE: 5.4 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-4333 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2006-4574 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the MIME Multipart dissector in Wireshark (formerly Ethereal) 0.10.1 through 0.99.3 allows remote attackers to cause a denial of service (crash) via certain vectors that trigger an assertion error related to unexpected length values. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-4574 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2006-4805 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-xot.c in the XOT dissector (dissect_xot_pdu) in Wireshark (formerly Ethereal) 0.9.8 through 0.99.3 allows remote attackers to cause a denial of service (memory consumption and crash) via an encoded XOT packet that produces a zero length value when it is decoded. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-4805 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2006-5468 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the HTTP dissector in Wireshark (formerly Ethereal) 0.99.3 allows remote attackers to cause a denial of service (crash) via unspecified vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-5468 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2006-5469 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the WBXML dissector in Wireshark (formerly Ethereal) 0.10.11 through 0.99.3 allows remote attackers to cause a denial of service (crash) via certain vectors that trigger a null dereference. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-5469 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2006-5595 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the AirPcap support in Wireshark (formerly Ethereal) 0.99.3 has unspecified attack vectors related to WEP key parsing. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-5595 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2006-5740 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the LDAP dissector in Wireshark (formerly Ethereal) 0.99.3 allows remote attackers to cause a denial of service (crash) via a crafted LDAP packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-5740 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2007-0456 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the LLT dissector in Wireshark (formerly Ethereal) 0.99.3 and 0.99.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-0456 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2007-0457 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the IEEE 802.11 dissector in Wireshark (formerly Ethereal) 0.10.14 through 0.99.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-0457 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2007-0458 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the HTTP dissector in Wireshark (formerly Ethereal) 0.99.3 and 0.99.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors, a different issue than CVE-2006-5468. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-0458 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2007-0459 CVE STATUS: Patched CVE SUMMARY: packet-tcp.c in the TCP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.4 allows remote attackers to cause a denial of service (application crash or hang) via fragmented HTTP packets. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-0459 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2007-3389 CVE STATUS: Patched CVE SUMMARY: Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via a crafted chunked encoding in an HTTP response, possibly related to a zero-length payload. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-3389 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2007-3390 CVE STATUS: Patched CVE SUMMARY: Wireshark 0.99.5 and 0.10.x up to 0.10.14, when running on certain systems, allows remote attackers to cause a denial of service (crash) via crafted iSeries capture files that trigger a SIGTRAP. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-3390 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2007-3391 CVE STATUS: Patched CVE SUMMARY: Wireshark 0.99.5 allows remote attackers to cause a denial of service (memory consumption) via a malformed DCP ETSI packet that triggers an infinite loop. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-3391 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2007-3392 CVE STATUS: Patched CVE SUMMARY: Wireshark before 0.99.6 allows remote attackers to cause a denial of service via malformed (1) SSL or (2) MMS packets that trigger an infinite loop. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-3392 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2007-3393 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the DHCP/BOOTP dissector in Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via crafted DHCP-over-DOCSIS packets. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-3393 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2007-6111 CVE STATUS: Patched CVE SUMMARY: Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) allow remote attackers to cause a denial of service (crash) via (1) a crafted MP3 file or (2) unspecified vectors to the NCP dissector. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6111 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2007-6112 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the PPP dissector Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6112 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2007-6113 CVE STATUS: Patched CVE SUMMARY: Integer signedness error in the DNP3 dissector in Wireshark (formerly Ethereal) 0.10.12 to 0.99.6 allows remote attackers to cause a denial of service (long loop) via a malformed DNP3 packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6113 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2007-6114 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in Wireshark (formerly Ethereal) 0.99.0 through 0.99.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) the SSL dissector or (2) the iSeries (OS/400) Communication trace file parser. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6114 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2007-6115 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the ANSI MAP dissector for Wireshark (formerly Ethereal) 0.99.5 to 0.99.6, when running on unspecified platforms, allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown vectors. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6115 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2007-6116 CVE STATUS: Patched CVE SUMMARY: The Firebird/Interbase dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (infinite loop or crash) via unknown vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6116 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2007-6117 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the HTTP dissector for Wireshark (formerly Ethereal) 0.10.14 to 0.99.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted chunked messages. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6117 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2007-6118 CVE STATUS: Patched CVE SUMMARY: The MEGACO dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 allows remote attackers to cause a denial of service (long loop and resource consumption) via unknown vectors. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6118 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2007-6119 CVE STATUS: Patched CVE SUMMARY: The DCP ETSI dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (long loop and resource consumption) via unknown vectors. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6119 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2007-6120 CVE STATUS: Patched CVE SUMMARY: The Bluetooth SDP dissector Wireshark (formerly Ethereal) 0.99.2 to 0.99.6 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6120 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2007-6121 CVE STATUS: Patched CVE SUMMARY: Wireshark (formerly Ethereal) 0.8.16 to 0.99.6 allows remote attackers to cause a denial of service (crash) via a malformed RPC Portmap packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6121 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2007-6438 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the SMB dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service via unknown vectors. NOTE: this identifier originally included MP3 and NCP, but those issues are already covered by CVE-2007-6111. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6438 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2007-6439 CVE STATUS: Patched CVE SUMMARY: Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (infinite or large loop) via the (1) IPv6 or (2) USB dissector, which can trigger resource consumption or a crash. NOTE: this identifier originally included Firebird/Interbase, but it is already covered by CVE-2007-6116. The DCP ETSI issue is already covered by CVE-2007-6119. CVSS v2 BASE SCORE: 6.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6439 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2007-6441 CVE STATUS: Patched CVE SUMMARY: The WiMAX dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (crash) via unknown vectors related to "unaligned access on some platforms." CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6441 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2007-6450 CVE STATUS: Patched CVE SUMMARY: The RPL dissector in Wireshark (formerly Ethereal) 0.9.8 to 0.99.6 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6450 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2007-6451 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the CIP dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger allocation of large amounts of memory. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6451 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2008-1070 CVE STATUS: Patched CVE SUMMARY: The SCTP dissector in Wireshark (formerly Ethereal) 0.99.5 through 0.99.7 allows remote attackers to cause a denial of service (crash) via a malformed packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1070 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2008-1071 CVE STATUS: Patched CVE SUMMARY: The SNMP dissector in Wireshark (formerly Ethereal) 0.99.6 through 0.99.7 allows remote attackers to cause a denial of service (crash) via a malformed packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1071 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2008-1072 CVE STATUS: Patched CVE SUMMARY: The TFTP dissector in Wireshark (formerly Ethereal) 0.6.0 through 0.99.7, when running on Ubuntu 7.10, allows remote attackers to cause a denial of service (crash or memory consumption) via a malformed packet, possibly related to a Cairo library bug. CVSS v2 BASE SCORE: 4.7 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1072 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2008-1561 CVE STATUS: Patched CVE SUMMARY: Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) 0.99.5 through 0.99.8 allow remote attackers to cause a denial of service (application crash) via a malformed packet to the (1) X.509sat or (2) Roofnet dissectors. NOTE: Vector 2 might also lead to a hang. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1561 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2008-1562 CVE STATUS: Patched CVE SUMMARY: The LDAP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet, a different vulnerability than CVE-2006-5740. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1562 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2008-1563 CVE STATUS: Patched CVE SUMMARY: The "decode as" feature in packet-bssap.c in the SCCP dissector in Wireshark (formerly Ethereal) 0.99.6 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1563 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2008-3137 CVE STATUS: Patched CVE SUMMARY: The GSM SMS dissector in Wireshark (formerly Ethereal) 0.99.2 through 1.0.0 allows remote attackers to cause a denial of service (application crash) via unknown vectors. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3137 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2008-3138 CVE STATUS: Patched CVE SUMMARY: The (1) PANA and (2) KISMET dissectors in Wireshark (formerly Ethereal) 0.99.3 through 1.0.0 allow remote attackers to cause a denial of service (application stop) via unknown vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3138 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2008-3139 CVE STATUS: Patched CVE SUMMARY: The RTMPT dissector in Wireshark (formerly Ethereal) 0.99.8 through 1.0.0 allows remote attackers to cause a denial of service (crash) via unknown vectors. NOTE: this might be due to a use-after-free error. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3139 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2008-3140 CVE STATUS: Patched CVE SUMMARY: The syslog dissector in Wireshark (formerly Ethereal) 1.0.0 allows remote attackers to cause a denial of service (application crash) via unknown vectors, possibly related to an "incomplete SS7 MSU syslog encapsulated packet." CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3140 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2008-3141 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the RMI dissector in Wireshark (formerly Ethereal) 0.9.5 through 1.0.0 allows remote attackers to read system memory via unspecified vectors. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3141 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2008-3145 CVE STATUS: Patched CVE SUMMARY: The fragment_add_work function in epan/reassemble.c in Wireshark 0.8.19 through 1.0.1 allows remote attackers to cause a denial of service (crash) via a series of fragmented packets with non-sequential fragmentation offset values, which lead to a buffer over-read. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3145 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2008-3146 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in packet_ncp2222.inc in Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted NCP packet that causes an invalid pointer to be used. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3146 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2008-3932 CVE STATUS: Patched CVE SUMMARY: Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allows attackers to cause a denial of service (hang) via a crafted NCP packet that triggers an infinite loop. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3932 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2008-3933 CVE STATUS: Patched CVE SUMMARY: Wireshark (formerly Ethereal) 0.10.14 through 1.0.2 allows attackers to cause a denial of service (crash) via a packet with crafted zlib-compressed data that triggers an invalid read in the tvb_uncompress function. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3933 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2008-3934 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Wireshark (formerly Ethereal) 0.99.6 through 1.0.2 allows attackers to cause a denial of service (crash) via a crafted Tektronix .rf5 file. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3934 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2008-4680 CVE STATUS: Patched CVE SUMMARY: packet-usb.c in the USB dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a malformed USB Request Block (URB). CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-4680 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2008-4681 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the Bluetooth RFCOMM dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via unknown packets. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-4681 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2008-4682 CVE STATUS: Patched CVE SUMMARY: wtap.c in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application abort) via a malformed Tamos CommView capture file (aka .ncf file) with an "unknown/unexpected packet type" that triggers a failed assertion. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-4682 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2008-4683 CVE STATUS: Patched CVE SUMMARY: The dissect_btacl function in packet-bthci_acl.c in the Bluetooth ACL dissector in Wireshark 0.99.2 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a packet with an invalid length, related to an erroneous tvb_memcpy call. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-4683 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2008-4684 CVE STATUS: Patched CVE SUMMARY: packet-frame in Wireshark 0.99.2 through 1.0.3 does not properly handle exceptions thrown by post dissectors, which allows remote attackers to cause a denial of service (application crash) via a certain series of packets, as demonstrated by enabling the (1) PRP or (2) MATE post dissector. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-4684 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2008-4685 CVE STATUS: Patched CVE SUMMARY: Use-after-free vulnerability in the dissect_q931_cause_ie function in packet-q931.c in the Q.931 dissector in Wireshark 0.10.3 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via certain packets that trigger an exception. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-4685 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2008-5285 CVE STATUS: Patched CVE SUMMARY: Wireshark 1.0.4 and earlier allows remote attackers to cause a denial of service via a long SMTP request, which triggers an infinite loop. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-5285 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2008-6472 CVE STATUS: Patched CVE SUMMARY: The WLCCP dissector in Wireshark 0.99.7 through 1.0.4 allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-6472 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2009-0599 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in wiretap/netscreen.c in Wireshark 0.99.7 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed NetScreen snoop file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-0599 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2009-0600 CVE STATUS: Patched CVE SUMMARY: Wireshark 0.99.6 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted Tektronix K12 text capture file, as demonstrated by a file with exactly one frame. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-0600 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2009-0601 CVE STATUS: Patched CVE SUMMARY: Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local users to cause a denial of service (application crash) via format string specifiers in the HOME environment variable. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-0601 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2009-1210 CVE STATUS: Patched CVE SUMMARY: Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in Wireshark 1.0.6 and earlier allows remote attackers to execute arbitrary code via a PN-DCP packet with format string specifiers in the station name. NOTE: some of these details are obtained from third party information. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-1210 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2009-1266 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Wireshark before 1.0.7 has unknown impact and attack vectors. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-1266 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2009-1267 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the LDAP dissector in Wireshark 0.99.2 through 1.0.6, when running on Windows, allows remote attackers to cause a denial of service (crash) via unknown attack vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-1267 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2009-1268 CVE STATUS: Patched CVE SUMMARY: The Check Point High-Availability Protocol (CPHAP) dissector in Wireshark 0.9.6 through 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted FWHA_MY_STATE packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-1268 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2009-1269 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Wireshark 0.99.6 through 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted Tektronix .rf5 file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-1269 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2009-1829 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the PCNFSD dissector in Wireshark 0.8.20 through 1.0.7 allows remote attackers to cause a denial of service (crash) via crafted PCNFSD packets. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-1829 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2009-2559 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the IPMI dissector in Wireshark 1.2.0 allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an array index error. NOTE: some of these details are obtained from third party information. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-2559 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2009-2560 CVE STATUS: Patched CVE SUMMARY: Multiple unspecified vulnerabilities in Wireshark 1.2.0 allow remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace and is processed by the (1) Bluetooth L2CAP, (2) RADIUS, or (3) MIOP dissector. NOTE: it was later reported that the RADIUS issue also affects 0.10.13 through 1.0.9. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-2560 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2009-2561 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the sFlow dissector in Wireshark 1.2.0 allows remote attackers to cause a denial of service (CPU and memory consumption) via unspecified vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-2561 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2009-2562 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the AFS dissector in Wireshark 0.9.2 through 1.2.0 allows remote attackers to cause a denial of service (crash) via unknown vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-2562 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2009-2563 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the Infiniband dissector in Wireshark 1.0.6 through 1.2.0, when running on unspecified platforms, allows remote attackers to cause a denial of service (crash) via unknown vectors. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-2563 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2009-3241 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the OpcUa (OPC UA) dissector in Wireshark 0.99.6 through 1.0.8 and 1.2.0 through 1.2.1 allows remote attackers to cause a denial of service (memory and CPU consumption) via malformed OPCUA Service CallRequest packets. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-3241 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2009-3242 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in packet.c in the GSM A RR dissector in Wireshark 1.2.0 and 1.2.1 allows remote attackers to cause a denial of service (application crash) via unknown vectors related to "an uninitialized dissector handle," which triggers an assertion failure. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-3242 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2009-3243 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the TLS dissector in Wireshark 1.2.0 and 1.2.1, when running on Windows, allows remote attackers to cause a denial of service (application crash) via unknown vectors related to TLS 1.2 conversations. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-3243 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2009-3549 CVE STATUS: Patched CVE SUMMARY: packet-paltalk.c in the Paltalk dissector in Wireshark 1.2.0 through 1.2.2, on SPARC and certain other platforms, allows remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-3549 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2009-3550 CVE STATUS: Patched CVE SUMMARY: The DCERPC/NT dissector in Wireshark 0.10.10 through 1.0.9 and 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a file that records a malformed packet trace. NOTE: some of these details are obtained from third party information. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-3550 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2009-3551 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the dissect_negprot_response function in packet-smb.c in the SMB dissector in Wireshark 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace. NOTE: some of these details are obtained from third party information. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-3551 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2009-3829 CVE STATUS: Patched CVE SUMMARY: Integer overflow in wiretap/erf.c in Wireshark before 1.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted erf file, related to an "unsigned integer wrap vulnerability." CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-3829 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2009-4376 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the daintree_sna_read function in the Daintree SNA file parser in Wireshark 1.2.0 through 1.2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-4376 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2009-4377 CVE STATUS: Patched CVE SUMMARY: The (1) SMB and (2) SMB2 dissectors in Wireshark 0.9.0 through 1.2.4 allow remote attackers to cause a denial of service (crash) via a crafted packet that triggers a NULL pointer dereference, as demonstrated by fuzz-2009-12-07-11141.pcap. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-4377 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2009-4378 CVE STATUS: Patched CVE SUMMARY: The IPMI dissector in Wireshark 1.2.0 through 1.2.4 on Windows allows remote attackers to cause a denial of service (crash) via a crafted packet, related to "formatting a date/time using strftime." CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-4378 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2010-0304 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in the LWRES dissector in Wireshark 0.9.15 through 1.0.10 and 1.2.0 through 1.2.5 allow remote attackers to cause a denial of service (crash) via a malformed packet, as demonstrated using a stack-based buffer overflow to the dissect_getaddrsbyname_request function. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-0304 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2010-1455 CVE STATUS: Patched CVE SUMMARY: The DOCSIS dissector in Wireshark 0.9.6 through 1.0.12 and 1.2.0 through 1.2.7 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed packet trace file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-1455 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2010-2283 CVE STATUS: Patched CVE SUMMARY: The SMB dissector in Wireshark 0.99.6 through 1.0.13, and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (NULL pointer dereference) via unknown vectors. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2283 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2010-2284 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors. CVSS v2 BASE SCORE: 8.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2284 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2010-2285 CVE STATUS: Patched CVE SUMMARY: The SMB PIPE dissector in Wireshark 0.8.20 through 1.0.13 and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (NULL pointer dereference) via unknown vectors. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2285 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2010-2286 CVE STATUS: Patched CVE SUMMARY: The SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.7 through 1.0.13 and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2286 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2010-2287 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.8 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors. CVSS v2 BASE SCORE: 8.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2287 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2010-2992 CVE STATUS: Patched CVE SUMMARY: packet-gsm_a_rr.c in the GSM A RR dissector in Wireshark 1.2.2 through 1.2.9 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger a NULL pointer dereference. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2992 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2010-2993 CVE STATUS: Patched CVE SUMMARY: The IPMI dissector in Wireshark 1.2.0 through 1.2.9 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2993 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2010-2994 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through 1.0.14 and 1.2.0 through 1.2.9 has unknown impact and remote attack vectors. NOTE: this issue exists because of a CVE-2010-2284 regression. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2994 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2010-2995 CVE STATUS: Patched CVE SUMMARY: The SigComp Universal Decompressor Virtual Machine (UDVM) in Wireshark 0.10.8 through 1.0.14 and 1.2.0 through 1.2.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to sigcomp-udvm.c and an off-by-one error, which triggers a buffer overflow, different vulnerabilities than CVE-2010-2287. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2995 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2010-3133 CVE STATUS: Patched CVE SUMMARY: Untrusted search path vulnerability in Wireshark 0.8.4 through 1.0.15 and 1.2.0 through 1.2.10 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse airpcap.dll, and possibly other DLLs, that is located in the same folder as a file that automatically launches Wireshark. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-3133 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2010-3445 CVE STATUS: Patched CVE SUMMARY: Stack consumption vulnerability in the dissect_ber_unknown function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.4.x before 1.4.1 and 1.2.x before 1.2.12 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a long string in an unknown ASN.1/BER encoded packet, as demonstrated using SNMP. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-3445 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2010-4300 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the dissect_ldss_transfer function (epan/dissectors/packet-ldss.c) in the LDSS dissector in Wireshark 1.2.0 through 1.2.12 and 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an LDSS packet with a long digest line that triggers memory corruption. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-4300 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2010-4301 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-zbee-zcl.c in the ZigBee ZCL dissector in Wireshark 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted ZCL packet, related to Discover Attributes. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-4301 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2010-4538 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the sect_enttec_dmx_da function in epan/dissectors/packet-enttec.c in Wireshark 1.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ENTTEC DMX packet with Run Length Encoding (RLE) compression. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-4538 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2011-0024 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in wiretap/pcapng.c in Wireshark before 1.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted capture file. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-0024 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2011-0444 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the MAC-LTE dissector (epan/dissectors/packet-mac-lte.c) in Wireshark 1.2.0 through 1.2.13 and 1.4.0 through 1.4.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of RARs. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-0444 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2011-0445 CVE STATUS: Patched CVE SUMMARY: The ASN.1 BER dissector in Wireshark 1.4.0 through 1.4.2 allows remote attackers to cause a denial of service (assertion failure) via crafted packets, as demonstrated by fuzz-2010-12-30-28473.pcap. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-0445 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2011-0538 CVE STATUS: Patched CVE SUMMARY: Wireshark 1.2.0 through 1.2.14, 1.4.0 through 1.4.3, and 1.5.0 frees an uninitialized pointer during processing of a .pcap file in the pcap-ng format, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-0538 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2011-0713 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in wiretap/dct3trace.c in Wireshark 1.2.0 through 1.2.14 and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long record in a Nokia DCT3 trace file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-0713 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2011-1138 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the dissect_6lowpan_iphc function in packet-6lowpan.c in Wireshark 1.4.0 through 1.4.3 on 32-bit platforms allows remote attackers to cause a denial of service (application crash) via a malformed 6LoWPAN IPv6 packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1138 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2011-1139 CVE STATUS: Patched CVE SUMMARY: wiretap/pcapng.c in Wireshark 1.2.0 through 1.2.14 and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (application crash) via a pcap-ng file that contains a large packet-length field. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1139 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2011-1140 CVE STATUS: Patched CVE SUMMARY: Multiple stack consumption vulnerabilities in the dissect_ms_compressed_string and dissect_mscldap_string functions in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allow remote attackers to cause a denial of service (infinite recursion) via a crafted (1) SMB or (2) Connection-less LDAP (CLDAP) packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1140 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2011-1141 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-ldap.c in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (memory consumption) via (1) a long LDAP filter string or (2) an LDAP filter string containing many elements. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1141 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2011-1142 CVE STATUS: Patched CVE SUMMARY: Stack consumption vulnerability in the dissect_ber_choice function in the BER dissector in Wireshark 1.2.x through 1.2.15 and 1.4.x through 1.4.4 might allow remote attackers to cause a denial of service (infinite loop) via vectors involving self-referential ASN.1 CHOICE values. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1142 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2011-1143 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-ntlmssp.c in the NTLMSSP dissector in Wireshark before 1.4.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted .pcap file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1143 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2011-1590 CVE STATUS: Patched CVE SUMMARY: The X.509if dissector in Wireshark 1.2.x before 1.2.16 and 1.4.x before 1.4.5 does not properly initialize certain global variables, which allows remote attackers to cause a denial of service (application crash) via a crafted .pcap file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1590 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2011-1591 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the DECT dissector in epan/dissectors/packet-dect.c in Wireshark 1.4.x before 1.4.5 allows remote attackers to execute arbitrary code via a crafted .pcap file. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1591 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2011-1592 CVE STATUS: Patched CVE SUMMARY: The NFS dissector in epan/dissectors/packet-nfs.c in Wireshark 1.4.x before 1.4.5 on Windows uses an incorrect integer data type during decoding of SETCLIENTID calls, which allows remote attackers to cause a denial of service (application crash) via a crafted .pcap file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1592 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2011-1956 CVE STATUS: Patched CVE SUMMARY: The bytes_repr_len function in Wireshark 1.4.5 uses an incorrect pointer argument, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via arbitrary TCP traffic. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1956 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2011-1957 CVE STATUS: Patched CVE SUMMARY: The dissect_dcm_main function in epan/dissectors/packet-dcm.c in the DICOM dissector in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (infinite loop) via an invalid PDU length. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1957 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2011-1958 CVE STATUS: Patched CVE SUMMARY: Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Diameter dictionary file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1958 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2011-1959 CVE STATUS: Patched CVE SUMMARY: The snoop_read function in wiretap/snoop.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 does not properly handle certain virtualizable buffers, which allows remote attackers to cause a denial of service (application crash) via a large length value in a snoop file that triggers a stack-based buffer over-read. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1959 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2011-2174 CVE STATUS: Patched CVE SUMMARY: Double free vulnerability in the tvb_uncompress function in epan/tvbuff.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (application crash) via a packet with malformed data that uses zlib compression. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-2174 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2011-2175 CVE STATUS: Patched CVE SUMMARY: Integer underflow in the visual_read function in wiretap/visual.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (application crash) via a malformed Visual Networks file that triggers a heap-based buffer over-read. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-2175 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2011-2597 CVE STATUS: Patched CVE SUMMARY: The Lucent/Ascend file parser in Wireshark 1.2.x before 1.2.18, 1.4.x through 1.4.7, and 1.6.0 allows remote attackers to cause a denial of service (infinite loop) via malformed packets. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-2597 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2011-2698 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the elem_cell_id_aux function in epan/dissectors/packet-ansi_a.c in the ANSI MAP dissector in Wireshark 1.4.x before 1.4.8 and 1.6.x before 1.6.1 allows remote attackers to cause a denial of service (infinite loop) via an invalid packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-2698 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2011-3266 CVE STATUS: Patched CVE SUMMARY: The proto_tree_add_item function in Wireshark 1.6.0 through 1.6.1 and 1.4.0 through 1.4.8, when the IKEv1 protocol dissector is used, allows user-assisted remote attackers to cause a denial of service (infinite loop) via vectors involving a malformed IKE packet and many items in a tree. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3266 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2011-3360 CVE STATUS: Patched CVE SUMMARY: Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 and 1.6.x before 1.6.2 allows local users to gain privileges via a Trojan horse Lua script in an unspecified directory. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3360 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2011-3482 CVE STATUS: Patched CVE SUMMARY: The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.2 does not initialize a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3482 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2011-3483 CVE STATUS: Patched CVE SUMMARY: Wireshark 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (application crash) via a malformed capture file that leads to an invalid root tvbuff, related to a "buffer exception handling vulnerability." CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3483 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2011-3484 CVE STATUS: Patched CVE SUMMARY: The unxorFrame function in epan/dissectors/packet-opensafety.c in the OpenSafety dissector in Wireshark 1.6.x before 1.6.2 does not properly validate a certain frame size, which allows remote attackers to cause a denial of service (loop and application crash) via a malformed packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3484 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2011-4100 CVE STATUS: Patched CVE SUMMARY: The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.3 does not initialize a certain variable, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-4100 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2011-4101 CVE STATUS: Patched CVE SUMMARY: The dissect_infiniband_common function in epan/dissectors/packet-infiniband.c in the Infiniband dissector in Wireshark 1.4.0 through 1.4.9 and 1.6.x before 1.6.3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-4101 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2011-4102 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the erf_read_header function in wiretap/erf.c in the ERF file parser in Wireshark 1.4.0 through 1.4.9 and 1.6.x before 1.6.3 allows remote attackers to cause a denial of service (application crash) via a malformed file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-4102 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-0041 CVE STATUS: Patched CVE SUMMARY: The dissect_packet function in epan/packet.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in a capture file, as demonstrated by an airopeek file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0041 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-0042 CVE STATUS: Patched CVE SUMMARY: Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 does not properly perform certain string conversions, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet, related to epan/to_str.c. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0042 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-0043 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the reassemble_message function in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a series of fragmented RLC packets. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0043 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-0066 CVE STATUS: Patched CVE SUMMARY: Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in a (1) Accellent 5Views (aka .5vw) file, (2) I4B trace file, or (3) NETMON 2 capture file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0066 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-0067 CVE STATUS: Patched CVE SUMMARY: wiretap/iptrace.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in an AIX iptrace file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0067 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-0068 CVE STATUS: Patched CVE SUMMARY: The lanalyzer_read function in wiretap/lanalyzer.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a Novell capture file containing a record that is too small. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0068 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-1593 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-ansi_a.c in the ANSI A dissector in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed packet. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1593 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-1594 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1594 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-1595 CVE STATUS: Patched CVE SUMMARY: The pcap_process_pseudo_header function in wiretap/pcap-common.c in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (application crash) via a WTAP_ENCAP_ERF file containing an Extension or Multi-Channel header with an invalid pseudoheader size, related to the pcap and pcap-ng file parsers. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1595 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-1596 CVE STATUS: Patched CVE SUMMARY: The mp2t_process_fragmented_payload function in epan/dissectors/packet-mp2t.c in the MP2T dissector in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (application crash) via a packet containing an invalid pointer value that triggers an incorrect memory-allocation attempt. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1596 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-2392 CVE STATUS: Patched CVE SUMMARY: Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allows remote attackers to cause a denial of service (infinite loop) via vectors related to the (1) ANSI MAP, (2) ASF, (3) IEEE 802.11, (4) IEEE 802.3, and (5) LTP dissectors. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2392 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-2393 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 does not properly construct certain array data structures, which allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers incorrect memory allocation. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2393 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-2394 CVE STATUS: Patched CVE SUMMARY: Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on the SPARC and Itanium platforms does not properly perform data alignment for a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a (1) ICMP or (2) ICMPv6 Echo Request packet. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2394 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-3548 CVE STATUS: Patched CVE SUMMARY: The dissect_drda function in epan/dissectors/packet-drda.c in Wireshark 1.6.x through 1.6.10 and 1.8.x through 1.8.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a small value for a certain length field in a capture file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-3548 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-3825 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allow remote attackers to cause a denial of service (infinite loop) via vectors related to the (1) BACapp and (2) Bluetooth HCI dissectors, a different vulnerability than CVE-2012-2392. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-3825 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-3826 CVE STATUS: Patched CVE SUMMARY: Multiple integer underflows in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allow remote attackers to cause a denial of service (loop) via vectors related to the R3 dissector, a different vulnerability than CVE-2012-2392. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-3826 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-4048 CVE STATUS: Patched CVE SUMMARY: The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted packet, as demonstrated by a usbmon dump. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4048 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-4049 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (loop and CPU consumption) via a crafted packet. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4049 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-4285 CVE STATUS: Patched CVE SUMMARY: The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a zero-length message. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4285 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-4286 CVE STATUS: Patched CVE SUMMARY: The pcapng_read_packet_block function in wiretap/pcapng.c in the pcap-ng file parser in Wireshark 1.8.x before 1.8.2 allows user-assisted remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted pcap-ng file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4286 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-4287 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-mongo.c in the MongoDB dissector in Wireshark 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a small value for a BSON document length. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4287 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-4288 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the dissect_xtp_ecntl function in epan/dissectors/packet-xtp.c in the XTP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop or application crash) via a large value for a span length. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4288 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-4289 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-afp.c in the AFP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a large number of ACL entries. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4289 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-4290 CVE STATUS: Patched CVE SUMMARY: The CTDB dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a malformed packet. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4290 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-4291 CVE STATUS: Patched CVE SUMMARY: The CIP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4291 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-4292 CVE STATUS: Patched CVE SUMMARY: The dissect_stun_message function in epan/dissectors/packet-stun.c in the STUN dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly interact with key-destruction behavior in a certain tree library, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4292 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-4293 CVE STATUS: Patched CVE SUMMARY: plugins/ethercat/packet-ecatmb.c in the EtherCAT Mailbox dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly handle certain integer fields, which allows remote attackers to cause a denial of service (application exit) via a malformed packet. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4293 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-4294 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the channelised_fill_sdh_g707_format function in epan/dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before 1.8.2 allows remote attackers to execute arbitrary code via a large speed (aka rate) value. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4294 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-4295 CVE STATUS: Patched CVE SUMMARY: Array index error in the channelised_fill_sdh_g707_format function in epan/dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before 1.8.2 might allow remote attackers to cause a denial of service (application crash) via a crafted speed (aka rate) value. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4295 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-4296 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in epan/dissectors/packet-rtps2.c in the RTPS2 dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (CPU consumption) via a malformed packet. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4296 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-4297 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the dissect_gsm_rlcmac_downlink function in epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC MAC dissector in Wireshark 1.6.x before 1.6.10 and 1.8.x before 1.8.2 allows remote attackers to execute arbitrary code via a malformed packet. CVSS v2 BASE SCORE: 8.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4297 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-4298 CVE STATUS: Patched CVE SUMMARY: Integer signedness error in the vwr_read_rec_data_ethernet function in wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 1.8.x before 1.8.2 allows user-assisted remote attackers to execute arbitrary code via a crafted packet-trace file that triggers a buffer overflow. CVSS v2 BASE SCORE: 5.4 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4298 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-5237 CVE STATUS: Patched CVE SUMMARY: The dissect_hsrp function in epan/dissectors/packet-hsrp.c in the HSRP dissector in Wireshark 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-5237 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-5238 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.3 uses incorrect OUI data structures during the decoding of (1) PPP and (2) LCP data, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a malformed packet. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-5238 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-5240 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the dissect_tlv function in epan/dissectors/packet-ldp.c in the LDP dissector in Wireshark 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a malformed packet. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-5240 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-6052 CVE STATUS: Patched CVE SUMMARY: Wireshark 1.8.x before 1.8.4 allows remote attackers to obtain sensitive hostname information by reading pcap-ng files. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6052 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-6053 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-usb.c in the USB dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 relies on a length field to calculate an offset value, which allows remote attackers to cause a denial of service (infinite loop) via a zero value for this field. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6053 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-6054 CVE STATUS: Patched CVE SUMMARY: The dissect_sflow_245_address_type function in epan/dissectors/packet-sflow.c in the sFlow dissector in Wireshark 1.8.x before 1.8.4 does not properly handle length calculations for an invalid IP address type, which allows remote attackers to cause a denial of service (infinite loop) via a packet that is neither IPv4 nor IPv6. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6054 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-6055 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-3g-a11.c in the 3GPP2 A11 dissector in Wireshark 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a zero value in a sub-type length field. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6055 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-6056 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the dissect_sack_chunk function in epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted Duplicate TSN count. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6056 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-6057 CVE STATUS: Patched CVE SUMMARY: The dissect_eigrp_metric_comm function in epan/dissectors/packet-eigrp.c in the EIGRP dissector in Wireshark 1.8.x before 1.8.4 uses the wrong data type for a certain offset value, which allows remote attackers to cause a denial of service (integer overflow and infinite loop) via a malformed packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6057 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-6058 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the dissect_icmpv6 function in epan/dissectors/packet-icmpv6.c in the ICMPv6 dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted Number of Sources value. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6058 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-6059 CVE STATUS: Patched CVE SUMMARY: The dissect_isakmp function in epan/dissectors/packet-isakmp.c in the ISAKMP dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 uses an incorrect data structure to determine IKEv2 decryption parameters, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6059 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-6060 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the dissect_iscsi_pdu function in epan/dissectors/packet-iscsi.c in the iSCSI dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6060 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-6061 CVE STATUS: Patched CVE SUMMARY: The dissect_wtp_common function in epan/dissectors/packet-wtp.c in the WTP dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 uses an incorrect data type for a certain length field, which allows remote attackers to cause a denial of service (integer overflow and infinite loop) via a crafted value in a packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6061 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-6062 CVE STATUS: Patched CVE SUMMARY: The dissect_rtcp_app function in epan/dissectors/packet-rtcp.c in the RTCP dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6062 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-1572 CVE STATUS: Patched CVE SUMMARY: The dissect_oampdu_event_notification function in epan/dissectors/packet-slowprotocols.c in the IEEE 802.3 Slow Protocols dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle certain short lengths, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1572 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-1573 CVE STATUS: Patched CVE SUMMARY: The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle a large number of padding bits, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1573 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-1574 CVE STATUS: Patched CVE SUMMARY: The dissect_bthci_eir_ad_data function in epan/dissectors/packet-bthci_cmd.c in the Bluetooth HCI dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 uses an incorrect data type for a counter variable, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1574 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-1575 CVE STATUS: Patched CVE SUMMARY: The dissect_r3_cmd_alarmconfigure function in epan/dissectors/packet-assa_r3.c in the R3 dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle a certain alarm length, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1575 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-1576 CVE STATUS: Patched CVE SUMMARY: The dissect_sdp_media_attribute function in epan/dissectors/packet-sdp.c in the SDP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly process crypto-suite parameters, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1576 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-1577 CVE STATUS: Patched CVE SUMMARY: The dissect_sip_p_charging_func_addresses function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle offset data associated with a quoted string, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1577 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-1578 CVE STATUS: Patched CVE SUMMARY: The dissect_pw_eth_heuristic function in epan/dissectors/packet-pw-eth.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle apparent Ethernet address values at the beginning of MPLS data, which allows remote attackers to cause a denial of service (loop) via a malformed packet. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1578 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-1579 CVE STATUS: Patched CVE SUMMARY: The rtps_util_add_bitmap function in epan/dissectors/packet-rtps.c in the RTPS dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly implement certain nested loops for processing bitmap data, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1579 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-1580 CVE STATUS: Patched CVE SUMMARY: The dissect_cmstatus_tlv function in plugins/docsis/packet-cmstatus.c in the DOCSIS CM-STATUS dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 uses an incorrect data type for a position variable, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1580 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-1581 CVE STATUS: Patched CVE SUMMARY: The dissect_pft_fec_detailed function in epan/dissectors/packet-dcp-etsi.c in the DCP-ETSI dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle fragment gaps, which allows remote attackers to cause a denial of service (loop) via a malformed packet. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1581 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-1582 CVE STATUS: Patched CVE SUMMARY: The dissect_clnp function in epan/dissectors/packet-clnp.c in the CLNP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly manage an offset variable, which allows remote attackers to cause a denial of service (infinite loop or application crash) via a malformed packet. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1582 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-1583 CVE STATUS: Patched CVE SUMMARY: The dissect_version_4_primary_header function in epan/dissectors/packet-dtn.c in the DTN dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 accesses an inappropriate pointer, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1583 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-1584 CVE STATUS: Patched CVE SUMMARY: The dissect_version_5_and_6_primary_header function in epan/dissectors/packet-dtn.c in the DTN dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 accesses an inappropriate pointer, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1584 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-1585 CVE STATUS: Patched CVE SUMMARY: epan/tvbuff.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly validate certain length values for the MS-MMC dissector, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1585 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-1586 CVE STATUS: Patched CVE SUMMARY: The fragment_set_tot_len function in epan/reassemble.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly determine the length of a reassembled packet for the DTLS dissector, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1586 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-1587 CVE STATUS: Patched CVE SUMMARY: The dissect_rohc_ir_packet function in epan/dissectors/packet-rohc.c in the ROHC dissector in Wireshark 1.8.x before 1.8.5 does not properly handle unknown profiles, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1587 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-1588 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in the dissect_pft_fec_detailed function in the DCP-ETSI dissector in epan/dissectors/packet-dcp-etsi.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allow remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1588 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-1589 CVE STATUS: Patched CVE SUMMARY: Double free vulnerability in epan/proto.c in the dissection engine in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1589 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-1590 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the NTLMSSP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1590 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-2475 CVE STATUS: Patched CVE SUMMARY: The TCP dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2475 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-2476 CVE STATUS: Patched CVE SUMMARY: The dissect_hartip function in epan/dissectors/packet-hartip.c in the HART/IP dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a packet with a header that is too short. CVSS v2 BASE SCORE: 6.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2476 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-2477 CVE STATUS: Patched CVE SUMMARY: The CSN.1 dissector in Wireshark 1.8.x before 1.8.6 does not properly manage function pointers, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2477 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-2478 CVE STATUS: Patched CVE SUMMARY: The dissect_server_info function in epan/dissectors/packet-ms-mms.c in the MS-MMS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not properly manage string lengths, which allows remote attackers to cause a denial of service (application crash) via a malformed packet that (1) triggers an integer overflow or (2) has embedded '\0' characters in a string. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2478 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-2479 CVE STATUS: Patched CVE SUMMARY: The dissect_mpls_echo_tlv_dd_map function in epan/dissectors/packet-mpls-echo.c in the MPLS Echo dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via invalid Sub-tlv data. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2479 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-2480 CVE STATUS: Patched CVE SUMMARY: The RTPS and RTPS2 dissectors in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allow remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2480 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-2481 CVE STATUS: Patched CVE SUMMARY: Integer signedness error in the dissect_mount_dirpath_call function in epan/dissectors/packet-mount.c in the Mount dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6, when nfs_file_name_snooping is enabled, allows remote attackers to cause a denial of service (application crash) via a negative length value. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2481 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-2482 CVE STATUS: Patched CVE SUMMARY: The AMPQ dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. CVSS v2 BASE SCORE: 6.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2482 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-2483 CVE STATUS: Patched CVE SUMMARY: The acn_add_dmp_data function in epan/dissectors/packet-acn.c in the ACN dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via an invalid count value in ACN_DMP_ADT_D_RE DMP data. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2483 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-2484 CVE STATUS: Patched CVE SUMMARY: The CIMD dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2484 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-2485 CVE STATUS: Patched CVE SUMMARY: The FCSP dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. CVSS v2 BASE SCORE: 6.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2485 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-2486 CVE STATUS: Patched CVE SUMMARY: The dissect_diagnosticrequest function in epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (infinite loop) via crafted integer values in a packet. CVSS v2 BASE SCORE: 6.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2486 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-2487 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via crafted integer values in a packet, related to the (1) dissect_icecandidates, (2) dissect_kinddata, (3) dissect_nodeid_list, (4) dissect_storeans, (5) dissect_storereq, (6) dissect_storeddataspecifier, (7) dissect_fetchreq, (8) dissect_findans, (9) dissect_diagnosticinfo, (10) dissect_diagnosticresponse, (11) dissect_reload_messagecontents, and (12) dissect_reload_message functions, a different vulnerability than CVE-2013-2486. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2487 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-2488 CVE STATUS: Patched CVE SUMMARY: The DTLS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not validate the fragment offset before invoking the reassembly state machine, which allows remote attackers to cause a denial of service (application crash) via a large offset value that triggers write access to an invalid memory location. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2488 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-3555 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-gtpv2.c in the GTPv2 dissector in Wireshark 1.8.x before 1.8.7 calls incorrect functions in certain contexts related to ciphers, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-3555 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-3556 CVE STATUS: Patched CVE SUMMARY: The fragment_add_seq_common function in epan/reassemble.c in the ASN.1 BER dissector in Wireshark before r48943 has an incorrect pointer dereference during a comparison, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-3556 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-3557 CVE STATUS: Patched CVE SUMMARY: The dissect_ber_choice function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.6.x before 1.6.15 and 1.8.x before 1.8.7 does not properly initialize a certain variable, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-3557 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-3558 CVE STATUS: Patched CVE SUMMARY: The dissect_ccp_bsdcomp_opt function in epan/dissectors/packet-ppp.c in the PPP CCP dissector in Wireshark 1.8.x before 1.8.7 does not terminate a bit-field list, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-3558 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-3559 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.8.x before 1.8.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (integer overflow, and heap memory corruption or NULL pointer dereference, and application crash) via a malformed packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-3559 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-3560 CVE STATUS: Patched CVE SUMMARY: The dissect_dsmcc_un_download function in epan/dissectors/packet-mpeg-dsmcc.c in the MPEG DSM-CC dissector in Wireshark 1.8.x before 1.8.7 uses an incorrect format string, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-3560 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-3561 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (loop or application crash) via a malformed packet, related to a crash of the Websocket dissector, an infinite loop in the MySQL dissector, and a large loop in the ETCH dissector. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-3561 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-3562 CVE STATUS: Patched CVE SUMMARY: Multiple integer signedness errors in the tvb_unmasked function in epan/dissectors/packet-websocket.c in the Websocket dissector in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-3562 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-4074 CVE STATUS: Patched CVE SUMMARY: The dissect_capwap_data function in epan/dissectors/packet-capwap.c in the CAPWAP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 incorrectly uses a -1 data value to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4074 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-4075 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-gmr1_bcch.c in the GMR-1 BCCH dissector in Wireshark 1.8.x before 1.8.8 does not properly initialize memory, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4075 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-4076 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the dissect_iphc_crtp_fh function in epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4076 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-4077 CVE STATUS: Patched CVE SUMMARY: Array index error in the NBAP dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to nbap.cnf and packet-nbap.c. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4077 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-4078 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-rdp.c in the RDP dissector in Wireshark 1.8.x before 1.8.8 does not validate return values during checks for data availability, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4078 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-4079 CVE STATUS: Patched CVE SUMMARY: The dissect_schedule_message function in epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (infinite loop and application hang) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4079 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-4080 CVE STATUS: Patched CVE SUMMARY: The dissect_r3_upstreamcommand_queryconfig function in epan/dissectors/packet-assa_r3.c in the Assa Abloy R3 dissector in Wireshark 1.8.x before 1.8.8 does not properly handle a zero-length item, which allows remote attackers to cause a denial of service (infinite loop, and CPU and memory consumption) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4080 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-4081 CVE STATUS: Patched CVE SUMMARY: The http_payload_subdissector function in epan/dissectors/packet-http.c in the HTTP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 does not properly determine when to use a recursive approach, which allows remote attackers to cause a denial of service (stack consumption) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4081 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-4082 CVE STATUS: Patched CVE SUMMARY: The vwr_read function in wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 1.8.x before 1.8.8 does not validate the relationship between a record length and a trailer length, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4082 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-4083 CVE STATUS: Patched CVE SUMMARY: The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.6.x before 1.6.16, 1.8.x before 1.8.8, and 1.10.0 does not validate a certain fragment length value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4083 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-4920 CVE STATUS: Patched CVE SUMMARY: The P1 dissector in Wireshark 1.10.x before 1.10.1 does not properly initialize a global variable, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4920 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-4921 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the dissect_radiotap function in epan/dissectors/packet-ieee80211-radiotap.c in the Radiotap dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4921 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-4922 CVE STATUS: Patched CVE SUMMARY: Double free vulnerability in the dissect_dcom_ActivationProperties function in epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4922 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-4923 CVE STATUS: Patched CVE SUMMARY: Memory leak in the dissect_dcom_ActivationProperties function in epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (memory consumption) via crafted packets. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4923 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-4924 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 does not properly validate certain index values, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4924 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-4925 CVE STATUS: Patched CVE SUMMARY: Integer signedness error in epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4925 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-4926 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 does not properly determine whether there is remaining packet data to process, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4926 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-4927 CVE STATUS: Patched CVE SUMMARY: Integer signedness error in the get_type_length function in epan/dissectors/packet-btsdp.c in the Bluetooth SDP dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (loop and CPU consumption) via a crafted packet. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4927 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-4928 CVE STATUS: Patched CVE SUMMARY: Integer signedness error in the dissect_headers function in epan/dissectors/packet-btobex.c in the Bluetooth OBEX dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4928 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-4929 CVE STATUS: Patched CVE SUMMARY: The parseFields function in epan/dissectors/packet-dis-pdus.c in the DIS dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not terminate packet-data processing after finding zero remaining bytes, which allows remote attackers to cause a denial of service (loop) via a crafted packet. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4929 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-4930 CVE STATUS: Patched CVE SUMMARY: The dissect_dvbci_tpdu_hdr function in epan/dissectors/packet-dvbci.c in the DVB-CI dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not validate a certain length value before decrementing it, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4930 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-4931 CVE STATUS: Patched CVE SUMMARY: epan/proto.c in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (loop) via a crafted packet that is not properly handled by the GSM RR dissector. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4931 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-4932 CVE STATUS: Patched CVE SUMMARY: Multiple array index errors in epan/dissectors/packet-gsm_a_common.c in the GSM A Common dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allow remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4932 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-4933 CVE STATUS: Patched CVE SUMMARY: The netmon_open function in wiretap/netmon.c in the Netmon file parser in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) via a crafted packet-trace file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4933 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-4934 CVE STATUS: Patched CVE SUMMARY: The netmon_open function in wiretap/netmon.c in the Netmon file parser in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not initialize certain structure members, which allows remote attackers to cause a denial of service (application crash) via a crafted packet-trace file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4934 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-4935 CVE STATUS: Patched CVE SUMMARY: The dissect_per_length_determinant function in epan/dissectors/packet-per.c in the ASN.1 PER dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not initialize a length field in certain abnormal situations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4935 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-4936 CVE STATUS: Patched CVE SUMMARY: The IsDFP_Frame function in plugins/profinet/packet-pn-rt.c in the PROFINET Real-Time dissector in Wireshark 1.10.x before 1.10.1 does not validate MAC addresses, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4936 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-5717 CVE STATUS: Patched CVE SUMMARY: The Bluetooth HCI ACL dissector in Wireshark 1.10.x before 1.10.2 does not properly maintain a certain free list, which allows remote attackers to cause a denial of service (application crash) via a crafted packet that is not properly handled by the wmem_block_alloc function in epan/wmem/wmem_allocator_block.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-5717 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-5718 CVE STATUS: Patched CVE SUMMARY: The dissect_nbap_T_dCH_ID function in epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not restrict the dch_id value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-5718 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-5719 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-assa_r3.c in the ASSA R3 dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-5719 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-5720 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the RTPS dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-5720 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-5721 CVE STATUS: Patched CVE SUMMARY: The dissect_mq_rr function in epan/dissectors/packet-mq.c in the MQ dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not properly determine when to enter a certain loop, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-5721 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-5722 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the LDAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-5722 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-6336 CVE STATUS: Patched CVE SUMMARY: The ieee802154_map_rec function in epan/dissectors/packet-ieee802154.c in the IEEE 802.15.4 dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 uses an incorrect pointer chain, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-6336 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-6337 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the NBAP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-6337 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-6338 CVE STATUS: Patched CVE SUMMARY: The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-6338 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-6339 CVE STATUS: Patched CVE SUMMARY: The dissect_openwire_type function in epan/dissectors/packet-openwire.c in the OpenWire dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 allows remote attackers to cause a denial of service (loop) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-6339 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-6340 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-tcp.c in the TCP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 does not properly determine the amount of remaining data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-6340 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-7112 CVE STATUS: Patched CVE SUMMARY: The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 does not check for empty lines, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-7112 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-7113 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-bssgp.c in the BSSGP dissector in Wireshark 1.10.x before 1.10.4 incorrectly relies on a global variable, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-7113 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-7114 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in the create_ntlmssp_v2_key function in epan/dissectors/packet-ntlmssp.c in the NTLMSSP v2 dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 allow remote attackers to cause a denial of service (application crash) via a long domain name in a packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-7114 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2014-2281 CVE STATUS: Patched CVE SUMMARY: The nfs_name_snoop_add_name function in epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 does not validate a certain length value, which allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted NFS packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2281 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2014-2282 CVE STATUS: Patched CVE SUMMARY: The dissect_protocol_data_parameter function in epan/dissectors/packet-m3ua.c in the M3UA dissector in Wireshark 1.10.x before 1.10.6 does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) via a crafted SS7 MTP3 packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2282 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2014-2283 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-rlc in the RLC dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 uses inconsistent memory-management approaches, which allows remote attackers to cause a denial of service (use-after-free error and application crash) via a crafted UMTS Radio Link Control packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2283 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2014-2299 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the mpeg_read function in wiretap/mpeg.c in the MPEG parser in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a large record in MPEG data. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2299 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2014-2907 CVE STATUS: Patched CVE SUMMARY: The srtp_add_address function in epan/dissectors/packet-rtp.c in the RTP dissector in Wireshark 1.10.x before 1.10.7 does not properly update SRTP conversation data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2907 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2014-4020 CVE STATUS: Patched CVE SUMMARY: The dissect_frame function in epan/dissectors/packet-frame.c in the frame metadissector in Wireshark 1.10.x before 1.10.8 interprets a negative integer as a length value even though it was intended to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-4020 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2014-4174 CVE STATUS: Patched CVE SUMMARY: wiretap/libpcap.c in the libpcap file parser in Wireshark 1.10.x before 1.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted packet-trace file that includes a large packet. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-4174 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2014-5161 CVE STATUS: Patched CVE SUMMARY: The dissect_log function in plugins/irda/packet-irda.c in the IrDA dissector in Wireshark 1.10.x before 1.10.9 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-5161 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2014-5162 CVE STATUS: Patched CVE SUMMARY: The read_new_line function in wiretap/catapult_dct2000.c in the Catapult DCT2000 dissector in Wireshark 1.10.x before 1.10.9 does not properly strip '\n' and '\r' characters, which allows remote attackers to cause a denial of service (off-by-one buffer underflow and application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-5162 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2014-5163 CVE STATUS: Patched CVE SUMMARY: The APN decode functionality in (1) epan/dissectors/packet-gtp.c and (2) epan/dissectors/packet-gsm_a_gm.c in the GTP and GSM Management dissectors in Wireshark 1.10.x before 1.10.9 does not completely initialize a certain buffer, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-5163 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2014-5164 CVE STATUS: Patched CVE SUMMARY: The rlc_decode_li function in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.10.x before 1.10.9 initializes a certain structure member only after this member is used, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-5164 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2014-5165 CVE STATUS: Patched CVE SUMMARY: The dissect_ber_constrained_bitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.10.x before 1.10.9 does not properly validate padding values, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-5165 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2014-6421 CVE STATUS: Patched CVE SUMMARY: Use-after-free vulnerability in the SDP dissector in Wireshark 1.10.x before 1.10.10 allows remote attackers to cause a denial of service (application crash) via a crafted packet that leverages split memory ownership between the SDP and RTP dissectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6421 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2014-6422 CVE STATUS: Patched CVE SUMMARY: The SDP dissector in Wireshark 1.10.x before 1.10.10 creates duplicate hashtables for a media channel, which allows remote attackers to cause a denial of service (application crash) via a crafted packet to the RTP dissector. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6422 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2014-6423 CVE STATUS: Patched CVE SUMMARY: The tvb_raw_text_add function in epan/dissectors/packet-megaco.c in the MEGACO dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (infinite loop) via an empty line. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6423 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2014-6424 CVE STATUS: Patched CVE SUMMARY: The dissect_v9_v10_pdu_data function in epan/dissectors/packet-netflow.c in the Netflow dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 refers to incorrect offset and start variables, which allows remote attackers to cause a denial of service (uninitialized memory read and application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6424 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2014-6425 CVE STATUS: Patched CVE SUMMARY: The (1) get_quoted_string and (2) get_unquoted_string functions in epan/dissectors/packet-cups.c in the CUPS dissector in Wireshark 1.12.x before 1.12.1 allow remote attackers to cause a denial of service (buffer over-read and application crash) via a CUPS packet that lacks a trailing '\0' character. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6425 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2014-6426 CVE STATUS: Patched CVE SUMMARY: The dissect_hip_tlv function in epan/dissectors/packet-hip.c in the HIP dissector in Wireshark 1.12.x before 1.12.1 does not properly handle a NULL tree, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6426 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2014-6427 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the is_rtsp_request_or_reply function in epan/dissectors/packet-rtsp.c in the RTSP dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers parsing of a token located one position beyond the current position. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6427 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2014-6428 CVE STATUS: Patched CVE SUMMARY: The dissect_spdu function in epan/dissectors/packet-ses.c in the SES dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not initialize a certain ID value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6428 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2014-6429 CVE STATUS: Patched CVE SUMMARY: The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not properly handle empty input data, which allows remote attackers to cause a denial of service (application crash) via a crafted file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6429 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2014-6430 CVE STATUS: Patched CVE SUMMARY: The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not validate bitmask data, which allows remote attackers to cause a denial of service (application crash) via a crafted file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6430 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2014-6431 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted file that triggers writes of uncompressed bytes beyond the end of the output buffer. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6431 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2014-6432 CVE STATUS: Patched CVE SUMMARY: The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not prevent data overwrites during copy operations, which allows remote attackers to cause a denial of service (application crash) via a crafted file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6432 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2014-8710 CVE STATUS: Patched CVE SUMMARY: The decompress_sigcomp_message function in epan/sigcomp-udvm.c in the SigComp UDVM dissector in Wireshark 1.10.x before 1.10.11 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8710 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2014-8711 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in epan/dissectors/packet-amqp.c in the AMQP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allow remote attackers to cause a denial of service (application crash) via a crafted amqp_0_10 PDU in a packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8711 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2014-8712 CVE STATUS: Patched CVE SUMMARY: The build_expert_data function in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8712 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2014-8713 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the build_expert_data function in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8713 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2014-8714 CVE STATUS: Patched CVE SUMMARY: The dissect_write_structured_field function in epan/dissectors/packet-tn5250.c in the TN5250 dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8714 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-0559 CVE STATUS: Patched CVE SUMMARY: Multiple use-after-free vulnerabilities in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of service (application crash) via a crafted packet, related to the use of packet-scope memory instead of pinfo-scope memory. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0559 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-0560 CVE STATUS: Patched CVE SUMMARY: The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not initialize certain data structures, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0560 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-0561 CVE STATUS: Patched CVE SUMMARY: asn1/lpp/lpp.cnf in the LPP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not validate a certain index value, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0561 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-0562 CVE STATUS: Patched CVE SUMMARY: Multiple use-after-free vulnerabilities in epan/dissectors/packet-dec-dnart.c in the DEC DNA Routing Protocol dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of service (application crash) via a crafted packet, related to the use of packet-scope memory instead of pinfo-scope memory. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0562 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-0563 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-smtp.c in the SMTP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 uses an incorrect length value for certain string-append operations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0563 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-0564 CVE STATUS: Patched CVE SUMMARY: Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet that is improperly handled during decryption of an SSL session. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0564 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-2187 CVE STATUS: Patched CVE SUMMARY: The dissect_atn_cpdlc_heur function in asn1/atn-cpdlc/packet-atn-cpdlc-template.c in the ATN-CPDLC dissector in Wireshark 1.12.x before 1.12.4 does not properly follow the TRY/ENDTRY code requirements, which allows remote attackers to cause a denial of service (stack memory corruption and application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-2187 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-2188 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that is improperly handled during decompression. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-2188 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-2189 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via an invalid Interface Statistics Block (ISB) interface ID in a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-2189 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-2190 CVE STATUS: Patched CVE SUMMARY: epan/proto.c in Wireshark 1.12.x before 1.12.4 does not properly handle integer data types greater than 32 bits in size, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet that is improperly handled by the LLDP dissector. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-2190 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-2191 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the dissect_tnef function in epan/dissectors/packet-tnef.c in the TNEF dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-2191 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-2192 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the dissect_osd2_cdb_continuation function in epan/dissectors/packet-scsi-osd.c in the SCSI OSD dissector in Wireshark 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-2192 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-3182 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-dec-dnart.c in the DECnet NSP/RT dissector in Wireshark 1.10.12 through 1.10.14 mishandles a certain strdup return value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3182 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-3808 CVE STATUS: Patched CVE SUMMARY: The dissect_lbmr_pser function in epan/dissectors/packet-lbmr.c in the LBMR dissector in Wireshark 1.12.x before 1.12.5 does not reject a zero length, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3808 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-3809 CVE STATUS: Patched CVE SUMMARY: The dissect_lbmr_pser function in epan/dissectors/packet-lbmr.c in the LBMR dissector in Wireshark 1.12.x before 1.12.5 does not properly track the current offset, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3809 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-3810 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-websocket.c in the WebSocket dissector in Wireshark 1.12.x before 1.12.5 uses a recursive algorithm, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted packet. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3810 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-3811 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 improperly refers to previously processed bytes, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, a different vulnerability than CVE-2015-2188. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3811 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-3812 CVE STATUS: Patched CVE SUMMARY: Multiple memory leaks in the x11_init_protocol function in epan/dissectors/packet-x11.c in the X11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 allow remote attackers to cause a denial of service (memory consumption) via a crafted packet. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3812 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-3813 CVE STATUS: Patched CVE SUMMARY: The fragment_add_work function in epan/reassemble.c in the packet-reassembly feature in Wireshark 1.12.x before 1.12.5 does not properly determine the defragmentation state in a case of an insufficient snapshot length, which allows remote attackers to cause a denial of service (memory consumption) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3813 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-3814 CVE STATUS: Patched CVE SUMMARY: The (1) dissect_tfs_request and (2) dissect_tfs_response functions in epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 interpret a zero value as a length rather than an error condition, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3814 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-3815 CVE STATUS: Patched CVE SUMMARY: The detect_version function in wiretap/logcat.c in the Android Logcat file parser in Wireshark 1.12.x before 1.12.5 does not check the length of the payload, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a packet with a crafted payload, as demonstrated by a length of zero, a different vulnerability than CVE-2015-3906. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3815 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-3906 CVE STATUS: Patched CVE SUMMARY: The logcat_dump_text function in wiretap/logcat.c in the Android Logcat file parser in Wireshark 1.12.x before 1.12.5 does not properly handle a lack of \0 termination, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted message in a packet, a different vulnerability than CVE-2015-3815. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3906 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-4651 CVE STATUS: Patched CVE SUMMARY: The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.6 does not properly determine whether enough memory is available for storing IP address strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-4651 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-4652 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-gsm_a_dtap.c in the GSM DTAP dissector in Wireshark 1.12.x before 1.12.6 does not properly validate digit characters, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the de_emerg_num_list and de_bcd_num functions. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-4652 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-6241 CVE STATUS: Patched CVE SUMMARY: The proto_tree_add_bytes_item function in epan/proto.c in the protocol-tree implementation in Wireshark 1.12.x before 1.12.7 does not properly terminate a data structure after a failure to locate a number within a string, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-6241 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-6242 CVE STATUS: Patched CVE SUMMARY: The wmem_block_split_free_chunk function in epan/wmem/wmem_allocator_block.c in the wmem block allocator in the memory manager in Wireshark 1.12.x before 1.12.7 does not properly consider a certain case of multiple realloc operations that restore a memory chunk to its original size, which allows remote attackers to cause a denial of service (incorrect free operation and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-6242 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-6243 CVE STATUS: Patched CVE SUMMARY: The dissector-table implementation in epan/packet.c in Wireshark 1.12.x before 1.12.7 mishandles table searches for empty strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the (1) dissector_get_string_handle and (2) dissector_get_default_string_handle functions. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-6243 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-6244 CVE STATUS: Patched CVE SUMMARY: The dissect_zbee_secure function in epan/dissectors/packet-zbee-security.c in the ZigBee dissector in Wireshark 1.12.x before 1.12.7 improperly relies on length fields contained in packet data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-6244 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-6245 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC/MAC dissector in Wireshark 1.12.x before 1.12.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-6245 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-6246 CVE STATUS: Patched CVE SUMMARY: The dissect_wa_payload function in epan/dissectors/packet-waveagent.c in the WaveAgent dissector in Wireshark 1.12.x before 1.12.7 mishandles large tag values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-6246 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-6247 CVE STATUS: Patched CVE SUMMARY: The dissect_openflow_tablemod_v5 function in epan/dissectors/packet-openflow_v5.c in the OpenFlow dissector in Wireshark 1.12.x before 1.12.7 does not validate a certain offset value, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-6247 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-6248 CVE STATUS: Patched CVE SUMMARY: The ptvcursor_add function in the ptvcursor implementation in epan/proto.c in Wireshark 1.12.x before 1.12.7 does not check whether the expected amount of data is available, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-6248 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-6249 CVE STATUS: Patched CVE SUMMARY: The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.7 does not prevent the conflicting use of a table for both IPv4 and IPv6 addresses, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-6249 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-7830 CVE STATUS: Patched CVE SUMMARY: The pcapng_read_if_descr_block function in wiretap/pcapng.c in the pcapng parser in Wireshark 1.12.x before 1.12.8 uses too many levels of pointer indirection, which allows remote attackers to cause a denial of service (incorrect free and application crash) via a crafted packet that triggers interface-filter copying. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7830 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-8711 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate conversation data, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8711 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-8712 CVE STATUS: Patched CVE SUMMARY: The dissect_hsdsch_channel_info function in epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not validate the number of PDUs, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8712 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-8713 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not properly reserve memory for channel ID mappings, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8713 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-8714 CVE STATUS: Patched CVE SUMMARY: The dissect_dcom_OBJREF function in epan/dissectors/packet-dcom.c in the DCOM dissector in Wireshark 1.12.x before 1.12.9 does not initialize a certain IPv4 data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8714 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-8715 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-alljoyn.c in the AllJoyn dissector in Wireshark 1.12.x before 1.12.9 does not check for empty arguments, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8715 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-8716 CVE STATUS: Patched CVE SUMMARY: The init_t38_info_conv function in epan/dissectors/packet-t38.c in the T.38 dissector in Wireshark 1.12.x before 1.12.9 does not ensure that a conversation exists, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8716 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-8717 CVE STATUS: Patched CVE SUMMARY: The dissect_sdp function in epan/dissectors/packet-sdp.c in the SDP dissector in Wireshark 1.12.x before 1.12.9 does not prevent use of a negative media count, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8717 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-8718 CVE STATUS: Patched CVE SUMMARY: Double free vulnerability in epan/dissectors/packet-nlm.c in the NLM dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1, when the "Match MSG/RES packets for async NLM" option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8718 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-8719 CVE STATUS: Patched CVE SUMMARY: The dissect_dns_answer function in epan/dissectors/packet-dns.c in the DNS dissector in Wireshark 1.12.x before 1.12.9 mishandles the EDNS0 Client Subnet option, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8719 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-8720 CVE STATUS: Patched CVE SUMMARY: The dissect_ber_GeneralizedTime function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly checks an sscanf return value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8720 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-8721 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the tvb_uncompress function in epan/tvbuff_zlib.c in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet with zlib compression. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8721 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-8722 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the frame pointer, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8722 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-8723 CVE STATUS: Patched CVE SUMMARY: The AirPDcapPacketProcess function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationship between the total length and the capture length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8723 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-8724 CVE STATUS: Patched CVE SUMMARY: The AirPDcapDecryptWPABroadcastKey function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not verify the WPA broadcast key length, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8724 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-8725 CVE STATUS: Patched CVE SUMMARY: The dissect_diameter_base_framed_ipv6_prefix function in epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the IPv6 prefix length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8725 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-8726 CVE STATUS: Patched CVE SUMMARY: wiretap/vwr.c in the VeriWave file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate certain signature and Modulation and Coding Scheme (MCS) data, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8726 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-8727 CVE STATUS: Patched CVE SUMMARY: The dissect_rsvp_common function in epan/dissectors/packet-rsvp.c in the RSVP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not properly maintain request-key data, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8727 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-8728 CVE STATUS: Patched CVE SUMMARY: The Mobile Identity parser in (1) epan/dissectors/packet-ansi_a.c in the ANSI A dissector and (2) epan/dissectors/packet-gsm_a_common.c in the GSM A dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly uses the tvb_bcd_dig_to_wmem_packet_str function, which allows remote attackers to cause a denial of service (buffer overflow and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8728 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-8729 CVE STATUS: Patched CVE SUMMARY: The ascend_seek function in wiretap/ascendtext.c in the Ascend file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not ensure the presence of a '\0' character at the end of a date string, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8729 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-8730 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the number of items, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8730 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-8731 CVE STATUS: Patched CVE SUMMARY: The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not reject unknown TLV types, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8731 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-8732 CVE STATUS: Patched CVE SUMMARY: The dissect_zcl_pwr_prof_pwrprofstatersp function in epan/dissectors/packet-zbee-zcl-general.c in the ZigBee ZCL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the Total Profile Number field, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8732 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-8733 CVE STATUS: Patched CVE SUMMARY: The ngsniffer_process_record function in wiretap/ngsniffer.c in the Sniffer file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationships between record lengths and record header lengths, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8733 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-8734 CVE STATUS: Patched CVE SUMMARY: The dissect_nwp function in epan/dissectors/packet-nwp.c in the NWP dissector in Wireshark 2.0.x before 2.0.1 mishandles the packet type, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8734 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-8735 CVE STATUS: Patched CVE SUMMARY: The get_value function in epan/dissectors/packet-btatt.c in the Bluetooth Attribute (aka BT ATT) dissector in Wireshark 2.0.x before 2.0.1 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (invalid write operation and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8735 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-8736 CVE STATUS: Patched CVE SUMMARY: The mp2t_find_next_pcr function in wiretap/mp2t.c in the MP2T file parser in Wireshark 2.0.x before 2.0.1 does not reserve memory for a trailer, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8736 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-8737 CVE STATUS: Patched CVE SUMMARY: The mp2t_open function in wiretap/mp2t.c in the MP2T file parser in Wireshark 2.0.x before 2.0.1 does not validate the bit rate, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8737 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-8738 CVE STATUS: Patched CVE SUMMARY: The s7comm_decode_ud_cpu_szl_subfunc function in epan/dissectors/packet-s7comm_szl_ids.c in the S7COMM dissector in Wireshark 2.0.x before 2.0.1 does not validate the list count in an SZL response, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8738 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-8739 CVE STATUS: Patched CVE SUMMARY: The ipmi_fmt_udpport function in epan/dissectors/packet-ipmi.c in the IPMI dissector in Wireshark 2.0.x before 2.0.1 improperly attempts to access a packet scope, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8739 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-8740 CVE STATUS: Patched CVE SUMMARY: The dissect_tds7_colmetadata_token function in epan/dissectors/packet-tds.c in the TDS dissector in Wireshark 2.0.x before 2.0.1 does not validate the number of columns, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8740 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-8741 CVE STATUS: Patched CVE SUMMARY: The dissect_ppi function in epan/dissectors/packet-ppi.c in the PPI dissector in Wireshark 2.0.x before 2.0.1 does not initialize a packet-header data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8741 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-8742 CVE STATUS: Patched CVE SUMMARY: The dissect_CPMSetBindings function in epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.1 does not validate the column size, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8742 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-2521 CVE STATUS: Patched CVE SUMMARY: Untrusted search path vulnerability in the WiresharkApplication class in ui/qt/wireshark_application.cpp in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 on Windows allows local users to gain privileges via a Trojan horse riched20.dll.dll file in the current working directory, related to use of QLibrary. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2521 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-2522 CVE STATUS: Patched CVE SUMMARY: The dissect_ber_constrained_bitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 2.0.x before 2.0.2 does not verify that a certain length is nonzero, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2522 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-2523 CVE STATUS: Patched CVE SUMMARY: The dnp3_al_process_object function in epan/dissectors/packet-dnp.c in the DNP3 dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2523 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-2524 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-x509af.c in the X.509AF dissector in Wireshark 2.0.x before 2.0.2 mishandles the algorithm ID, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2524 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-2525 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-http2.c in the HTTP/2 dissector in Wireshark 2.0.x before 2.0.2 does not limit the amount of header data, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2525 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-2526 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-hiqnet.c in the HiQnet dissector in Wireshark 2.0.x before 2.0.2 does not validate the data type, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2526 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-2527 CVE STATUS: Patched CVE SUMMARY: wiretap/nettrace_3gpp_32_423.c in the 3GPP TS 32.423 Trace file parser in Wireshark 2.0.x before 2.0.2 does not ensure that a '\0' character is present at the end of certain strings, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2527 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-2528 CVE STATUS: Patched CVE SUMMARY: The dissect_nhdr_extopt function in epan/dissectors/packet-lbmc.c in the LBMC dissector in Wireshark 2.0.x before 2.0.2 does not validate length values, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2528 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-2529 CVE STATUS: Patched CVE SUMMARY: The iseries_check_file_type function in wiretap/iseries.c in the iSeries file parser in Wireshark 2.0.x before 2.0.2 does not consider that a line may lack the "OBJECT PROTOCOL" substring, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2529 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-2530 CVE STATUS: Patched CVE SUMMARY: The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 mishandles the case of an unrecognized TLV type, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet, a different vulnerability than CVE-2016-2531. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2530 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-2531 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that triggers a 0xff tag value, a different vulnerability than CVE-2016-2530. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2531 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-2532 CVE STATUS: Patched CVE SUMMARY: The dissect_llrp_parameters function in epan/dissectors/packet-llrp.c in the LLRP dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 does not limit the recursion depth, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2532 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-4006 CVE STATUS: Patched CVE SUMMARY: epan/proto.c in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not limit the protocol-tree depth, which allows remote attackers to cause a denial of service (stack memory consumption and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4006 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-4076 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 2.0.x before 2.0.3 does not properly initialize memory for search patterns, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4076 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-4077 CVE STATUS: Patched CVE SUMMARY: epan/reassemble.c in TShark in Wireshark 2.0.x before 2.0.3 relies on incorrect special-case handling of truncated Tvb data structures, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4077 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-4078 CVE STATUS: Patched CVE SUMMARY: The IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not properly restrict element lists, which allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted packet, related to epan/dissectors/packet-capwap.c and epan/dissectors/packet-ieee80211.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4078 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-4079 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not verify BER identifiers, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4079 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-4080 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 misparses timestamp fields, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4080 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-4081 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-iax2.c in the IAX2 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4081 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-4082 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses the wrong variable to index an array, which allows remote attackers to cause a denial of service (out-of-bounds access and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4082 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-4083 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.3 does not ensure that data is available before array allocation, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4083 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-4084 CVE STATUS: Patched CVE SUMMARY: Integer signedness error in epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.3 allows remote attackers to cause a denial of service (integer overflow and application crash) via a crafted packet that triggers an unexpected array size. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4084 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-4085 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.12.x before 1.12.11 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long string in a packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4085 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-4415 CVE STATUS: Patched CVE SUMMARY: wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 2.x before 2.0.2 incorrectly increases a certain octet count, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4415 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-4416 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.2 mishandles the Grouping subfield, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4416 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-4417 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in epan/dissectors/packet-gsm_abis_oml.c in the GSM A-bis OML dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet that triggers a 0xff tag value. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4417 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-4418 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet that triggers an empty set. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4418 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-4419 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-spice.c in the SPICE dissector in Wireshark 2.x before 2.0.2 mishandles capability data, which allows remote attackers to cause a denial of service (large loop) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4419 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-4420 CVE STATUS: Patched CVE SUMMARY: The NFS dissector in Wireshark 2.x before 2.0.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4420 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-4421 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (deep recursion, stack consumption, and application crash) via a packet that specifies deeply nested data. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4421 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-5350 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-dcerpc-spoolss.c in the SPOOLS component in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles unexpected offsets, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5350 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-5351 CVE STATUS: Patched CVE SUMMARY: epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles the lack of an EAPOL_RSN_KEY, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5351 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-5352 CVE STATUS: Patched CVE SUMMARY: epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.4 mishandles certain length values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5352 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-5353 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles the reserved C/T value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5353 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-5354 CVE STATUS: Patched CVE SUMMARY: The USB subsystem in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles class types, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5354 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-5355 CVE STATUS: Patched CVE SUMMARY: wiretap/toshiba.c in the Toshiba file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5355 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-5356 CVE STATUS: Patched CVE SUMMARY: wiretap/cosine.c in the CoSine file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5356 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-5357 CVE STATUS: Patched CVE SUMMARY: wiretap/netscreen.c in the NetScreen file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5357 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-5358 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-pktap.c in the Ethernet dissector in Wireshark 2.x before 2.0.4 mishandles the packet-header data type, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5358 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-5359 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 1.12.x before 1.12.12 mishandles offsets, which allows remote attackers to cause a denial of service (integer overflow and infinite loop) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5359 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-6503 CVE STATUS: Patched CVE SUMMARY: The CORBA IDL dissectors in Wireshark 2.x before 2.0.5 on 64-bit Windows platforms do not properly interact with Visual C++ compiler options, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6503 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-6504 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-ncp2222.inc in the NDS dissector in Wireshark 1.12.x before 1.12.13 does not properly maintain a ptvc data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6504 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-6505 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-packetbb.c in the PacketBB dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6505 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-6506 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-wsp.c in the WSP dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6506 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-6507 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-mmse.c in the MMSE dissector in Wireshark 1.12.x before 1.12.13 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6507 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-6508 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (large loop) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6508 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-6509 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-ldss.c in the LDSS dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 mishandles conversations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6509 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-6510 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6510 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-6511 CVE STATUS: Patched CVE SUMMARY: epan/proto.c in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (OpenFlow dissector large loop) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6511 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-6512 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-wap.c in Wireshark 2.x before 2.0.5 omits an overflow check in the tvb_get_guintvar function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet, related to the MMSE, WAP, WBXML, and WSP dissectors. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6512 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-6513 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 2.x before 2.0.5 does not restrict the recursion depth, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6513 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-7175 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-qnet6.c in the QNX6 QNET dissector in Wireshark 2.x before 2.0.6 mishandles MAC address data, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7175 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-7176 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-h225.c in the H.225 dissector in Wireshark 2.x before 2.0.6 calls snprintf with one of its input buffers as the output buffer, which allows remote attackers to cause a denial of service (copy overlap and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7176 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-7177 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 does not restrict the number of channels, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7177 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-7178 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 2.x before 2.0.6 does not ensure that memory is allocated for certain data structures, which allows remote attackers to cause a denial of service (invalid write access and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7178 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-7179 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7179 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-7180 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-ipmi-trace.c in the IPMI trace dissector in Wireshark 2.x before 2.0.6 does not properly consider whether a string is constant, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7180 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-7957 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0, the Bluetooth L2CAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-btl2cap.c by avoiding use of a seven-byte memcmp for potentially shorter strings. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7957 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-7958 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0, the NCP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/CMakeLists.txt by registering this dissector. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7958 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-9372 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.1, the Profinet I/O dissector could loop excessively, triggered by network traffic or a capture file. This was addressed in plugins/profinet/packet-pn-rtc-one.c by rejecting input with too many I/O objects. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9372 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-9373 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DCERPC dissector could crash with a use-after-free, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dcerpc-nt.c and epan/dissectors/packet-dcerpc-spoolss.c by using the wmem file scope for private strings. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9373 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-9374 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the AllJoyn dissector could crash with a buffer over-read, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-alljoyn.c by ensuring that a length variable properly tracked the state of a signature variable. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9374 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-9375 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DTN dissector could go into an infinite loop, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dtn.c by checking whether SDNV evaluation was successful. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9375 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-9376 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the OpenFlow dissector could crash with memory exhaustion, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-openflow_v5.c by ensuring that certain length values were sufficiently large. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9376 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-11406 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by rejecting invalid Frame Control parameter values. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11406 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-11407 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the MQ dissector could crash. This was addressed in epan/dissectors/packet-mq.c by validating the fragment length before a reassembly attempt. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11407 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-11408 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the AMQP dissector could crash. This was addressed in epan/dissectors/packet-amqp.c by checking for successful list dissection. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11408 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-11409 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.0.0 to 2.0.13, the GPRS LLC dissector could go into a large loop. This was addressed in epan/dissectors/packet-gprs-llc.c by using a different integer data type. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11409 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-11410 CVE STATUS: Patched CVE SUMMARY: In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding validation of the relationships between indexes and lengths. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-7702. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11410 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-11411 CVE STATUS: Patched CVE SUMMARY: In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by adding length validation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-9350. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11411 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-13764 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0, the Modbus dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/packet-mbtcp.c by adding length validation. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13764 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-13765 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the IrCOMM dissector has a buffer over-read and application crash. This was addressed in plugins/irda/packet-ircomm.c by adding length validation. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13765 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-13766 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 and 2.2.0 to 2.2.8, the Profinet I/O dissector could crash with an out-of-bounds write. This was addressed in plugins/profinet/packet-dcerpc-pn-io.c by adding string validation. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13766 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-13767 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the MSDP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-msdp.c by adding length validation. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13767 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-15189 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.1, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by adding decrements. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15189 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-15190 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.1, the RTSP dissector could crash. This was addressed in epan/dissectors/packet-rtsp.c by correcting the scope of a variable. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15190 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-15191 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the DMP dissector could crash. This was addressed in epan/dissectors/packet-dmp.c by validating a string length. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15191 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-15192 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by considering a case where not all of the BTATT packets have the same encapsulation level. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15192 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-15193 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the MBIM dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-mbim.c by changing the memory-allocation approach. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15193 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-17083 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the NetBIOS dissector could crash. This was addressed in epan/dissectors/packet-netbios.c by ensuring that write operations are bounded by the beginning of a buffer. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17083 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-17084 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the IWARP_MPA dissector could crash. This was addressed in epan/dissectors/packet-iwarp-mpa.c by validating a ULPDU length. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17084 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-17085 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety dissector could crash. This was addressed in epan/dissectors/packet-cipsafety.c by validating the packet length. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17085 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-17935 CVE STATUS: Patched CVE SUMMARY: The File_read_line function in epan/wslua/wslua_file.c in Wireshark through 2.2.11 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet that triggers the attempted processing of an empty line. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17935 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-17997 CVE STATUS: Patched CVE SUMMARY: In Wireshark before 2.2.12, the MRDISC dissector misuses a NULL pointer and crashes. This was addressed in epan/dissectors/packet-mrdisc.c by validating an IPv4 address. This vulnerability is similar to CVE-2017-9343. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17997 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-5596 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the ASTERIX dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-asterix.c by changing a data type to avoid an integer overflow. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5596 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-5597 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the DHCPv6 dissector could go into a large loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dhcpv6.c by changing a data type to avoid an integer overflow. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5597 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-6014 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. This will quickly exhaust all system memory. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6014 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-6467 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a Netscaler file parser infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by changing the restrictions on file size. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6467 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-6468 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser crash, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by validating the relationship between pages and records. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6468 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-6469 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an LDSS dissector crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-ldss.c by ensuring that memory is allocated for a certain data structure. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6469 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-6470 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an IAX2 infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-iax2.c by constraining packet lateness. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6470 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-6471 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a WSP infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wsp.c by validating the capability length. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6471 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-6472 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an RTMPT dissector infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rtmpt.c by properly incrementing a certain sequence value. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6472 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-6473 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a K12 file parser crash, triggered by a malformed capture file. This was addressed in wiretap/k12.c by validating the relationships between lengths and offsets. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6473 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-6474 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by validating record sizes. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6474 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-7700 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the NetScaler file parser could go into an infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by ensuring a nonzero record size. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7700 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-7701 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the BGP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-bgp.c by using a different integer data type. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7701 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-7702 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding length validation. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7702 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-7703 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the IMAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-imap.c by calculating a line's end correctly. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7703 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-7704 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.5, the DOF dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dof.c by using a different integer data type and adjusting a return value. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7704 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-7705 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the RPC over RDMA dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rpcrdma.c by correctly checking for going beyond the maximum offset. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7705 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-7745 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SIGCOMP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-sigcomp.c by correcting a memory-size check. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7745 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-7746 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SLSK dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-slsk.c by adding checks for the remaining length. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7746 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-7747 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the PacketBB dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-packetbb.c by restricting additions to the protocol tree. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7747 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-7748 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WSP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wsp.c by adding a length check. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7748 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-9343 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MSNIP dissector misuses a NULL pointer. This was addressed in epan/dissectors/packet-msnip.c by validating an IPv4 address. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9343 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-9344 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth L2CAP dissector could divide by zero. This was addressed in epan/dissectors/packet-btl2cap.c by validating an interval value. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9344 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-9345 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DNS dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dns.c by trying to detect self-referencing pointers. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9345 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-9346 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-slsk.c by making loop bounds more explicit. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9346 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-9347 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/asn1/ros/packet-ros-template.c by validating an OID. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9347 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-9348 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.6, the DOF dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-dof.c by validating a size value. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9348 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-9349 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissector has an infinite loop. This was addressed in epan/dissectors/packet-dcm.c by validating a length value. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9349 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-9350 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by checking for a negative length. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9350 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-9351 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DHCP dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-bootp.c by extracting the Vendor Class Identifier more carefully. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9351 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-9352 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by ensuring that backwards parsing cannot occur. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9352 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-9353 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash. This was addressed in epan/dissectors/packet-ipv6.c by validating an IPv6 address. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9353 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-9354 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector could crash. This was addressed in epan/dissectors/packet-rgmp.c by validating an IPv4 address. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9354 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-9616 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.7, overly deep mp4 chunks may cause stack exhaustion (uncontrolled recursion) in the dissect_mp4_box function in epan/dissectors/file-mp4.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9616 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-9617 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion (uncontrolled recursion) in the dissect_daap_one_tag function in epan/dissectors/packet-daap.c in the DAAP dissector. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9617 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-9766 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows remote attackers to cause a denial of service (stack exhaustion) in the dissect_IODWriteReq function in plugins/profinet/packet-dcerpc-pn-io.c. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9766 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-11354 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0, the IEEE 1905.1a dissector could crash. This was addressed in epan/dissectors/packet-ieee1905.c by making a certain correction to string handling. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11354 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-11355 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0, the RTCP dissector could crash. This was addressed in epan/dissectors/packet-rtcp.c by avoiding a buffer overflow for packet status chunks. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11355 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-11356 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS dissector could crash. This was addressed in epan/dissectors/packet-dns.c by avoiding a NULL pointer dereference for an empty name in an SRV record. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11356 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-11357 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LTP dissector and other dissectors could consume excessive memory. This was addressed in epan/tvbuff.c by rejecting negative lengths. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11357 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-11358 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the Q.931 dissector could crash. This was addressed in epan/dissectors/packet-q931.c by avoiding a use-after-free after a malformed packet prevented certain cleanup. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11358 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-11359 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the RRC dissector and other dissectors could crash. This was addressed in epan/proto.c by avoiding a NULL pointer dereference. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11359 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-11360 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the GSM A DTAP dissector could crash. This was addressed in epan/dissectors/packet-gsm_a_dtap.c by fixing an off-by-one error that caused a buffer overflow. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11360 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-11361 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0, the IEEE 802.11 protocol dissector could crash. This was addressed in epan/crypt/dot11decrypt.c by avoiding a buffer overflow during FTE processing in Dot11DecryptTDLSDeriveKey. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11361 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-11362 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by avoiding a buffer over-read upon encountering a missing '\0' character. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11362 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-14339 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the MMSE dissector could go into an infinite loop. This was addressed in epan/proto.c by adding offset and length validation. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14339 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-14340 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors that support zlib decompression could crash. This was addressed in epan/tvbuff_zlib.c by rejecting negative lengths to avoid a buffer over-read. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14340 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-14341 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop. This was addressed in epan/dissectors/packet-dcm.c by preventing an offset overflow. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14341 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-14342 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the BGP protocol dissector could go into a large loop. This was addressed in epan/dissectors/packet-bgp.c by validating Path Attribute lengths. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14342 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-14343 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ASN.1 BER dissector could crash. This was addressed in epan/dissectors/packet-ber.c by ensuring that length values do not exceed the maximum signed integer. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14343 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-14344 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ISMP dissector could crash. This was addressed in epan/dissectors/packet-ismp.c by validating the IPX address length to avoid a buffer over-read. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14344 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-14367 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the CoAP protocol dissector could crash. This was addressed in epan/dissectors/packet-coap.c by properly checking for a NULL condition. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14367 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-14368 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the Bazaar protocol dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by properly handling items that are too long. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14368 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-14369 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the HTTP2 dissector could crash. This was addressed in epan/dissectors/packet-http2.c by verifying that header data was found before proceeding to header decompression. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14369 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-14370 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the IEEE 802.11 protocol dissector could crash. This was addressed in epan/crypt/airpdcap.c via bounds checking that prevents a buffer over-read. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14370 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-14438 CVE STATUS: Patched CVE SUMMARY: In Wireshark through 2.6.2, the create_app_running_mutex function in wsutil/file_util.c calls SetSecurityDescriptorDacl to set a NULL DACL, which allows attackers to modify the access control arbitrarily. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14438 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-16056 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth Attribute Protocol dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by verifying that a dissector for a specific UUID exists. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16056 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-16057 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Radiotap dissector could crash. This was addressed in epan/dissectors/packet-ieee80211-radiotap-iter.c by validating iterator operations. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16057 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-16058 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth AVDTP dissector could crash. This was addressed in epan/dissectors/packet-btavdtp.c by properly initializing a data structure. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16058 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-18225 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.3, the CoAP dissector could crash. This was addressed in epan/dissectors/packet-coap.c by ensuring that the piv length is correctly computed. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18225 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-18226 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.3, the Steam IHS Discovery dissector could consume system memory. This was addressed in epan/dissectors/packet-steam-ihs-discovery.c by changing the memory-management approach. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18226 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-18227 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.3 and 2.4.0 to 2.4.9, the MS-WSP protocol dissector could crash. This was addressed in epan/dissectors/packet-mswsp.c by properly handling NULL return values. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18227 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-19622 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the MMSE dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-mmse.c by preventing length overflows. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19622 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-19623 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the LBMPDM dissector could crash. In addition, a remote attacker could write arbitrary data to any memory locations before the packet-scoped memory. This was addressed in epan/dissectors/packet-lbmpdm.c by disallowing certain negative values. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19623 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-19624 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the PVFS dissector could crash. This was addressed in epan/dissectors/packet-pvfs2.c by preventing a NULL pointer dereference. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19624 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-19625 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the dissection engine could crash. This was addressed in epan/tvbuff_composite.c by preventing a heap-based buffer over-read. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19625 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-19626 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the DCOM dissector could crash. This was addressed in epan/dissectors/packet-dcom.c by adding '\0' termination. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19626 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-19627 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by adjusting a buffer boundary. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19627 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-19628 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.4, the ZigBee ZCL dissector could crash. This was addressed in epan/dissectors/packet-zbee-zcl-lighting.c by preventing a divide-by-zero error. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19628 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-5334 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by correcting the signature timestamp bounds checks. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-5334 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-5335 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the WCP dissector could crash. This was addressed in epan/dissectors/packet-wcp.c by validating the available buffer length. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-5335 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-5336 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could crash. This was addressed in epan/tvbparse.c by limiting the recursion depth. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-5336 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-6836 CVE STATUS: Patched CVE SUMMARY: The netmonrec_comment_destroy function in wiretap/netmon.c in Wireshark through 2.4.4 performs a free operation on an uninitialized memory address, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-6836 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-7320 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the SIGCOMP protocol dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by validating operand offsets. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7320 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-7321 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-thrift.c had a large loop that was addressed by not proceeding with dissection after encountering an unexpected type. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7321 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-7322 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-dcm.c had an infinite loop that was addressed by checking for integer wraparound. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7322 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-7323 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-wccp.c had a large loop that was addressed by ensuring that a calculated length was monotonically increasing. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7323 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-7324 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-sccp.c had an infinite loop that was addressed by using a correct integer data type. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7324 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-7325 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpki-rtr.c had an infinite loop that was addressed by validating a length field. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7325 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-7326 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-lltd.c had an infinite loop that was addressed by using a correct integer data type. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7326 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-7327 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-openflow_v6.c had an infinite loop that was addressed by validating property lengths. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7327 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-7328 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-usb.c had an infinite loop that was addressed by rejecting short frame header lengths. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7328 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-7329 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-s7comm.c had an infinite loop that was addressed by correcting off-by-one errors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7329 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-7330 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-thread.c had an infinite loop that was addressed by using a correct integer data type. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7330 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-7331 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-ber.c had an infinite loop that was addressed by validating a length. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7331 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-7332 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-reload.c had an infinite loop that was addressed by validating a length. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7332 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-7333 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpcrdma.c had an infinite loop that was addressed by validating a chunk size. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7333 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-7334 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the UMTS MAC dissector could crash. This was addressed in epan/dissectors/packet-umts_mac.c by rejecting a certain reserved value. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7334 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-7335 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the IEEE 802.11 dissector could crash. This was addressed in epan/crypt/airpdcap.c by rejecting lengths that are too small. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7335 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-7336 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the FCP protocol dissector could crash. This was addressed in epan/dissectors/packet-fcp.c by checking for a NULL pointer. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7336 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-7337 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.4, the DOCSIS protocol dissector could crash. This was addressed in plugins/docsis/packet-docsis.c by removing the recursive algorithm that had been used for concatenated PDUs. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7337 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-7417 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the IPMI dissector could crash. This was addressed in epan/dissectors/packet-ipmi-picmg.c by adding support for crafted packets that lack an IPMI header. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7417 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-7418 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the SIGCOMP dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by correcting the extraction of the length value. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7418 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-7419 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the NBAP dissector could crash. This was addressed in epan/dissectors/asn1/nbap/nbap.cnf by ensuring DCH ID initialization. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7419 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-7420 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the pcapng file parser could crash. This was addressed in wiretap/pcapng.c by adding a block-size check for sysdig event blocks. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7420 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-7421 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the DMP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dmp.c by correctly supporting a bounded number of Security Categories for a DMP Security Classification. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7421 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-9256 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the LWAPP dissector could crash. This was addressed in epan/dissectors/packet-lwapp.c by limiting the encapsulation levels to restrict the recursion depth. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9256 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-9257 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.5, the CQL dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-cql.c by checking for a nonzero number of columns. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9257 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-9258 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.5, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by preserving valid data sources. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9258 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-9259 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the MP4 dissector could crash. This was addressed in epan/dissectors/file-mp4.c by restricting the box recursion depth. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9259 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-9260 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the IEEE 802.15.4 dissector could crash. This was addressed in epan/dissectors/packet-ieee802154.c by ensuring that an allocation step occurs. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9260 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-9261 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the NBAP dissector could crash with a large loop that ends with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-nbap.c by prohibiting the self-linking of DCH-IDs. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9261 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-9262 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the VLAN dissector could crash. This was addressed in epan/dissectors/packet-vlan.c by limiting VLAN tag nesting to restrict the recursion depth. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9262 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-9263 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the Kerberos dissector could crash. This was addressed in epan/dissectors/packet-kerberos.c by ensuring a nonzero key length. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9263 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-9264 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the ADB dissector could crash with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-adb.c by checking for a length inconsistency. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9264 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-9265 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-tn3270.c has a memory leak. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9265 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-9266 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-isup.c has a memory leak. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9266 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-9267 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-lapd.c has a memory leak. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9267 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-9268 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-smb2.c has a memory leak. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9268 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-9269 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-giop.c has a memory leak. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9269 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-9270 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/oids.c has a memory leak. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9270 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-9271 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-multipart.c has a memory leak. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9271 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-9272 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-h223.c has a memory leak. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9272 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-9273 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-pcp.c has a memory leak. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9273 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-9274 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ui/failure_message.c has a memory leak. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9274 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2019-10894 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API dissector could crash. This was addressed in epan/dissectors/packet-gssapi.c by ensuring that a valid dissector is called. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-10894 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2019-10895 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the NetScaler file parser could crash. This was addressed in wiretap/netscaler.c by improving data validation. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-10895 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2019-10896 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DOF dissector could crash. This was addressed in epan/dissectors/packet-dof.c by properly handling generated IID and OID bytes. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-10896 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2019-10897 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.0.0, the IEEE 802.11 dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-ieee80211.c by detecting cases in which the bit offset does not advance. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-10897 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2019-10898 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.0.0, the GSUP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gsm_gsup.c by rejecting an invalid Information Element length. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-10898 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2019-10899 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC dissector could crash. This was addressed in epan/dissectors/packet-srvloc.c by preventing a heap-based buffer under-read. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-10899 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2019-10900 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.0.0, the Rbm dissector could go into an infinite loop. This was addressed in epan/dissectors/file-rbm.c by handling unknown object types safely. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-10900 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2019-10901 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by handling file digests properly. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-10901 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2019-10902 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.0.0, the TSDNS dissector could crash. This was addressed in epan/dissectors/packet-tsdns.c by splitting strings safely. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-10902 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2019-10903 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. This was addressed in epan/dissectors/packet-dcerpc-spoolss.c by adding a boundary check. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-10903 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2019-12295 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection engine could crash. This was addressed in epan/packet.c by restricting the number of layers and consequently limiting recursion. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-12295 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2019-13619 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ASN.1 BER dissector and related dissectors could crash. This was addressed in epan/asn1.c by properly restricting buffer increments. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-13619 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2019-16319 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon dissector could go into an infinite loop. This was addressed in plugins/epan/gryphon/packet-gryphon.c by checking for a message length of zero. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-16319 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2019-19553 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS dissector could crash. This was addressed in epan/dissectors/asn1/cms/packet-cms-template.c by ensuring that an object identifier is set to NULL after a ContentInfo dissection. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-19553 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2019-5716 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.5, the 6LoWPAN dissector could crash. This was addressed in epan/dissectors/packet-6lowpan.c by avoiding use of a TVB before its creation. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-5716 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2019-5717 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the P_MUL dissector could crash. This was addressed in epan/dissectors/packet-p_mul.c by rejecting the invalid sequence number of zero. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-5717 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2019-5718 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the RTSE dissector and other ASN.1 dissectors could crash. This was addressed in epan/charsets.c by adding a get_t61_string length check. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-5718 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2019-5719 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the ISAKMP dissector could crash. This was addressed in epan/dissectors/packet-isakmp.c by properly handling the case of a missing decryption data block. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-5719 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2019-5721 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.11, the ENIP dissector could crash. This was addressed in epan/dissectors/packet-enip.c by changing the memory-management approach so that a use-after-free is avoided. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-5721 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2019-9208 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the TCAP dissector could crash. This was addressed in epan/dissectors/asn1/tcap/tcap.cnf by avoiding NULL pointer dereferences. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9208 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2019-9209 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and related dissectors could crash. This was addressed in epan/dissectors/packet-ber.c by preventing a buffer overflow associated with excessive digits in time values. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9209 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2019-9214 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the RPCAP dissector could crash. This was addressed in epan/dissectors/packet-rpcap.c by avoiding an attempted dereference of a NULL conversation. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9214 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2020-11647 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the BACapp dissector could crash. This was addressed in epan/dissectors/packet-bacapp.c by limiting the amount of recursion. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-11647 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2020-13164 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the NFS dissector could crash. This was addressed in epan/dissectors/packet-nfs.c by preventing excessive recursion, such as for a cycle in the directory graph on a filesystem. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-13164 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2020-15466 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gvcp.c by ensuring that an offset increases in all situations. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-15466 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2020-17498 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-17498 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2020-25862 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by changing the handling of the invalid 0xFFFF checksum. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-25862 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2020-25863 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the MIME Multipart dissector could crash. This was addressed in epan/dissectors/packet-multipart.c by correcting the deallocation of invalid MIME parts. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-25863 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2020-25866 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages. This was addressed in epan/dissectors/packet-blip.c by allowing reasonable compression ratios and rejecting ZIP bombs. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-25866 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2020-26418 CVE STATUS: Patched CVE SUMMARY: Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 3.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-26418 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2020-26419 CVE STATUS: Patched CVE SUMMARY: Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 3.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-26419 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2020-26420 CVE STATUS: Patched CVE SUMMARY: Memory leak in RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 3.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-26420 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2020-26421 CVE STATUS: Patched CVE SUMMARY: Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 4.2 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-26421 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2020-26422 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 3.7 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-26422 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2020-26575 CVE STATUS: Patched CVE SUMMARY: In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop. This was addressed in epan/dissectors/packet-fbzero.c by correcting the implementation of offset advancement. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-26575 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2020-28030 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. This was addressed in epan/dissectors/packet-gquic.c by correcting the implementation of offset advancement. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-28030 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2020-7044 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.2.x before 3.2.1, the WASSP dissector could crash. This was addressed in epan/dissectors/packet-wassp.c by using >= and <= to resolve off-by-one errors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-7044 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2020-7045 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.0.x before 3.0.8, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by validating opcodes. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-7045 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2020-9428 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the EAP dissector could crash. This was addressed in epan/dissectors/packet-eap.c by using more careful sscanf parsing. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-9428 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2020-9429 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.2.0 to 3.2.1, the WireGuard dissector could crash. This was addressed in epan/dissectors/packet-wireguard.c by handling the situation where a certain data structure intentionally has a NULL value. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-9429 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2020-9430 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the WiMax DLMAP dissector could crash. This was addressed in plugins/epan/wimax/msg_dlmap.c by validating a length field. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-9430 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2020-9431 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the LTE RRC dissector could leak memory. This was addressed in epan/dissectors/packet-lte-rrc.c by adjusting certain append operations. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-9431 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2021-22173 CVE STATUS: Patched CVE SUMMARY: Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 3.7 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-22173 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2021-22174 CVE STATUS: Patched CVE SUMMARY: Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 3.7 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-22174 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2021-22191 CVE STATUS: Patched CVE SUMMARY: Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 6.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-22191 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2021-22207 CVE STATUS: Patched CVE SUMMARY: Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-22207 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2021-22222 CVE STATUS: Patched CVE SUMMARY: Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-22222 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2021-22235 CVE STATUS: Patched CVE SUMMARY: Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to 3.2.14 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-22235 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2021-39920 CVE STATUS: Patched CVE SUMMARY: NULL pointer exception in the IPPUSB dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-39920 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2021-39921 CVE STATUS: Patched CVE SUMMARY: NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-39921 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2021-39922 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the C12.22 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-39922 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2021-39923 CVE STATUS: Patched CVE SUMMARY: Large loop in the PNRP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-39923 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2021-39924 CVE STATUS: Patched CVE SUMMARY: Large loop in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-39924 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2021-39925 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the Bluetooth SDP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-39925 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2021-39926 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the Bluetooth HCI_ISO dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-39926 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2021-39928 CVE STATUS: Patched CVE SUMMARY: NULL pointer exception in the IEEE 802.11 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-39928 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2021-39929 CVE STATUS: Patched CVE SUMMARY: Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-39929 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2021-4181 CVE STATUS: Patched CVE SUMMARY: Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4181 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2021-4182 CVE STATUS: Patched CVE SUMMARY: Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4182 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2021-4183 CVE STATUS: Patched CVE SUMMARY: Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of service via crafted capture file CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4183 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2021-4184 CVE STATUS: Patched CVE SUMMARY: Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4184 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2021-4185 CVE STATUS: Patched CVE SUMMARY: Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4185 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2021-4186 CVE STATUS: Patched CVE SUMMARY: Crash in the Gryphon dissector in Wireshark 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 6.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4186 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2021-4190 CVE STATUS: Patched CVE SUMMARY: Large loop in the Kafka dissector in Wireshark 3.6.0 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4190 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2022-0581 CVE STATUS: Patched CVE SUMMARY: Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 6.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0581 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2022-0582 CVE STATUS: Patched CVE SUMMARY: Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 6.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0582 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2022-0583 CVE STATUS: Patched CVE SUMMARY: Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 6.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0583 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2022-0585 CVE STATUS: Patched CVE SUMMARY: Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allow denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 4.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0585 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2022-0586 CVE STATUS: Patched CVE SUMMARY: Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 6.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0586 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2022-3190 CVE STATUS: Patched CVE SUMMARY: Infinite loop in the F5 Ethernet Trailer protocol dissector in Wireshark 3.6.0 to 3.6.7 and 3.4.0 to 3.4.15 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3190 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2022-3724 CVE STATUS: Patched CVE SUMMARY: Crash in the USB HID protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file on Windows CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3724 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2022-3725 CVE STATUS: Patched CVE SUMMARY: Crash in the OPUS protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3725 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2022-4344 CVE STATUS: Patched CVE SUMMARY: Memory exhaustion in the Kafka protocol dissector in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-4344 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2022-4345 CVE STATUS: Patched CVE SUMMARY: Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-4345 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2023-0411 CVE STATUS: Patched CVE SUMMARY: Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0411 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2023-0412 CVE STATUS: Patched CVE SUMMARY: TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0412 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2023-0413 CVE STATUS: Patched CVE SUMMARY: Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0413 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2023-0414 CVE STATUS: Patched CVE SUMMARY: Crash in the EAP dissector in Wireshark 4.0.0 to 4.0.2 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0414 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2023-0415 CVE STATUS: Patched CVE SUMMARY: iSCSI dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0415 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2023-0416 CVE STATUS: Patched CVE SUMMARY: GNW dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0416 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2023-0417 CVE STATUS: Patched CVE SUMMARY: Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0417 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2023-0666 CVE STATUS: Patched CVE SUMMARY: Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0666 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2023-0667 CVE STATUS: Patched CVE SUMMARY: Due to failure in validating the length provided by an attacker-crafted MSMMS packet, Wireshark version 4.0.5 and prior, in an unusual configuration, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0667 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2023-0668 CVE STATUS: Patched CVE SUMMARY: Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0668 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2023-1161 CVE STATUS: Patched CVE SUMMARY: ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-1161 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2023-1992 CVE STATUS: Patched CVE SUMMARY: RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-1992 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2023-1993 CVE STATUS: Patched CVE SUMMARY: LISP dissector large loop in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-1993 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2023-1994 CVE STATUS: Patched CVE SUMMARY: GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-1994 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2023-2854 CVE STATUS: Patched CVE SUMMARY: BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-2854 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2023-2855 CVE STATUS: Patched CVE SUMMARY: Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-2855 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2023-2856 CVE STATUS: Patched CVE SUMMARY: VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-2856 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2023-2857 CVE STATUS: Patched CVE SUMMARY: BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-2857 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2023-2858 CVE STATUS: Patched CVE SUMMARY: NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-2858 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2023-2879 CVE STATUS: Patched CVE SUMMARY: GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-2879 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2023-2906 CVE STATUS: Patched CVE SUMMARY: Due to a failure in validating the length provided by an attacker-crafted CP2179 packet, Wireshark versions 2.0.0 through 4.0.7 is susceptible to a divide by zero allowing for a denial of service attack. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-2906 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2023-2952 CVE STATUS: Patched CVE SUMMARY: XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-2952 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2023-3648 CVE STATUS: Patched CVE SUMMARY: Kafka dissector crash in Wireshark 4.0.0 to 4.0.6 and 3.6.0 to 3.6.14 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-3648 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2023-3649 CVE STATUS: Patched CVE SUMMARY: iSCSI dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-3649 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2023-4511 CVE STATUS: Patched CVE SUMMARY: BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4511 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2023-4512 CVE STATUS: Patched CVE SUMMARY: CBOR dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4512 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2023-4513 CVE STATUS: Patched CVE SUMMARY: BT SDP dissector memory leak in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4513 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2023-5371 CVE STATUS: Patched CVE SUMMARY: RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3.6.16 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-5371 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2023-6174 CVE STATUS: Patched CVE SUMMARY: SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-6174 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2023-6175 CVE STATUS: Patched CVE SUMMARY: NetScreen file parser crash in Wireshark 4.0.0 to 4.0.10 and 3.6.0 to 3.6.18 allows denial of service via crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-6175 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2024-0207 CVE STATUS: Patched CVE SUMMARY: HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-0207 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2024-0208 CVE STATUS: Patched CVE SUMMARY: GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-0208 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2024-0209 CVE STATUS: Patched CVE SUMMARY: IEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-0209 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2024-0210 CVE STATUS: Patched CVE SUMMARY: Zigbee TLV dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-0210 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2024-0211 CVE STATUS: Patched CVE SUMMARY: DOCSIS dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-0211 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2024-11595 CVE STATUS: Unpatched CVE SUMMARY: FiveCo RAP dissector infinite loop in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-11595 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2024-11596 CVE STATUS: Unpatched CVE SUMMARY: ECMP dissector crash in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-11596 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2024-24476 CVE STATUS: Patched CVE SUMMARY: A buffer overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the pan/addr_resolv.c, and ws_manuf_lookup_str(), size components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-24476 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2024-24478 CVE STATUS: Patched CVE SUMMARY: An issue in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the packet-bgp.c, dissect_bgp_open(tvbuff_t*tvb, proto_tree*tree, packet_info*pinfo), optlen components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-24478 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2024-24479 CVE STATUS: Patched CVE SUMMARY: A Buffer Overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the wsutil/to_str.c, and format_fractional_part_nsecs components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-24479 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2024-4854 CVE STATUS: Patched CVE SUMMARY: MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22 allow denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.4 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-4854 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2024-8250 CVE STATUS: Patched CVE SUMMARY: NTLMSSP dissector crash in Wireshark 4.2.0 to 4.0.6 and 4.0.0 to 4.0.16 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-8250 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2024-8645 CVE STATUS: Patched CVE SUMMARY: SPRT dissector crash in Wireshark 4.2.0 to 4.0.5 and 4.0.0 to 4.0.15 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-8645 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2024-9780 CVE STATUS: Patched CVE SUMMARY: ITS dissector crash in Wireshark 4.4.0 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-9780 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2024-9781 CVE STATUS: Patched CVE SUMMARY: AppleTalk and RELOAD Framing dissector crash in Wireshark 4.4.0 and 4.2.0 to 4.2.7 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-9781 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2025-1492 CVE STATUS: Unpatched CVE SUMMARY: Bundle Protocol and CBOR dissector crashes in Wireshark 4.4.0 to 4.4.3 and 4.2.0 to 4.2.10 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-1492 LAYER: meta PACKAGE NAME: icu PACKAGE VERSION: 74-2 CVE: CVE-2007-4770 CVE STATUS: Patched CVE SUMMARY: libicu in International Components for Unicode (ICU) 3.8.1 and earlier attempts to process backreferences to the nonexistent capture group zero (aka \0), which might allow context-dependent attackers to read from, or write to, out-of-bounds memory locations, related to corruption of REStackFrames. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-4770 LAYER: meta PACKAGE NAME: icu PACKAGE VERSION: 74-2 CVE: CVE-2007-4771 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the doInterval function in regexcmp.cpp in libicu in International Components for Unicode (ICU) 3.8.1 and earlier allows context-dependent attackers to cause a denial of service (memory consumption) and possibly have unspecified other impact via a regular expression that writes a large amount of data to the backtracking stack. NOTE: some of these details are obtained from third party information. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-4771 LAYER: meta PACKAGE NAME: icu PACKAGE VERSION: 74-2 CVE: CVE-2011-4599 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the _canonicalize function in common/uloc.c in International Components for Unicode (ICU) before 49.1 allows remote attackers to execute arbitrary code via a crafted locale ID that is not properly handled during variant canonicalization. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-4599 LAYER: meta PACKAGE NAME: icu PACKAGE VERSION: 74-2 CVE: CVE-2014-7923 CVE STATUS: Patched CVE SUMMARY: The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a look-behind expression. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-7923 LAYER: meta PACKAGE NAME: icu PACKAGE VERSION: 74-2 CVE: CVE-2014-7926 CVE STATUS: Patched CVE SUMMARY: The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a zero-length quantifier. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-7926 LAYER: meta PACKAGE NAME: icu PACKAGE VERSION: 74-2 CVE: CVE-2014-7940 CVE STATUS: Patched CVE SUMMARY: The collator implementation in i18n/ucol.cpp in International Components for Unicode (ICU) 52 through SVN revision 293126, as used in Google Chrome before 40.0.2214.91, does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted character sequence. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-7940 LAYER: meta PACKAGE NAME: icu PACKAGE VERSION: 74-2 CVE: CVE-2014-8146 CVE STATUS: Patched CVE SUMMARY: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8146 LAYER: meta PACKAGE NAME: icu PACKAGE VERSION: 74-2 CVE: CVE-2014-8147 CVE STATUS: Patched CVE SUMMARY: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 uses an integer data type that is inconsistent with a header file, which allows remote attackers to cause a denial of service (incorrect malloc followed by invalid free) or possibly execute arbitrary code via crafted text. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8147 LAYER: meta PACKAGE NAME: icu PACKAGE VERSION: 74-2 CVE: CVE-2014-9654 CVE STATUS: Patched CVE SUMMARY: The Regular Expressions package in International Components for Unicode (ICU) for C/C++ before 2014-12-03, as used in Google Chrome before 40.0.2214.91, calculates certain values without ensuring that they can be represented in a 24-bit field, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted string, a related issue to CVE-2014-7923. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9654 LAYER: meta PACKAGE NAME: icu PACKAGE VERSION: 74-2 CVE: CVE-2014-9911 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the ures_getByKeyWithFallback function in common/uresbund.cpp in International Components for Unicode (ICU) before 54.1 for C/C++ allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted uloc_getDisplayName call. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9911 LAYER: meta PACKAGE NAME: icu PACKAGE VERSION: 74-2 CVE: CVE-2015-5922 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in International Components for Unicode (ICU) before 53.1.0, as used in Apple OS X before 10.11 and watchOS before 2, has unknown impact and attack vectors. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5922 LAYER: meta PACKAGE NAME: icu PACKAGE VERSION: 74-2 CVE: CVE-2016-6293 CVE STATUS: Patched CVE SUMMARY: The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ does not ensure that there is a '\0' character at the end of a certain temporary array, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long httpAcceptLanguage argument. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6293 LAYER: meta PACKAGE NAME: icu PACKAGE VERSION: 74-2 CVE: CVE-2016-7415 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the Locale class in common/locid.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long locale string. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7415 LAYER: meta PACKAGE NAME: icu PACKAGE VERSION: 74-2 CVE: CVE-2017-14952 CVE STATUS: Patched CVE SUMMARY: Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ through 59.1 allows remote attackers to execute arbitrary code via a crafted string, aka a "redundant UVector entry clean up function call" issue. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14952 LAYER: meta PACKAGE NAME: icu PACKAGE VERSION: 74-2 CVE: CVE-2017-15396 CVE STATUS: Patched CVE SUMMARY: A stack buffer overflow in NumberingSystem in International Components for Unicode (ICU) for C/C++ before 60.2, as used in V8 in Google Chrome prior to 62.0.3202.75 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15396 LAYER: meta PACKAGE NAME: icu PACKAGE VERSION: 74-2 CVE: CVE-2017-15422 CVE STATUS: Patched CVE SUMMARY: Integer overflow in international date handling in International Components for Unicode (ICU) for C/C++ before 60.1, as used in V8 in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15422 LAYER: meta PACKAGE NAME: icu PACKAGE VERSION: 74-2 CVE: CVE-2017-17484 CVE STATUS: Patched CVE SUMMARY: The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components for Unicode (ICU) for C/C++ through 60.1 mishandles ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted string, as demonstrated by ZNC. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17484 LAYER: meta PACKAGE NAME: icu PACKAGE VERSION: 74-2 CVE: CVE-2017-7867 CVE STATUS: Patched CVE SUMMARY: International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7867 LAYER: meta PACKAGE NAME: icu PACKAGE VERSION: 74-2 CVE: CVE-2017-7868 CVE STATUS: Patched CVE SUMMARY: International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7868 LAYER: meta PACKAGE NAME: icu PACKAGE VERSION: 74-2 CVE: CVE-2018-18928 CVE STATUS: Patched CVE SUMMARY: International Components for Unicode (ICU) for C/C++ 63.1 has an integer overflow in number::impl::DecimalQuantity::toScientificString() in i18n/number_decimalquantity.cpp. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18928 LAYER: meta PACKAGE NAME: icu PACKAGE VERSION: 74-2 CVE: CVE-2020-10531 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-10531 LAYER: meta PACKAGE NAME: icu PACKAGE VERSION: 74-2 CVE: CVE-2020-21913 CVE STATUS: Patched CVE SUMMARY: International Components for Unicode (ICU-20850) v66.1 was discovered to contain a use after free bug in the pkg_createWithAssemblyCode function in the file tools/pkgdata/pkgdata.cpp. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-21913 LAYER: meta PACKAGE NAME: bison PACKAGE VERSION: 3.8.2 CVE: CVE-2020-14150 CVE STATUS: Patched CVE SUMMARY: GNU Bison before 3.5.4 allows attackers to cause a denial of service (application crash). NOTE: there is a risk only if Bison is used with untrusted input, and an observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug reports were intended to show that a crash may occur in Bison itself, not that a crash may occur in code that is generated by Bison. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-14150 LAYER: meta PACKAGE NAME: bison PACKAGE VERSION: 3.8.2 CVE: CVE-2020-24240 CVE STATUS: Patched CVE SUMMARY: GNU Bison before 3.7.1 has a use-after-free in _obstack_free in lib/obstack.c (called from gram_lex) when a '\0' byte is encountered. NOTE: there is a risk only if Bison is used with untrusted input, and the observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug report was intended to show that a crash may occur in Bison itself, not that a crash may occur in code that is generated by Bison. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-24240 LAYER: meta-oe PACKAGE NAME: dhrystone PACKAGE VERSION: 2.1 CVE: CVE-2020-23026 CVE STATUS: Unpatched CVE SUMMARY: A NULL pointer dereference in the main() function dhry_1.c of dhrystone 2.1 causes a denial of service (DoS). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-23026 LAYER: meta PACKAGE NAME: wget PACKAGE VERSION: 1.21.4 CVE: CVE-1999-0402 CVE STATUS: Patched CVE SUMMARY: wget 1.5.3 follows symlinks to change permissions of the target file instead of the symlink itself. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-1999-0402 LAYER: meta PACKAGE NAME: wget PACKAGE VERSION: 1.21.4 CVE: CVE-2002-1344 CVE STATUS: Patched CVE SUMMARY: Directory traversal vulnerability in wget before 1.8.2-4 allows a remote FTP server to create or overwrite files as the wget user via filenames containing (1) /absolute/path or (2) .. (dot dot) sequences. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-1344 LAYER: meta PACKAGE NAME: wget PACKAGE VERSION: 1.21.4 CVE: CVE-2004-1487 CVE STATUS: Patched CVE SUMMARY: wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite certain files via a redirection URL containing a ".." that resolves to the IP address of the malicious server, which bypasses wget's filtering for ".." sequences. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-1487 LAYER: meta PACKAGE NAME: wget PACKAGE VERSION: 1.21.4 CVE: CVE-2004-1488 CVE STATUS: Patched CVE SUMMARY: wget 1.8.x and 1.9.x does not filter or quote control characters when displaying HTTP responses to the terminal, which may allow remote malicious web servers to inject terminal escape sequences and execute arbitrary code. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-1488 LAYER: meta PACKAGE NAME: wget PACKAGE VERSION: 1.21.4 CVE: CVE-2004-2014 CVE STATUS: Patched CVE SUMMARY: Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via a symlink attack on the name of the file being downloaded. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-2014 LAYER: meta PACKAGE NAME: wget PACKAGE VERSION: 1.21.4 CVE: CVE-2005-3185 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the ntlm_output function in http-ntlm.c for (1) wget 1.10, (2) curl 7.13.2, and (3) libcurl 7.13.2, and other products that use libcurl, when NTLM authentication is enabled, allows remote servers to execute arbitrary code via a long NTLM username. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-3185 LAYER: meta PACKAGE NAME: wget PACKAGE VERSION: 1.21.4 CVE: CVE-2006-6719 CVE STATUS: Patched CVE SUMMARY: The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) GNU wget 1.10.2 allows remote attackers to cause a denial of service (application crash) via a malicious FTP server with a large number of blank 220 responses to the SYST command. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-6719 LAYER: meta PACKAGE NAME: wget PACKAGE VERSION: 1.21.4 CVE: CVE-2009-3490 CVE STATUS: Patched CVE SUMMARY: GNU Wget before 1.12 does not properly handle a '\0' character in a domain name in the Common Name field of an X.509 certificate, which allows man-in-the-middle remote attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-3490 LAYER: meta PACKAGE NAME: wget PACKAGE VERSION: 1.21.4 CVE: CVE-2010-2252 CVE STATUS: Patched CVE SUMMARY: GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect to a URL with a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2252 LAYER: meta PACKAGE NAME: wget PACKAGE VERSION: 1.21.4 CVE: CVE-2014-4877 CVE STATUS: Patched CVE SUMMARY: Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-4877 LAYER: meta PACKAGE NAME: wget PACKAGE VERSION: 1.21.4 CVE: CVE-2016-4971 CVE STATUS: Patched CVE SUMMARY: GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4971 LAYER: meta PACKAGE NAME: wget PACKAGE VERSION: 1.21.4 CVE: CVE-2016-7098 CVE STATUS: Patched CVE SUMMARY: Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP connection open. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7098 LAYER: meta PACKAGE NAME: wget PACKAGE VERSION: 1.21.4 CVE: CVE-2017-13089 CVE STATUS: Patched CVE SUMMARY: The http.c:skip_short_body() function is called in some circumstances, such as when processing redirects. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to skip the chunk in pieces of 512 bytes by using the MIN() macro, but ends up passing the negative chunk length to connect.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13089 LAYER: meta PACKAGE NAME: wget PACKAGE VERSION: 1.21.4 CVE: CVE-2017-13090 CVE STATUS: Patched CVE SUMMARY: The retr.c:fd_read_body() function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to read the chunk in pieces of 8192 bytes by using the MIN() macro, but ends up passing the negative chunk length to retr.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument. The attacker can corrupt malloc metadata after the allocated buffer. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13090 LAYER: meta PACKAGE NAME: wget PACKAGE VERSION: 1.21.4 CVE: CVE-2017-6508 CVE STATUS: Patched CVE SUMMARY: CRLF injection vulnerability in the url_parse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6508 LAYER: meta PACKAGE NAME: wget PACKAGE VERSION: 1.21.4 CVE: CVE-2018-0494 CVE STATUS: Patched CVE SUMMARY: GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \r\n sequence in a continuation line. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-0494 LAYER: meta PACKAGE NAME: wget PACKAGE VERSION: 1.21.4 CVE: CVE-2018-20483 CVE STATUS: Patched CVE SUMMARY: set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20483 LAYER: meta PACKAGE NAME: wget PACKAGE VERSION: 1.21.4 CVE: CVE-2019-5953 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-5953 LAYER: meta PACKAGE NAME: wget PACKAGE VERSION: 1.21.4 CVE: CVE-2021-31879 CVE STATUS: Patched CVE SUMMARY: GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 6.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-31879 LAYER: meta PACKAGE NAME: wget PACKAGE VERSION: 1.21.4 CVE: CVE-2024-10524 CVE STATUS: Patched CVE SUMMARY: Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-10524 LAYER: meta PACKAGE NAME: wget PACKAGE VERSION: 1.21.4 CVE: CVE-2024-38428 CVE STATUS: Patched CVE SUMMARY: url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-38428 LAYER: meta PACKAGE NAME: findutils PACKAGE VERSION: 4.9.0 CVE: CVE-2001-1036 CVE STATUS: Patched CVE SUMMARY: GNU locate in findutils 4.1 on Slackware 7.1 and 8.0 allows local users to gain privileges via an old formatted filename database (locatedb) that contains an entry with an out-of-range offset, which causes locate to write to arbitrary process memory. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2001-1036 LAYER: meta PACKAGE NAME: findutils PACKAGE VERSION: 4.9.0 CVE: CVE-2007-2452 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the visit_old_format function in locate/locate.c in locate in GNU findutils before 4.2.31 might allow context-dependent attackers to execute arbitrary code via a long pathname in a locate database that has the old format, a different vulnerability than CVE-2001-1036. CVSS v2 BASE SCORE: 6.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-2452 LAYER: meta PACKAGE NAME: libmicrohttpd PACKAGE VERSION: 1.0.1 CVE: CVE-2013-7038 CVE STATUS: Patched CVE SUMMARY: The MHD_http_unescape function in libmicrohttpd before 0.9.32 might allow remote attackers to obtain sensitive information or cause a denial of service (crash) via unspecified vectors that trigger an out-of-bounds read. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-7038 LAYER: meta PACKAGE NAME: libmicrohttpd PACKAGE VERSION: 1.0.1 CVE: CVE-2013-7039 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the MHD_digest_auth_check function in libmicrohttpd before 0.9.32, when MHD_OPTION_CONNECTION_MEMORY_LIMIT is set to a large value, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long URI in an authentication header. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-7039 LAYER: meta PACKAGE NAME: libmicrohttpd PACKAGE VERSION: 1.0.1 CVE: CVE-2021-3466 CVE STATUS: Patched CVE SUMMARY: A flaw was found in libmicrohttpd. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that uses libmicrohttpd. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Only version 0.9.70 is vulnerable. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3466 LAYER: meta PACKAGE NAME: libmicrohttpd PACKAGE VERSION: 1.0.1 CVE: CVE-2023-27371 CVE STATUS: Patched CVE SUMMARY: GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0' bytes in a multipart/form-data boundary field, which - assuming a specific heap layout - will result in an out-of-bounds read and a crash in the find_boundary() function. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-27371 LAYER: meta-virtualization PACKAGE NAME: containerd-opencontainers PACKAGE VERSION: v2.0.0-beta.0+git CVE: CVE-2020-15157 CVE STATUS: Patched CVE SUMMARY: In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer (otherwise known as a “foreign layer”), the default containerd resolver will follow that URL to attempt to download it. In v1.2.x but not 1.3.0 or later, the default containerd resolver will provide its authentication credentials if the server where the URL is located presents an HTTP 401 status code along with registry-specific HTTP headers. If an attacker publishes a public image with a manifest that directs one of the layers to be fetched from a web server they control and they trick a user or system into pulling the image, they can obtain the credentials used for pulling that image. In some cases, this may be the user's username and password for the registry. In other cases, this may be the credentials attached to the cloud virtual instance which can grant access to other cloud resources in the account. The default containerd resolver is used by the cri-containerd plugin (which can be used by Kubernetes), the ctr development tool, and other client programs that have explicitly linked against it. This vulnerability has been fixed in containerd 1.2.14. containerd 1.3 and later are not affected. If you are using containerd 1.3 or later, you are not affected. If you are using cri-containerd in the 1.2 series or prior, you should ensure you only pull images from trusted sources. Other container runtimes built on top of containerd but not using the default resolver (such as Docker) are not affected. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 6.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-15157 LAYER: meta-virtualization PACKAGE NAME: containerd-opencontainers PACKAGE VERSION: v2.0.0-beta.0+git CVE: CVE-2020-15257 CVE STATUS: Patched CVE SUMMARY: containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim’s API socket verified that the connecting process had an effective UID of 0, but did not otherwise restrict access to the abstract Unix domain socket. This would allow malicious containers running in the same network namespace as the shim, with an effective UID of 0 but otherwise reduced privileges, to cause new processes to be run with elevated privileges. This vulnerability has been fixed in containerd 1.3.9 and 1.4.3. Users should update to these versions as soon as they are released. It should be noted that containers started with an old version of containerd-shim should be stopped and restarted, as running containers will continue to be vulnerable even after an upgrade. If you are not providing the ability for untrusted users to start containers in the same network namespace as the shim (typically the "host" network namespace, for example with docker run --net=host or hostNetwork: true in a Kubernetes pod) and run with an effective UID of 0, you are not vulnerable to this issue. If you are running containers with a vulnerable configuration, you can deny access to all abstract sockets with AppArmor by adding a line similar to deny unix addr=@**, to your policy. It is best practice to run containers with a reduced set of privileges, with a non-zero UID, and with isolated namespaces. The containerd maintainers strongly advise against sharing namespaces with the host. Reducing the set of isolation mechanisms used for a container necessarily increases that container's privilege, regardless of what container runtime is used for running that container. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 5.2 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-15257 LAYER: meta-virtualization PACKAGE NAME: containerd-opencontainers PACKAGE VERSION: v2.0.0-beta.0+git CVE: CVE-2021-21334 CVE STATUS: Patched CVE SUMMARY: In containerd (an industry-standard container runtime) before versions 1.3.10 and 1.4.4, containers launched through containerd's CRI implementation (through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service) that share the same image may receive incorrect environment variables, including values that are defined for other containers. If the affected containers have different security contexts, this may allow sensitive information to be unintentionally shared. If you are not using containerd's CRI implementation (through one of the mechanisms described above), you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image which have different environment variables, you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image in rapid succession, you have reduced likelihood of being vulnerable to this issue This vulnerability has been fixed in containerd 1.3.10 and containerd 1.4.4. Users should update to these versions. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-21334 LAYER: meta-virtualization PACKAGE NAME: containerd-opencontainers PACKAGE VERSION: v2.0.0-beta.0+git CVE: CVE-2021-32760 CVE STATUS: Patched CVE SUMMARY: containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially affected by this bug through policies and profiles that prevent containerd from interacting with specific files. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 5.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-32760 LAYER: meta-virtualization PACKAGE NAME: containerd-opencontainers PACKAGE VERSION: v2.0.0-beta.0+git CVE: CVE-2021-41103 CVE STATUS: Patched CVE SUMMARY: containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-41103 LAYER: meta-virtualization PACKAGE NAME: containerd-opencontainers PACKAGE VERSION: v2.0.0-beta.0+git CVE: CVE-2021-43816 CVE STATUS: Patched CVE SUMMARY: containerd is an open source container runtime. On installations using SELinux, such as EL8 (CentOS, RHEL), Fedora, or SUSE MicroOS, with containerd since v1.5.0-beta.0 as the backing container runtime interface (CRI), an unprivileged pod scheduled to the node may bind mount, via hostPath volume, any privileged, regular file on disk for complete read/write access (sans delete). Such is achieved by placing the in-container location of the hostPath volume mount at either `/etc/hosts`, `/etc/hostname`, or `/etc/resolv.conf`. These locations are being relabeled indiscriminately to match the container process-label which effectively elevates permissions for savvy containers that would not normally be able to access privileged host files. This issue has been resolved in version 1.5.9. Users are advised to upgrade as soon as possible. CVSS v2 BASE SCORE: 6.0 CVSS v3 BASE SCORE: 8.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-43816 LAYER: meta-virtualization PACKAGE NAME: containerd-opencontainers PACKAGE VERSION: v2.0.0-beta.0+git CVE: CVE-2022-23471 CVE STATUS: Patched CVE SUMMARY: containerd is an open source container runtime. A bug was found in containerd's CRI implementation where a user can exhaust memory on the host. In the CRI stream server, a goroutine is launched to handle terminal resize events if a TTY is requested. If the user's process fails to launch due to, for example, a faulty command, the goroutine will be stuck waiting to send without a receiver, resulting in a memory leak. Kubernetes and crictl can both be configured to use containerd's CRI implementation and the stream server is used for handling container IO. This bug has been fixed in containerd 1.6.12 and 1.5.16. Users should update to these versions to resolve the issue. Users unable to upgrade should ensure that only trusted images and commands are used and that only trusted users have permissions to execute commands in running containers. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.7 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-23471 LAYER: meta-virtualization PACKAGE NAME: containerd-opencontainers PACKAGE VERSION: v2.0.0-beta.0+git CVE: CVE-2022-23648 CVE STATUS: Patched CVE SUMMARY: containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd’s CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-23648 LAYER: meta-virtualization PACKAGE NAME: containerd-opencontainers PACKAGE VERSION: v2.0.0-beta.0+git CVE: CVE-2022-31030 CVE STATUS: Patched CVE SUMMARY: containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the `ExecSync` API. This can cause containerd to consume all available memory on the computer, denying service to other legitimate workloads. Kubernetes and crictl can both be configured to use containerd's CRI implementation; `ExecSync` may be used when running probes or when executing processes via an "exec" facility. This bug has been fixed in containerd 1.6.6 and 1.5.13. Users should update to these versions to resolve the issue. Users unable to upgrade should ensure that only trusted images and commands are used. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-31030 LAYER: meta-virtualization PACKAGE NAME: containerd-opencontainers PACKAGE VERSION: v2.0.0-beta.0+git CVE: CVE-2023-25153 CVE STATUS: Patched CVE SUMMARY: containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This bug has been fixed in containerd 1.6.18 and 1.5.18. Users should update to these versions to resolve the issue. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.2 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-25153 LAYER: meta-virtualization PACKAGE NAME: containerd-opencontainers PACKAGE VERSION: v2.0.0-beta.0+git CVE: CVE-2023-25173 CVE STATUS: Patched CVE SUMMARY: containerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. Downstream applications that use the containerd client library may be affected as well. This bug has been fixed in containerd v1.6.18 and v.1.5.18. Users should update to these versions and recreate containers to resolve this issue. Users who rely on a downstream application that uses containerd's client library should check that application for a separate advisory and instructions. As a workaround, ensure that the `"USER $USERNAME"` Dockerfile instruction is not used. Instead, set the container entrypoint to a value similar to `ENTRYPOINT ["su", "-", "user"]` to allow `su` to properly set up supplementary groups. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-25173 LAYER: meta PACKAGE NAME: python3-certifi PACKAGE VERSION: 2024.2.2 CVE: CVE-2024-39689 CVE STATUS: Patched CVE SUMMARY: Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.5.30 and prior to 2024.7.4 recognized root certificates from `GLOBALTRUST`. Certifi 2024.7.04 removes root certificates from `GLOBALTRUST` from the root store. These are in the process of being removed from Mozilla's trust store. `GLOBALTRUST`'s root certificates are being removed pursuant to an investigation which identified "long-running and unresolved compliance issues." CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-39689 LAYER: meta PACKAGE NAME: libdnf PACKAGE VERSION: 0.73.2 CVE: CVE-2021-3445 CVE STATUS: Patched CVE SUMMARY: A flaw was found in libdnf's signature verification functionality in versions before 0.60.1. This flaw allows an attacker to achieve code execution if they can alter the header information of an RPM package and then trick a user or system into installing it. The highest risk of this vulnerability is to confidentiality, integrity, as well as system availability. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3445 LAYER: meta PACKAGE NAME: x11perf PACKAGE VERSION: 1_1.6.1 CVE: CVE-2011-2504 CVE STATUS: Patched CVE SUMMARY: Untrusted search path vulnerability in x11perfcomp in XFree86 x11perf before 1.5.4 allows local users to gain privileges via unspecified Trojan horse code in the current working directory. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-2504 LAYER: meta PACKAGE NAME: lame PACKAGE VERSION: 3.100 CVE: CVE-2015-9099 CVE STATUS: Patched CVE SUMMARY: The lame_init_params function in lame.c in libmp3lame.a in LAME 3.99.5 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file with a negative sample rate. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-9099 LAYER: meta PACKAGE NAME: lame PACKAGE VERSION: 3.100 CVE: CVE-2015-9100 CVE STATUS: Patched CVE SUMMARY: The fill_buffer_resample function in util.c in libmp3lame.a in LAME 3.99.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted audio file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-9100 LAYER: meta PACKAGE NAME: lame PACKAGE VERSION: 3.100 CVE: CVE-2015-9101 CVE STATUS: Patched CVE SUMMARY: The fill_buffer_resample function in util.c in libmp3lame.a in LAME 3.98.4, 3.98.2, 3.98, 3.99, 3.99.1, 3.99.2, 3.99.3, 3.99.4 and 3.99.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-9101 LAYER: meta PACKAGE NAME: lame PACKAGE VERSION: 3.100 CVE: CVE-2017-11720 CVE STATUS: Patched CVE SUMMARY: There is a division-by-zero vulnerability in LAME 3.99.5, caused by a malformed input file. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11720 LAYER: meta PACKAGE NAME: lame PACKAGE VERSION: 3.100 CVE: CVE-2017-13712 CVE STATUS: Patched CVE SUMMARY: NULL Pointer Dereference in the id3v2AddAudioDuration function in libmp3lame/id3tag.c in LAME 3.99.5 allows attackers to perform Denial of Service by triggering a NULL first argument. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13712 LAYER: meta PACKAGE NAME: lame PACKAGE VERSION: 3.100 CVE: CVE-2017-15018 CVE STATUS: Patched CVE SUMMARY: LAME 3.99.5, 3.99.4, 3.99.3, 3.99.2, 3.99.1, 3.99, 3.98.4, 3.98.2 and 3.98 have a heap-based buffer over-read when handling a malformed file in k_34_4 in vbrquantize.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15018 LAYER: meta PACKAGE NAME: lame PACKAGE VERSION: 3.100 CVE: CVE-2017-15019 CVE STATUS: Patched CVE SUMMARY: LAME 3.99.5 has a NULL Pointer Dereference in the hip_decode_init function within libmp3lame/mpglib_interface.c via a malformed mpg file, because of an incorrect calloc call. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15019 LAYER: meta PACKAGE NAME: lame PACKAGE VERSION: 3.100 CVE: CVE-2017-15045 CVE STATUS: Patched CVE SUMMARY: LAME 3.99, 3.99.1, 3.99.2, 3.99.3, 3.99.4, 3.99.5, 3.98.4, 3.98.2 and 3.98 has a heap-based buffer over-read in fill_buffer in libmp3lame/util.c, related to lame_encode_buffer_sample_t in libmp3lame/lame.c, a different vulnerability than CVE-2017-9410. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15045 LAYER: meta PACKAGE NAME: lame PACKAGE VERSION: 3.100 CVE: CVE-2017-15046 CVE STATUS: Patched CVE SUMMARY: LAME 3.99.5, 3.99.4, 3.98.4, 3.98.2, 3.98 and 3.97 have a stack-based buffer overflow in unpack_read_samples in frontend/get_audio.c, a different vulnerability than CVE-2017-9412. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15046 LAYER: meta PACKAGE NAME: lame PACKAGE VERSION: 3.100 CVE: CVE-2017-8419 CVE STATUS: Patched CVE SUMMARY: LAME through 3.99.5 relies on the signed integer data type for values in a WAV or AIFF header, which allows remote attackers to cause a denial of service (stack-based buffer overflow or heap-based buffer overflow) or possibly have unspecified other impact via a crafted file, as demonstrated by mishandling of num_channels. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8419 LAYER: meta PACKAGE NAME: lame PACKAGE VERSION: 3.100 CVE: CVE-2017-9412 CVE STATUS: Patched CVE SUMMARY: The unpack_read_samples function in frontend/get_audio.c in LAME 3.99.5 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted wav file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9412 LAYER: meta PACKAGE NAME: lame PACKAGE VERSION: 3.100 CVE: CVE-2017-9869 CVE STATUS: Patched CVE SUMMARY: The II_step_one function in layer2.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9869 LAYER: meta PACKAGE NAME: lame PACKAGE VERSION: 3.100 CVE: CVE-2017-9870 CVE STATUS: Patched CVE SUMMARY: The III_i_stereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file that is mishandled in the code for the "block_type == 2" case, a similar issue to CVE-2017-11126. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9870 LAYER: meta PACKAGE NAME: lame PACKAGE VERSION: 3.100 CVE: CVE-2017-9871 CVE STATUS: Patched CVE SUMMARY: The III_i_stereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9871 LAYER: meta PACKAGE NAME: lame PACKAGE VERSION: 3.100 CVE: CVE-2017-9872 CVE STATUS: Patched CVE SUMMARY: The III_dequantize_sample function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9872 LAYER: meta-python PACKAGE NAME: python3-twisted PACKAGE VERSION: 24.3.0 CVE: CVE-2024-41671 CVE STATUS: Patched CVE SUMMARY: Twisted is an event-based framework for internet applications, supporting Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure. This vulnerability is fixed in 24.7.0rc1. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-41671 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2004-0657 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the NTP daemon (NTPd) before 4.0 causes the NTP server to return the wrong date/time offset when a client requests a date/time that is more than 34 years away from the server's time. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0657 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2009-0021 CVE STATUS: Patched CVE SUMMARY: NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-0021 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2009-0159 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-0159 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2009-1252 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-1252 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2009-3563 CVE STATUS: Patched CVE SUMMARY: ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-3563 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2013-5211 CVE STATUS: Patched CVE SUMMARY: The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-5211 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2014-5209 CVE STATUS: Patched CVE SUMMARY: An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET_RESTRICT control message, which could let a malicious user obtain sensitive information. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-5209 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2014-9293 CVE STATUS: Patched CVE SUMMARY: The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9293 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2014-9294 CVE STATUS: Patched CVE SUMMARY: util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9294 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2014-9295 CVE STATUS: Patched CVE SUMMARY: Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9295 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2014-9296 CVE STATUS: Patched CVE SUMMARY: The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 continues to execute after detecting a certain authentication error, which might allow remote attackers to trigger an unintended association change via crafted packets. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9296 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2014-9750 CVE STATUS: Patched CVE SUMMARY: ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service (daemon crash) via a packet containing an extension field with an invalid value for the length of its value field. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9750 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2014-9751 CVE STATUS: Patched CVE SUMMARY: The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it easier for remote attackers to spoof restricted packets, and read or write to the runtime state, by leveraging the ability to reach the ntpd machine's network interface with a packet from the ::1 address. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9751 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-1798 CVE STATUS: Patched CVE SUMMARY: The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC. CVSS v2 BASE SCORE: 1.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:H/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1798 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-1799 CVE STATUS: Patched CVE SUMMARY: The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1799 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-3405 CVE STATUS: Patched CVE SUMMARY: ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3405 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-5146 CVE STATUS: Patched CVE DETAIL: fixed-version CVE DESCRIPTION: Yocto CVE check can not handle 'p' in ntp version CVE SUMMARY: ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote configuration to cause a denial of service (service crash) via a NULL byte in a crafted configuration directive packet. CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5146 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-5194 CVE STATUS: Patched CVE SUMMARY: The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5194 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-5195 CVE STATUS: Patched CVE SUMMARY: ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5195 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-5219 CVE STATUS: Patched CVE SUMMARY: The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5219 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-5300 CVE STATUS: Patched CVE DETAIL: fixed-version CVE DESCRIPTION: Yocto CVE check can not handle 'p' in ntp version CVE SUMMARY: The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5300 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-7691 CVE STATUS: Patched CVE SUMMARY: The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7691 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-7692 CVE STATUS: Patched CVE SUMMARY: The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7692 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-7701 CVE STATUS: Patched CVE SUMMARY: Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7701 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-7702 CVE STATUS: Patched CVE SUMMARY: The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7702 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-7703 CVE STATUS: Patched CVE SUMMARY: The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7703 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-7704 CVE STATUS: Patched CVE SUMMARY: The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7704 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-7705 CVE STATUS: Patched CVE SUMMARY: The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7705 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-7849 CVE STATUS: Patched CVE SUMMARY: Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7849 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-7850 CVE STATUS: Patched CVE SUMMARY: ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7850 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-7851 CVE STATUS: Patched CVE SUMMARY: Directory traversal vulnerability in the save_config function in ntpd in ntp_control.c in NTP before 4.2.8p4, when used on systems that do not use '\' or '/' characters for directory separation such as OpenVMS, allows remote authenticated users to overwrite arbitrary files. CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:S/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7851 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-7852 CVE STATUS: Patched CVE SUMMARY: ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7852 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-7853 CVE STATUS: Patched CVE SUMMARY: The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7853 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-7854 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7854 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-7855 CVE STATUS: Patched CVE SUMMARY: The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7855 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-7871 CVE STATUS: Patched CVE SUMMARY: Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7871 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-7973 CVE STATUS: Patched CVE SUMMARY: NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7973 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-7974 CVE STATUS: Patched CVE SUMMARY: NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key." CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 7.7 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7974 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-7975 CVE STATUS: Patched CVE DETAIL: fixed-version CVE DESCRIPTION: Yocto CVE check can not handle 'p' in ntp version CVE SUMMARY: The nextvar function in NTP before 4.2.8p6 and 4.3.x before 4.3.90 does not properly validate the length of its input, which allows an attacker to cause a denial of service (application crash). CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.2 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7975 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-7976 CVE STATUS: Patched CVE DETAIL: fixed-version CVE DESCRIPTION: Yocto CVE check can not handle 'p' in ntp version CVE SUMMARY: The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 4.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7976 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-7977 CVE STATUS: Patched CVE DETAIL: fixed-version CVE DESCRIPTION: Yocto CVE check can not handle 'p' in ntp version CVE SUMMARY: ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7977 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-7978 CVE STATUS: Patched CVE DETAIL: fixed-version CVE DESCRIPTION: Yocto CVE check can not handle 'p' in ntp version CVE SUMMARY: NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers to cause a denial of service (stack exhaustion) via an ntpdc relist command, which triggers recursive traversal of the restriction list. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7978 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-7979 CVE STATUS: Patched CVE DETAIL: fixed-version CVE DESCRIPTION: Yocto CVE check can not handle 'p' in ntp version CVE SUMMARY: NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a broadcast client. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7979 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-8138 CVE STATUS: Patched CVE DETAIL: fixed-version CVE DESCRIPTION: Yocto CVE check can not handle 'p' in ntp version CVE SUMMARY: NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8138 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-8139 CVE STATUS: Patched CVE DETAIL: fixed-version CVE DESCRIPTION: Yocto CVE check can not handle 'p' in ntp version CVE SUMMARY: ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8139 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-8140 CVE STATUS: Patched CVE DETAIL: fixed-version CVE DESCRIPTION: Yocto CVE check can not handle 'p' in ntp version CVE SUMMARY: The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 4.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8140 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-8158 CVE STATUS: Patched CVE DETAIL: fixed-version CVE DESCRIPTION: Yocto CVE check can not handle 'p' in ntp version CVE SUMMARY: The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (infinite loop) via crafted packets with incorrect values. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8158 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2016-1547 CVE STATUS: Patched CVE DETAIL: fixed-version CVE DESCRIPTION: Yocto CVE check can not handle 'p' in ntp version CVE SUMMARY: An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-1547 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2016-1548 CVE STATUS: Patched CVE SUMMARY: An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer->dst timestamp recorded for that server. After making this switch, the client in NTP 4.2.8p4 and earlier and NTPSec aa48d001683e5b791a743ec9c575aaf7d867a2b0c will reject all future legitimate server responses. It is possible to force the victim client to move time after the mode has been changed. ntpq gives no indication that the mode has been switched. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 7.2 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-1548 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2016-1549 CVE STATUS: Patched CVE SUMMARY: A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim's clock. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-1549 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2016-1550 CVE STATUS: Patched CVE SUMMARY: An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-1550 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2016-1551 CVE STATUS: Patched CVE SUMMARY: ntpd in NTP 4.2.8p3 and NTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 relies on the underlying operating system to protect it from requests that impersonate reference clocks. Because reference clocks are treated like other peers and stored in the same structure, any packet with a source ip address of a reference clock (127.127.1.1 for example) that reaches the receive() function will match that reference clock's peer record and will be treated as a trusted peer. Any system that lacks the typical martian packet filtering which would block these packets is in danger of having its time controlled by an attacker. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 3.7 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-1551 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2016-2516 CVE STATUS: Patched CVE DETAIL: fixed-version CVE DESCRIPTION: Yocto CVE check can not handle 'p' in ntp version CVE SUMMARY: NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, allows remote attackers to cause a denial of service (ntpd abort) by using the same IP address multiple times in an unconfig directive. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2516 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2016-2517 CVE STATUS: Patched CVE DETAIL: fixed-version CVE DESCRIPTION: Yocto CVE check can not handle 'p' in ntp version CVE SUMMARY: NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (prevent subsequent authentication) by leveraging knowledge of the controlkey or requestkey and sending a crafted packet to ntpd, which changes the value of trustedkey, controlkey, or requestkey. NOTE: this vulnerability exists because of a CVE-2016-2516 regression. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:S/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2517 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2016-2518 CVE STATUS: Patched CVE SUMMARY: The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2518 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2016-2519 CVE STATUS: Patched CVE DETAIL: fixed-version CVE DESCRIPTION: Yocto CVE check can not handle 'p' in ntp version CVE SUMMARY: ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (ntpd abort) by a large request data value, which triggers the ctl_getitem function to return a NULL value. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:S/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2519 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2016-4953 CVE STATUS: Patched CVE SUMMARY: ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4953 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2016-4954 CVE STATUS: Patched CVE SUMMARY: The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4954 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2016-4955 CVE STATUS: Patched CVE SUMMARY: ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4955 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2016-4956 CVE STATUS: Patched CVE SUMMARY: ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4956 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2016-4957 CVE STATUS: Patched CVE SUMMARY: ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4957 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2016-7426 CVE STATUS: Patched CVE SUMMARY: NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7426 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2016-7427 CVE STATUS: Patched CVE SUMMARY: The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode packet. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 4.3 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7427 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2016-7428 CVE STATUS: Patched CVE SUMMARY: ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 4.3 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7428 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2016-7429 CVE STATUS: Patched CVE DETAIL: fixed-version CVE DESCRIPTION: Yocto CVE check can not handle 'p' in ntp version CVE SUMMARY: NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source) by sending a response for a source to an interface the source does not use. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 3.7 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7429 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2016-7431 CVE STATUS: Patched CVE SUMMARY: NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero. NOTE: this vulnerability exists because of a CVE-2015-8138 regression. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7431 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2016-7433 CVE STATUS: Patched CVE DETAIL: fixed-version CVE DESCRIPTION: Yocto CVE check can not handle 'p' in ntp version CVE SUMMARY: NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a "root distance that did not include the peer dispersion." CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7433 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2016-7434 CVE STATUS: Patched CVE SUMMARY: The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7434 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2016-9042 CVE STATUS: Patched CVE SUMMARY: An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 3.7 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9042 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2016-9310 CVE STATUS: Patched CVE DETAIL: fixed-version CVE DESCRIPTION: Yocto CVE check can not handle 'p' in ntp version CVE SUMMARY: The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9310 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2016-9311 CVE STATUS: Patched CVE DETAIL: fixed-version CVE DESCRIPTION: Yocto CVE check can not handle 'p' in ntp version CVE SUMMARY: ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9311 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2016-9312 CVE STATUS: Ignored CVE DETAIL: not-applicable-platform CVE DESCRIPTION: Issue only applies on Windows CVE SUMMARY: ntpd in NTP before 4.2.8p9, when running on Windows, allows remote attackers to cause a denial of service via a large UDP packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9312 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2017-6451 CVE STATUS: Patched CVE SUMMARY: The mx4200_send function in the legacy MX4200 refclock in NTP before 4.2.8p10 and 4.3.x before 4.3.94 does not properly handle the return value of the snprintf function, which allows local users to execute arbitrary code via unspecified vectors, which trigger an out-of-bounds memory write. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6451 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2017-6452 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via an application path on the command line. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6452 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2017-6455 CVE STATUS: Patched CVE SUMMARY: NTP before 4.2.8p10 and 4.3.x before 4.3.94, when using PPSAPI, allows local users to gain privileges via a DLL in the PPSAPI_DLLS environment variable. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 7.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6455 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2017-6458 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6458 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2017-6459 CVE STATUS: Patched CVE SUMMARY: The Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via vectors related to an argument with multiple null bytes. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6459 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2017-6460 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction list response. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6460 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2017-6462 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the legacy Datum Programmable Time Server (DPTS) refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted /dev/datum device. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6462 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2017-6463 CVE STATUS: Patched CVE SUMMARY: NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote authenticated users to cause a denial of service (daemon crash) via an invalid setting in a :config directive, related to the unpeer option. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6463 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2017-6464 CVE STATUS: Patched CVE SUMMARY: NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to cause a denial of service (ntpd crash) via a malformed mode configuration directive. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6464 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2018-12327 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-12327 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2018-7170 CVE STATUS: Patched CVE SUMMARY: ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549. CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:S/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7170 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2018-7182 CVE STATUS: Patched CVE SUMMARY: The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7182 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2018-7183 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7183 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2018-7184 CVE STATUS: Patched CVE SUMMARY: ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7184 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2018-7185 CVE STATUS: Patched CVE SUMMARY: The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7185 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2018-8956 CVE STATUS: Patched CVE SUMMARY: ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via soofed mode 3 and mode 5 packets. The attacker must either be a part of the same broadcast network or control a slave in that broadcast network that can capture certain required packets on the attacker's behalf and send them to the attacker. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-8956 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2019-11331 CVE STATUS: Ignored CVE DETAIL: upstream-wontfix CVE DESCRIPTION: inherent to RFC 5905 and cannot be fixed without breaking compatibility CVE SUMMARY: Network Time Protocol (NTP), as specified in RFC 5905, uses port 123 even for modes where a fixed port number is not required, which makes it easier for remote attackers to conduct off-path attacks. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-11331 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2019-8936 CVE STATUS: Patched CVE SUMMARY: NTP through 4.2.8p12 has a NULL Pointer Dereference. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-8936 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2020-11868 CVE STATUS: Patched CVE SUMMARY: ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-11868 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2020-13817 CVE STATUS: Patched CVE SUMMARY: ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-13817 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2020-15025 CVE STATUS: Patched CVE SUMMARY: ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 4.4 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-15025 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2023-26551 CVE STATUS: Patched CVE SUMMARY: mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cpself_code equals 10, self->code_table[10].extends will assign the value 11 to c. The next execution in the loop will assign self->code_table[11].extends to c, which will give the value of 10. This will make the loop run infinitely. This bug can, for example, be triggered by calling this function with a GIF image with LZW compression that is crafted in a special way. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-29385 LAYER: meta PACKAGE NAME: gdk-pixbuf PACKAGE VERSION: 2.42.12 CVE: CVE-2021-20240 CVE STATUS: Patched CVE SUMMARY: A flaw was found in gdk-pixbuf in versions before 2.42.0. An integer wraparound leading to an out of bounds write can occur when a crafted GIF image is loaded. An attacker may cause applications to crash or could potentially execute code on the victim system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVSS v2 BASE SCORE: 8.3 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-20240 LAYER: meta PACKAGE NAME: gdk-pixbuf PACKAGE VERSION: 2.42.12 CVE: CVE-2021-46829 CVE STATUS: Patched CVE SUMMARY: GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused for code execution, especially on 32-bit systems. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-46829 LAYER: meta PACKAGE NAME: libexif PACKAGE VERSION: 0.6.24 CVE: CVE-2005-0664 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the EXIF library (libexif) 0.6.9 does not properly validate the structure of the EXIF tags, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a JPEG image with a crafted EXIF tag. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-0664 LAYER: meta PACKAGE NAME: libexif PACKAGE VERSION: 0.6.24 CVE: CVE-2006-4168 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the exif_data_load_data_entry function in libexif/exif-data.c in Libexif before 0.6.16 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via an image with many EXIF components, which triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-4168 LAYER: meta PACKAGE NAME: libexif PACKAGE VERSION: 0.6.24 CVE: CVE-2007-2645 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the exif_data_load_data_entry function in exif-data.c in libexif before 0.6.14 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted EXIF data, involving the (1) doff or (2) s variable. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-2645 LAYER: meta PACKAGE NAME: libexif PACKAGE VERSION: 0.6.24 CVE: CVE-2007-6351 CVE STATUS: Patched CVE SUMMARY: libexif 0.6.16 and earlier allows context-dependent attackers to cause a denial of service (infinite recursion) via an image file with crafted EXIF tags, possibly involving the exif_loader_write function in exif_loader.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6351 LAYER: meta PACKAGE NAME: libexif PACKAGE VERSION: 0.6.24 CVE: CVE-2007-6352 CVE STATUS: Patched CVE SUMMARY: Integer overflow in libexif 0.6.16 and earlier allows context-dependent attackers to execute arbitrary code via an image with crafted EXIF tags, possibly involving the exif_data_load_data_thumbnail function in exif-data.c. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6352 LAYER: meta PACKAGE NAME: libexif PACKAGE VERSION: 0.6.24 CVE: CVE-2009-3895 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the exif_entry_fix function (aka the tag fixup routine) in libexif/exif-entry.c in libexif 0.6.18 allows remote attackers to cause a denial of service or possibly execute arbitrary code via an invalid EXIF image. NOTE: some of these details are obtained from third party information. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-3895 LAYER: meta PACKAGE NAME: libexif PACKAGE VERSION: 0.6.24 CVE: CVE-2012-2812 CVE STATUS: Patched CVE SUMMARY: The exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2812 LAYER: meta PACKAGE NAME: libexif PACKAGE VERSION: 0.6.24 CVE: CVE-2012-2813 CVE STATUS: Patched CVE SUMMARY: The exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2813 LAYER: meta PACKAGE NAME: libexif PACKAGE VERSION: 0.6.24 CVE: CVE-2012-2814 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the exif_entry_format_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in an image. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2814 LAYER: meta PACKAGE NAME: libexif PACKAGE VERSION: 0.6.24 CVE: CVE-2012-2836 CVE STATUS: Patched CVE SUMMARY: The exif_data_load_data function in exif-data.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2836 LAYER: meta PACKAGE NAME: libexif PACKAGE VERSION: 0.6.24 CVE: CVE-2012-2837 CVE STATUS: Patched CVE SUMMARY: The mnote_olympus_entry_get_value function in olympus/mnote-olympus-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (divide-by-zero error) via an image with crafted EXIF tags that are not properly handled during the formatting of EXIF maker note tags. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2837 LAYER: meta PACKAGE NAME: libexif PACKAGE VERSION: 0.6.24 CVE: CVE-2012-2840 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in an image. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2840 LAYER: meta PACKAGE NAME: libexif PACKAGE VERSION: 0.6.24 CVE: CVE-2012-2841 CVE STATUS: Patched CVE SUMMARY: Integer underflow in the exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 might allow remote attackers to execute arbitrary code via vectors involving a crafted buffer-size parameter during the formatting of an EXIF tag, leading to a heap-based buffer overflow. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2841 LAYER: meta PACKAGE NAME: libexif PACKAGE VERSION: 0.6.24 CVE: CVE-2016-6328 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in libexif. An integer overflow when parsing the MNOTE entry data of the input file. This can cause Denial-of-Service (DoS) and Information Disclosure (disclosing some critical heap chunk metadata, even other applications' private data). CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 6.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6328 LAYER: meta PACKAGE NAME: libexif PACKAGE VERSION: 0.6.24 CVE: CVE-2017-7544 CVE STATUS: Patched CVE SUMMARY: libexif through 0.6.21 is vulnerable to out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c caused by improper length computation of the allocated data of an ExifMnote entry which can cause denial-of-service or possibly information disclosure. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7544 LAYER: meta PACKAGE NAME: libexif PACKAGE VERSION: 0.6.24 CVE: CVE-2018-20030 CVE STATUS: Patched CVE SUMMARY: An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags within libexif version 0.6.21 can be exploited to exhaust available CPU resources. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20030 LAYER: meta PACKAGE NAME: libexif PACKAGE VERSION: 0.6.24 CVE: CVE-2020-0093 CVE STATUS: Patched CVE SUMMARY: In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-148705132 CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 5.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-0093 LAYER: meta PACKAGE NAME: libexif PACKAGE VERSION: 0.6.24 CVE: CVE-2020-0181 CVE STATUS: Patched CVE SUMMARY: In exif_data_load_data_thumbnail of exif-data.c, there is a possible denial of service due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145075076 CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-0181 LAYER: meta PACKAGE NAME: libexif PACKAGE VERSION: 0.6.24 CVE: CVE-2020-0198 CVE STATUS: Patched CVE SUMMARY: In exif_data_load_data_content of exif-data.c, there is a possible UBSAN abort due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146428941 CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-0198 LAYER: meta PACKAGE NAME: libexif PACKAGE VERSION: 0.6.24 CVE: CVE-2020-12767 CVE STATUS: Patched CVE SUMMARY: exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-12767 LAYER: meta PACKAGE NAME: libexif PACKAGE VERSION: 0.6.24 CVE: CVE-2020-13112 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-13112 LAYER: meta PACKAGE NAME: libexif PACKAGE VERSION: 0.6.24 CVE: CVE-2020-13113 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free conditions. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 8.2 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-13113 LAYER: meta PACKAGE NAME: libexif PACKAGE VERSION: 0.6.24 CVE: CVE-2020-13114 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amounts of compute time for decoding EXIF data. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-13114 LAYER: meta-oe PACKAGE NAME: libopus PACKAGE VERSION: 1.5.2 CVE: CVE-2013-0899 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the padding implementation in the opus_packet_parse_impl function in src/opus_decoder.c in Opus before 1.0.2, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a long packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0899 LAYER: meta PACKAGE NAME: kexec-tools PACKAGE VERSION: 2.0.28 CVE: CVE-2011-3588 CVE STATUS: Patched CVE SUMMARY: The SSH configuration in the Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, disables the StrictHostKeyChecking option, which allows man-in-the-middle attackers to spoof kdump servers, and obtain sensitive core information, by using an arbitrary SSH key. CVSS v2 BASE SCORE: 5.7 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:C/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3588 LAYER: meta PACKAGE NAME: kexec-tools PACKAGE VERSION: 2.0.28 CVE: CVE-2011-3589 CVE STATUS: Patched CVE SUMMARY: The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, uses world-readable permissions for vmcore files, which allows local users to obtain sensitive information by inspecting the file content, as demonstrated by a search for a root SSH key. CVSS v2 BASE SCORE: 5.7 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:C/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3589 LAYER: meta PACKAGE NAME: kexec-tools PACKAGE VERSION: 2.0.28 CVE: CVE-2011-3590 CVE STATUS: Patched CVE SUMMARY: The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, includes all of root's SSH private keys within a vmcore file, which allows context-dependent attackers to obtain sensitive information by inspecting the file content. CVSS v2 BASE SCORE: 5.7 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:C/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3590 LAYER: meta PACKAGE NAME: kexec-tools PACKAGE VERSION: 2.0.28 CVE: CVE-2015-0267 CVE STATUS: Patched CVE SUMMARY: The Red Hat module-setup.sh script for kexec-tools, as distributed in the kexec-tools before 2.0.7-19 packages in Red Hat Enterprise Linux, allows local users to write to arbitrary files via a symlink attack on a temporary file. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0267 LAYER: meta PACKAGE NAME: kexec-tools PACKAGE VERSION: 2.0.28 CVE: CVE-2021-20269 CVE STATUS: Patched CVE SUMMARY: A flaw was found in the permissions of a log file created by kexec-tools. This flaw allows a local unprivileged user to read this file and leak kernel internal information from a previous panic. The highest threat from this vulnerability is to confidentiality. This flaw affects kexec-tools shipped by Fedora versions prior to 2.0.21-8 and RHEL versions prior to 2.0.20-47. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-20269 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2006-4447 CVE STATUS: Patched CVE SUMMARY: X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-4447 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2007-4730 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the compNewPixmap function in compalloc.c in the Composite extension for the X.org X11 server before 1.4 allows local users to execute arbitrary code by copying data from a large pixel depth pixmap into a smaller pixel depth pixmap. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-4730 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2007-6427 CVE STATUS: Patched CVE SUMMARY: The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6427 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2011-4028 CVE STATUS: Patched CVE SUMMARY: The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to determine the existence of arbitrary files via a symlink attack on a temporary lock file, which is handled differently if the file exists. CVSS v2 BASE SCORE: 1.2 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-4028 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2011-4029 CVE STATUS: Patched CVE SUMMARY: The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to change the permissions of arbitrary files to 444, read those files, and possibly cause a denial of service (removed execution permission) via a symlink attack on a temporary lock file. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-4029 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2011-4613 CVE STATUS: Ignored CVE DETAIL: not-applicable-platform CVE DESCRIPTION: This is specific to Debian's xserver-wrapper.c CVE SUMMARY: The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu Linux does not properly verify the TTY of a user who is starting X, which allows local users to bypass intended access restrictions by associating stdin with a file that is misinterpreted as the console TTY. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-4613 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2014-8091 CVE STATUS: Patched CVE SUMMARY: X.Org X Window System (aka X11 and X) X11R5 and X.Org Server (aka xserver and xorg-server) before 1.16.3, when using SUN-DES-1 (Secure RPC) authentication credentials, does not check the return value of a malloc call, which allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a crafted connection request. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8091 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2014-8092 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in X.Org X Window System (aka X11 or X) X11R1 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to the (1) ProcPutImage, (2) GetHosts, (3) RegionSizeof, or (4) REQUEST_FIXED_SIZE function, which triggers an out-of-bounds read or write. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8092 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2014-8093 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in the GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to the (1) __glXDisp_ReadPixels, (2) __glXDispSwap_ReadPixels, (3) __glXDisp_GetTexImage, (4) __glXDispSwap_GetTexImage, (5) GetSeparableFilter, (6) GetConvolutionFilter, (7) GetHistogram, (8) GetMinmax, (9) GetColorTable, (10) __glXGetAnswerBuffer, (11) __GLX_GET_ANSWER_BUFFER, (12) __glXMap1dReqSize, (13) __glXMap1fReqSize, (14) Map2Size, (15) __glXMap2dReqSize, (16) __glXMap2fReqSize, (17) __glXImageSize, or (18) __glXSeparableFilter2DReqSize function, which triggers an out-of-bounds read or write. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8093 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2014-8094 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the ProcDRI2GetBuffers function in the DRI2 extension in X.Org Server (aka xserver and xorg-server) 1.7.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request, which triggers an out-of-bounds read or write. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8094 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2014-8095 CVE STATUS: Patched CVE SUMMARY: The XInput extension in X.Org X Window System (aka X11 or X) X11R4 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcXChangeDeviceControl, (2) ProcXChangeDeviceControl, (3) ProcXChangeFeedbackControl, (4) ProcXSendExtensionEvent, (5) SProcXIAllowEvents, (6) SProcXIChangeCursor, (7) ProcXIChangeHierarchy, (8) SProcXIGetClientPointer, (9) SProcXIGrabDevice, (10) SProcXIUngrabDevice, (11) ProcXIUngrabDevice, (12) SProcXIPassiveGrabDevice, (13) ProcXIPassiveGrabDevice, (14) SProcXIPassiveUngrabDevice, (15) ProcXIPassiveUngrabDevice, (16) SProcXListDeviceProperties, (17) SProcXDeleteDeviceProperty, (18) SProcXIListProperties, (19) SProcXIDeleteProperty, (20) SProcXIGetProperty, (21) SProcXIQueryDevice, (22) SProcXIQueryPointer, (23) SProcXISelectEvents, (24) SProcXISetClientPointer, (25) SProcXISetFocus, (26) SProcXIGetFocus, or (27) SProcXIWarpPointer function. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8095 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2014-8096 CVE STATUS: Patched CVE SUMMARY: The SProcXCMiscGetXIDList function in the XC-MISC extension in X.Org X Window System (aka X11 or X) X11R6.0 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8096 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2014-8097 CVE STATUS: Patched CVE SUMMARY: The DBE extension in X.Org X Window System (aka X11 or X) X11R6.1 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) ProcDbeSwapBuffers or (2) SProcDbeSwapBuffers function. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8097 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2014-8098 CVE STATUS: Patched CVE SUMMARY: The GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) __glXDisp_Render, (2) __glXDisp_RenderLarge, (3) __glXDispSwap_VendorPrivate, (4) __glXDispSwap_VendorPrivateWithReply, (5) set_client_info, (6) __glXDispSwap_SetClientInfoARB, (7) DoSwapInterval, (8) DoGetProgramString, (9) DoGetString, (10) __glXDispSwap_RenderMode, (11) __glXDisp_GetCompressedTexImage, (12) __glXDispSwap_GetCompressedTexImage, (13) __glXDisp_FeedbackBuffer, (14) __glXDispSwap_FeedbackBuffer, (15) __glXDisp_SelectBuffer, (16) __glXDispSwap_SelectBuffer, (17) __glXDisp_Flush, (18) __glXDispSwap_Flush, (19) __glXDisp_Finish, (20) __glXDispSwap_Finish, (21) __glXDisp_ReadPixels, (22) __glXDispSwap_ReadPixels, (23) __glXDisp_GetTexImage, (24) __glXDispSwap_GetTexImage, (25) __glXDisp_GetPolygonStipple, (26) __glXDispSwap_GetPolygonStipple, (27) __glXDisp_GetSeparableFilter, (28) __glXDisp_GetSeparableFilterEXT, (29) __glXDisp_GetConvolutionFilter, (30) __glXDisp_GetConvolutionFilterEXT, (31) __glXDisp_GetHistogram, (32) __glXDisp_GetHistogramEXT, (33) __glXDisp_GetMinmax, (34) __glXDisp_GetMinmaxEXT, (35) __glXDisp_GetColorTable, (36) __glXDisp_GetColorTableSGI, (37) GetSeparableFilter, (38) GetConvolutionFilter, (39) GetHistogram, (40) GetMinmax, or (41) GetColorTable function. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8098 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2014-8099 CVE STATUS: Patched CVE SUMMARY: The XVideo extension in XFree86 4.0.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcXvQueryExtension, (2) SProcXvQueryAdaptors, (3) SProcXvQueryEncodings, (4) SProcXvGrabPort, (5) SProcXvUngrabPort, (6) SProcXvPutVideo, (7) SProcXvPutStill, (8) SProcXvGetVideo, (9) SProcXvGetStill, (10) SProcXvPutImage, (11) SProcXvShmPutImage, (12) SProcXvSelectVideoNotify, (13) SProcXvSelectPortNotify, (14) SProcXvStopVideo, (15) SProcXvSetPortAttribute, (16) SProcXvGetPortAttribute, (17) SProcXvQueryBestSize, (18) SProcXvQueryPortAttributes, (19) SProcXvQueryImageAttributes, or (20) SProcXvListImageFormats function. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8099 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2014-8100 CVE STATUS: Patched CVE SUMMARY: The Render extension in XFree86 4.0.1, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) ProcRenderQueryVersion, (2) SProcRenderQueryVersion, (3) SProcRenderQueryPictFormats, (4) SProcRenderQueryPictIndexValues, (5) SProcRenderCreatePicture, (6) SProcRenderChangePicture, (7) SProcRenderSetPictureClipRectangles, (8) SProcRenderFreePicture, (9) SProcRenderComposite, (10) SProcRenderScale, (11) SProcRenderCreateGlyphSet, (12) SProcRenderReferenceGlyphSet, (13) SProcRenderFreeGlyphSet, (14) SProcRenderFreeGlyphs, or (15) SProcRenderCompositeGlyphs function. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8100 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2014-8101 CVE STATUS: Patched CVE SUMMARY: The RandR extension in XFree86 4.2.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcRRQueryVersion, (2) SProcRRGetScreenInfo, (3) SProcRRSelectInput, or (4) SProcRRConfigureOutputProperty function. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8101 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2014-8102 CVE STATUS: Patched CVE SUMMARY: The SProcXFixesSelectSelectionInput function in the XFixes extension in X.Org X Window System (aka X11 or X) X11R6.8.0 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length value. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8102 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2014-8103 CVE STATUS: Patched CVE SUMMARY: X.Org Server (aka xserver and xorg-server) 1.15.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) sproc_dri3_query_version, (2) sproc_dri3_open, (3) sproc_dri3_pixmap_from_buffer, (4) sproc_dri3_buffer_from_pixmap, (5) sproc_dri3_fence_from_fd, (6) sproc_dri3_fd_from_fence, (7) proc_present_query_capabilities, (8) sproc_present_query_version, (9) sproc_present_pixmap, (10) sproc_present_notify_msc, (11) sproc_present_select_input, or (12) sproc_present_query_capabilities function in the (a) DRI3 or (b) Present extension. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8103 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2015-0255 CVE STATUS: Patched CVE SUMMARY: X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0255 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2015-3164 CVE STATUS: Patched CVE SUMMARY: The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 starts the server in non-authenticating mode, which allows local users to read from or send information to arbitrary X11 clients via vectors involving a UNIX socket. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3164 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2015-3418 CVE STATUS: Patched CVE SUMMARY: The ProcPutImage function in dix/dispatch.c in X.Org Server (aka xserver and xorg-server) before 1.16.4 allows attackers to cause a denial of service (divide-by-zero and crash) via a zero-height PutImage request. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3418 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2017-10971 CVE STATUS: Patched CVE SUMMARY: In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-10971 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2017-10972 CVE STATUS: Patched CVE SUMMARY: Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X server. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-10972 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2017-12176 CVE STATUS: Patched CVE SUMMARY: xorg-x11-server before 1.19.5 was missing extra length validation in ProcEstablishConnection function allowing malicious X client to cause X server to crash or possibly execute arbitrary code. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12176 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2017-12177 CVE STATUS: Patched CVE SUMMARY: xorg-x11-server before 1.19.5 was vulnerable to integer overflow in ProcDbeGetVisualInfo function allowing malicious X client to cause X server to crash or possibly execute arbitrary code. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12177 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2017-12178 CVE STATUS: Patched CVE SUMMARY: xorg-x11-server before 1.19.5 had wrong extra length check in ProcXIChangeHierarchy function allowing malicious X client to cause X server to crash or possibly execute arbitrary code. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12178 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2017-12179 CVE STATUS: Patched CVE SUMMARY: xorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S)ProcXIBarrierReleasePointer functions allowing malicious X client to cause X server to crash or possibly execute arbitrary code. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12179 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2017-12180 CVE STATUS: Patched CVE SUMMARY: xorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12180 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2017-12181 CVE STATUS: Patched CVE SUMMARY: xorg-x11-server before 1.19.5 was missing length validation in XFree86 DGA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12181 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2017-12182 CVE STATUS: Patched CVE SUMMARY: xorg-x11-server before 1.19.5 was missing length validation in XFree86 DRI extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12182 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2017-12183 CVE STATUS: Patched CVE SUMMARY: xorg-x11-server before 1.19.5 was missing length validation in XFIXES extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12183 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2017-12184 CVE STATUS: Patched CVE SUMMARY: xorg-x11-server before 1.19.5 was missing length validation in XINERAMA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12184 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2017-12185 CVE STATUS: Patched CVE SUMMARY: xorg-x11-server before 1.19.5 was missing length validation in MIT-SCREEN-SAVER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12185 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2017-12186 CVE STATUS: Patched CVE SUMMARY: xorg-x11-server before 1.19.5 was missing length validation in X-Resource extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12186 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2017-12187 CVE STATUS: Patched CVE SUMMARY: xorg-x11-server before 1.19.5 was missing length validation in RENDER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12187 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2017-13721 CVE STATUS: Patched CVE SUMMARY: In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients in the same session. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 4.7 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13721 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2017-13723 CVE STATUS: Patched CVE SUMMARY: In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local attacker authenticated to the X server could overflow a global buffer, causing crashes of the X server or potentially other problems by injecting large or malformed XKB related atoms and accessing them via xkbcomp. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13723 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2017-2624 CVE STATUS: Patched CVE SUMMARY: It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is seen, this causes a time difference between a valid and invalid byte, which could allow an efficient brute force attack. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-2624 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2018-14665 CVE STATUS: Patched CVE SUMMARY: A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 6.6 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14665 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2019-17624 CVE STATUS: Patched CVE SUMMARY: "" In X.Org X Server 1.20.4, there is a stack-based buffer overflow in the function XQueryKeymap. For example, by sending ct.c_char 1000 times, an attacker can cause a denial of service (application crash) or possibly have unspecified other impact. Note: It is disputed if the X.Org X Server is involved or if there is a stack overflow. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-17624 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2020-14345 CVE STATUS: Patched CVE SUMMARY: A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Out-Of-Bounds access in XkbSetNames function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-14345 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2020-14346 CVE STATUS: Patched CVE SUMMARY: A flaw was found in xorg-x11-server before 1.20.9. An integer underflow in the X input extension protocol decoding in the X server may lead to arbitrary access of memory contents. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-14346 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2020-14347 CVE STATUS: Patched CVE SUMMARY: A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-14347 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2020-14360 CVE STATUS: Patched CVE SUMMARY: A flaw was found in the X.Org Server before version 1.20.10. An out-of-bounds access in the XkbSetMap function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVSS v2 BASE SCORE: 6.1 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-14360 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2020-14361 CVE STATUS: Patched CVE SUMMARY: A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-14361 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2020-14362 CVE STATUS: Patched CVE SUMMARY: A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-14362 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2020-25697 CVE STATUS: Ignored CVE DETAIL: upstream-wontfix CVE DESCRIPTION: As per upstream, exploiting this flaw is non-trivial and it requires exact timing on the behalf of the attacker. Many graphical applications exit if their connection to the X server is lost, so a typical desktop session is either impossible or difficult to exploit. There is currently no upstream patch available for this flaw. CVE SUMMARY: A privilege escalation flaw was found in the Xorg-x11-server due to a lack of authentication for X11 clients. This flaw allows an attacker to take control of an X application by impersonating the server it is expecting to connect to. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 7.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-25697 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2020-25712 CVE STATUS: Patched CVE SUMMARY: A flaw was found in xorg-x11-server before 1.20.10. A heap-buffer overflow in XkbSetDeviceInfo may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-25712 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2021-3472 CVE STATUS: Patched CVE SUMMARY: A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xserver which can lead to a local privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3472 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2021-4008 CVE STATUS: Patched CVE SUMMARY: A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcRenderCompositeGlyphs function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4008 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2021-4009 CVE STATUS: Patched CVE SUMMARY: A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcXFixesCreatePointerBarrier function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4009 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2021-4010 CVE STATUS: Patched CVE SUMMARY: A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcScreenSaverSuspend function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4010 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2021-4011 CVE STATUS: Patched CVE SUMMARY: A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SwapCreateRegister function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4011 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2022-2319 CVE STATUS: Patched CVE SUMMARY: A flaw was found in the Xorg-x11-server. An out-of-bounds access issue can occur in the ProcXkbSetGeometry function due to improper validation of the request length. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2319 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2022-2320 CVE STATUS: Patched CVE SUMMARY: A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker to escalate privileges and execute arbitrary code in the context of root. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2320 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2022-3550 CVE STATUS: Patched CVE SUMMARY: A vulnerability classified as critical was found in X.org Server. Affected by this vulnerability is the function _GetCountedString of the file xkb/xkb.c. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211051. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3550 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2022-3551 CVE STATUS: Patched CVE SUMMARY: A vulnerability, which was classified as problematic, has been found in X.org Server. Affected by this issue is the function ProcXkbGetKbdByName of the file xkb/xkb.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211052. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 3.5 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3551 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2022-3553 CVE STATUS: Ignored CVE DETAIL: cpe-incorrect CVE DESCRIPTION: This is specific to XQuartz, which is the macOS X server port CVE SUMMARY: A vulnerability, which was classified as problematic, was found in X.org Server. This affects an unknown part of the file hw/xquartz/X11Controller.m of the component xquartz. The manipulation leads to denial of service. It is recommended to apply a patch to fix this issue. The identifier VDB-211053 was assigned to this vulnerability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 3.5 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3553 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2022-4283 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-4283 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2022-46340 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. This issue does not affect systems where client and server use the same byte order. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-46340 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2022-46341 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-46341 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2022-46342 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X se CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-46342 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2022-46343 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-46343 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2022-46344 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-46344 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2023-0494 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0494 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2023-1393 CVE STATUS: Patched CVE SUMMARY: A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-1393 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2023-5367 CVE STATUS: Patched CVE SUMMARY: A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-5367 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2023-5380 CVE STATUS: Patched CVE SUMMARY: A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.7 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-5380 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2023-5574 CVE STATUS: Ignored CVE DETAIL: not-applicable-config CVE DESCRIPTION: specific to Xvfb CVE SUMMARY: A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode). If the pointer is warped from a screen 1 to a screen 0, a use-after-free issue may be triggered during shutdown or reset of the Xvfb server, allowing for possible escalation of privileges or denial of service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-5574 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2023-6377 CVE STATUS: Patched CVE SUMMARY: A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-6377 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2023-6478 CVE STATUS: Patched CVE SUMMARY: A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.6 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-6478 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2023-6816 CVE STATUS: Patched CVE SUMMARY: A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-6816 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2024-0229 CVE STATUS: Patched CVE SUMMARY: An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or remote code execution in SSH X11 forwarding environments. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-0229 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2024-0408 CVE STATUS: Patched CVE SUMMARY: A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as a GC, the XSELINUX code will try to use an object that was never labeled and crash because the SID is NULL. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-0408 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2024-0409 CVE STATUS: Patched CVE SUMMARY: A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-0409 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2025-26594 CVE STATUS: Patched CVE SUMMARY: A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server as a global variable. If a client frees the root cursor, the internal reference points to freed memory and causes a use-after-free. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-26594 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2025-26595 CVE STATUS: Patched CVE SUMMARY: A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText() allocates a fixed-sized buffer on the stack and copies the names of the virtual modifiers to that buffer. The code fails to check the bounds of the buffer and would copy the data regardless of the size. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-26595 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2025-26596 CVE STATUS: Patched CVE SUMMARY: A heap overflow flaw was found in X.Org and Xwayland. The computation of the length in XkbSizeKeySyms() differs from what is written in XkbWriteKeySyms(), which may lead to a heap-based buffer overflow. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-26596 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2025-26597 CVE STATUS: Patched CVE SUMMARY: A buffer overflow flaw was found in X.Org and Xwayland. If XkbChangeTypesOfKey() is called with a 0 group, it will resize the key symbols table to 0 but leave the key actions unchanged. If the same function is later called with a non-zero value of groups, this will cause a buffer overflow because the key actions are of the wrong size. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-26597 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2025-26598 CVE STATUS: Patched CVE SUMMARY: An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice() searches for the pointer device based on its device ID and returns the matching value, or supposedly NULL, if no match was found. However, the code will return the last element of the list if no matching device ID is found, which can lead to out-of-bounds memory access. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-26598 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2025-26599 CVE STATUS: Patched CVE SUMMARY: An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRedirect() may fail if it cannot allocate the backing pixmap. In that case, compRedirectWindow() will return a BadAlloc error without validating the window tree marked just before, which leaves the validated data partly initialized and the use of an uninitialized pointer later. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-26599 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2025-26600 CVE STATUS: Patched CVE SUMMARY: A use-after-free flaw was found in X.Org and Xwayland. When a device is removed while still frozen, the events queued for that device remain while the device is freed. Replaying the events will cause a use-after-free. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-26600 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.16 CVE: CVE-2025-26601 CVE STATUS: Patched CVE SUMMARY: A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return early, not adding the new sync object, possibly causing a use-after-free when the alarm eventually triggers. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-26601 LAYER: meta PACKAGE NAME: procps PACKAGE VERSION: 4.0.4 CVE: CVE-2018-1121 CVE STATUS: Patched CVE SUMMARY: procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower PID, thus avoiding enumeration. An unprivileged attacker can hide a process from procps-ng's utilities by exploiting a race condition in reading /proc/PID entries. This vulnerability affects procps and procps-ng up to version 3.3.15, newer versions might be affected also. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 3.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1121 LAYER: meta PACKAGE NAME: procps PACKAGE VERSION: 4.0.4 CVE: CVE-2023-4016 CVE STATUS: Patched CVE SUMMARY: Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 2.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4016 LAYER: meta PACKAGE NAME: xkeyboard-config PACKAGE VERSION: 2.41 CVE: CVE-2012-0064 CVE STATUS: Patched CVE SUMMARY: xkeyboard-config before 2.5 in X.Org before 7.6 enables certain XKB debugging functions by default, which allows physically proximate attackers to bypass an X screen lock via keyboard combinations that break the input grab. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0064 LAYER: meta PACKAGE NAME: bzip2 PACKAGE VERSION: 1.0.8 CVE: CVE-2002-0759 CVE STATUS: Patched CVE SUMMARY: bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, does not use the O_EXCL flag to create files during decompression and does not warn the user if an existing file would be overwritten, which could allow attackers to overwrite files via a bzip2 archive. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-0759 LAYER: meta PACKAGE NAME: bzip2 PACKAGE VERSION: 1.0.8 CVE: CVE-2002-0760 CVE STATUS: Patched CVE SUMMARY: Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, decompresses files with world-readable permissions before setting the permissions to what is specified in the bzip2 archive, which could allow local users to read the files as they are being decompressed. CVSS v2 BASE SCORE: 1.2 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-0760 LAYER: meta PACKAGE NAME: bzip2 PACKAGE VERSION: 1.0.8 CVE: CVE-2002-0761 CVE STATUS: Patched CVE SUMMARY: bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly systems, uses the permissions of symbolic links instead of the actual files when creating an archive, which could cause the files to be extracted with less restrictive permissions than intended. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-0761 LAYER: meta PACKAGE NAME: bzip2 PACKAGE VERSION: 1.0.8 CVE: CVE-2005-0953 CVE STATUS: Patched CVE SUMMARY: Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete. CVSS v2 BASE SCORE: 3.7 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-0953 LAYER: meta PACKAGE NAME: bzip2 PACKAGE VERSION: 1.0.8 CVE: CVE-2005-1260 CVE STATUS: Patched CVE SUMMARY: bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb"). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-1260 LAYER: meta PACKAGE NAME: bzip2 PACKAGE VERSION: 1.0.8 CVE: CVE-2008-1372 CVE STATUS: Patched CVE SUMMARY: bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1372 LAYER: meta PACKAGE NAME: bzip2 PACKAGE VERSION: 1.0.8 CVE: CVE-2010-0405 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-0405 LAYER: meta PACKAGE NAME: bzip2 PACKAGE VERSION: 1.0.8 CVE: CVE-2011-4089 CVE STATUS: Patched CVE SUMMARY: The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-4089 LAYER: meta PACKAGE NAME: bzip2 PACKAGE VERSION: 1.0.8 CVE: CVE-2016-3189 CVE STATUS: Patched CVE SUMMARY: Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3189 LAYER: meta PACKAGE NAME: bzip2 PACKAGE VERSION: 1.0.8 CVE: CVE-2019-12900 CVE STATUS: Patched CVE SUMMARY: BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-12900 LAYER: meta PACKAGE NAME: bzip2 PACKAGE VERSION: 1.0.8 CVE: CVE-2023-22895 CVE STATUS: Patched CVE SUMMARY: The bzip2 crate before 0.4.4 for Rust allow attackers to cause a denial of service via a large file that triggers an integer overflow in mem.rs. NOTE: this is unrelated to the https://crates.io/crates/bzip2-rs product. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-22895 LAYER: meta PACKAGE NAME: gettext PACKAGE VERSION: 0.22.5 CVE: CVE-2004-0966 CVE STATUS: Patched CVE SUMMARY: The (1) autopoint and (2) gettextize scripts in the GNU gettext package 1.14 and later versions, as used in Trustix Secure Linux 1.5 through 2.1 and other operating systems, allows local users to overwrite files via a symlink attack on temporary files. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0966 LAYER: meta PACKAGE NAME: gettext PACKAGE VERSION: 0.22.5 CVE: CVE-2018-18751 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18751 LAYER: meta PACKAGE NAME: gawk PACKAGE VERSION: 5.3.0 CVE: CVE-2023-4156 CVE STATUS: Patched CVE SUMMARY: A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.4 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4156 LAYER: meta PACKAGE NAME: libxkbcommon PACKAGE VERSION: 1.6.0 CVE: CVE-2018-15853 CVE STATUS: Patched CVE SUMMARY: Endless recursion exists in xkbcomp/expr.c in xkbcommon and libxkbcommon before 0.8.1, which could be used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers boolean negation. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-15853 LAYER: meta PACKAGE NAME: libxkbcommon PACKAGE VERSION: 1.6.0 CVE: CVE-2018-15857 CVE STATUS: Patched CVE SUMMARY: An invalid free in ExprAppendMultiKeysymList in xkbcomp/ast-build.c in xkbcommon before 0.8.1 could be used by local attackers to crash xkbcommon keymap parsers or possibly have unspecified other impact by supplying a crafted keymap file. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-15857 LAYER: meta PACKAGE NAME: libxkbcommon PACKAGE VERSION: 1.6.0 CVE: CVE-2018-15858 CVE STATUS: Patched CVE SUMMARY: Unchecked NULL pointer usage when handling invalid aliases in CopyKeyAliasesToKeymap in xkbcomp/keycodes.c in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-15858 LAYER: meta PACKAGE NAME: libxkbcommon PACKAGE VERSION: 1.6.0 CVE: CVE-2018-15859 CVE STATUS: Patched CVE SUMMARY: Unchecked NULL pointer usage when parsing invalid atoms in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because lookup failures are mishandled. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-15859 LAYER: meta PACKAGE NAME: libxkbcommon PACKAGE VERSION: 1.6.0 CVE: CVE-2018-15861 CVE STATUS: Patched CVE SUMMARY: Unchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file that triggers an xkb_intern_atom failure. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-15861 LAYER: meta PACKAGE NAME: libxkbcommon PACKAGE VERSION: 1.6.0 CVE: CVE-2018-15862 CVE STATUS: Patched CVE SUMMARY: Unchecked NULL pointer usage in LookupModMask in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with invalid virtual modifiers. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-15862 LAYER: meta PACKAGE NAME: libxkbcommon PACKAGE VERSION: 1.6.0 CVE: CVE-2018-15863 CVE STATUS: Patched CVE SUMMARY: Unchecked NULL pointer usage in ResolveStateAndPredicate in xkbcomp/compat.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with a no-op modmask expression. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-15863 LAYER: meta PACKAGE NAME: libxkbcommon PACKAGE VERSION: 1.6.0 CVE: CVE-2018-15864 CVE STATUS: Patched CVE SUMMARY: Unchecked NULL pointer usage in resolve_keysym in xkbcomp/parser.y in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because a map access attempt can occur for a map that was never created. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-15864 LAYER: meta PACKAGE NAME: nghttp2 PACKAGE VERSION: 1.61.0 CVE: CVE-2015-8659 CVE STATUS: Patched CVE SUMMARY: The idle stream handling in nghttp2 before 1.6.0 allows attackers to have unspecified impact via unknown vectors, aka a heap-use-after-free bug. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 10.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8659 LAYER: meta PACKAGE NAME: nghttp2 PACKAGE VERSION: 1.61.0 CVE: CVE-2016-1544 CVE STATUS: Patched CVE SUMMARY: nghttp2 before 1.7.1 allows remote attackers to cause a denial of service (memory exhaustion). CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 3.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-1544 LAYER: meta PACKAGE NAME: nghttp2 PACKAGE VERSION: 1.61.0 CVE: CVE-2018-1000168 CVE STATUS: Patched CVE SUMMARY: nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability appears to have been fixed in >= 1.31.1. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000168 LAYER: meta PACKAGE NAME: nghttp2 PACKAGE VERSION: 1.61.0 CVE: CVE-2020-11080 CVE STATUS: Patched CVE SUMMARY: In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%. nghttp2 v1.41.0 fixes this vulnerability. There is a workaround to this vulnerability. Implement nghttp2_on_frame_recv_callback callback, and if received frame is SETTINGS frame and the number of settings entries are large (e.g., > 32), then drop the connection. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 3.7 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-11080 LAYER: meta PACKAGE NAME: nghttp2 PACKAGE VERSION: 1.61.0 CVE: CVE-2023-35945 CVE STATUS: Patched CVE SUMMARY: Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy’s HTTP/2 codec may leak a header map and bookkeeping structures upon receiving `RST_STREAM` immediately followed by the `GOAWAY` frames from an upstream server. In nghttp2, cleanup of pending requests due to receipt of the `GOAWAY` frame skips de-allocation of the bookkeeping structure and pending compressed header. The error return [code path] is taken if connection is already marked for not sending more requests due to `GOAWAY` frame. The clean-up code is right after the return statement, causing memory leak. Denial of service through memory exhaustion. This vulnerability was patched in versions(s) 1.26.3, 1.25.8, 1.24.9, 1.23.11. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-35945 LAYER: meta PACKAGE NAME: nghttp2 PACKAGE VERSION: 1.61.0 CVE: CVE-2023-44487 CVE STATUS: Patched CVE SUMMARY: The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-44487 LAYER: meta-tpm PACKAGE NAME: trousers PACKAGE VERSION: 0.3.15+git CVE: CVE-2012-0698 CVE STATUS: Patched CVE SUMMARY: tcsd in TrouSerS before 0.3.10 allows remote attackers to cause a denial of service (daemon crash) via a crafted type_offset value in a TCP packet to port 30003. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0698 LAYER: meta-tpm PACKAGE NAME: trousers PACKAGE VERSION: 0.3.15+git CVE: CVE-2019-18898 CVE STATUS: Patched CVE SUMMARY: UNIX Symbolic Link (Symlink) Following vulnerability in the trousers package of SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allowed local attackers escalate privileges from user tss to root. This issue affects: SUSE Linux Enterprise Server 15 SP1 trousers versions prior to 0.3.14-6.3.1. openSUSE Factory trousers versions prior to 0.3.14-7.1. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.7 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-18898 LAYER: meta-tpm PACKAGE NAME: trousers PACKAGE VERSION: 0.3.15+git CVE: CVE-2020-24330 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges instead of by the tss user, it fails to drop the root gid privilege when no longer needed. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-24330 LAYER: meta-tpm PACKAGE NAME: trousers PACKAGE VERSION: 0.3.15+git CVE: CVE-2020-24331 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the tss user still has read and write access to the /etc/tcsd.conf file (which contains various settings related to this daemon). CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-24331 LAYER: meta-tpm PACKAGE NAME: trousers PACKAGE VERSION: 0.3.15+git CVE: CVE-2020-24332 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the creation of the system.data file is prone to symlink attacks. The tss user can be used to create or corrupt existing files, which could possibly lead to a DoS attack. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-24332 LAYER: meta PACKAGE NAME: ed PACKAGE VERSION: 1.20.2 CVE: CVE-2000-1137 CVE STATUS: Patched CVE SUMMARY: GNU ed before 0.2-18.1 allows local users to overwrite the files of other users via a symlink attack. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2000-1137 LAYER: meta PACKAGE NAME: ed PACKAGE VERSION: 1.20.2 CVE: CVE-2006-6939 CVE STATUS: Patched CVE SUMMARY: GNU ed before 0.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files, possibly in the open_sbuf function. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-6939 LAYER: meta PACKAGE NAME: ed PACKAGE VERSION: 1.20.2 CVE: CVE-2008-3916 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the strip_escapes function in signal.c in GNU ed before 1.0 allows context-dependent or user-assisted attackers to execute arbitrary code via a long filename. NOTE: since ed itself does not typically run with special privileges, this issue only crosses privilege boundaries when ed is invoked as a third-party component. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3916 LAYER: meta PACKAGE NAME: ed PACKAGE VERSION: 1.20.2 CVE: CVE-2017-5357 CVE STATUS: Patched CVE SUMMARY: regex.c in GNU ed before 1.14.1 allows attackers to cause a denial of service (crash) via a malformed command, which triggers an invalid free. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5357 LAYER: meta PACKAGE NAME: libxpm PACKAGE VERSION: 1_3.5.17 CVE: CVE-2016-10164 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in libXpm before 3.5.12, when a program requests parsing XPM extensions on a 64-bit platform, allow remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via (1) the number of extensions or (2) their concatenated length in a crafted XPM file, which triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10164 LAYER: meta PACKAGE NAME: libxpm PACKAGE VERSION: 1_3.5.17 CVE: CVE-2022-44617 CVE STATUS: Patched CVE SUMMARY: A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-44617 LAYER: meta PACKAGE NAME: libxpm PACKAGE VERSION: 1_3.5.17 CVE: CVE-2022-46285 CVE STATUS: Patched CVE SUMMARY: A flaw was found in libXpm. This issue occurs when parsing a file with a comment not closed; the end-of-file condition will not be detected, leading to an infinite loop and resulting in a Denial of Service in the application linked to the library. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-46285 LAYER: meta PACKAGE NAME: libxpm PACKAGE VERSION: 1_3.5.17 CVE: CVE-2022-4883 CVE STATUS: Patched CVE SUMMARY: A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH environment variable. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-4883 LAYER: meta PACKAGE NAME: libxpm PACKAGE VERSION: 1_3.5.17 CVE: CVE-2023-43788 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. This flaw allows a local attacker to trigger an out-of-bounds read error and read the contents of memory on the system. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-43788 LAYER: meta PACKAGE NAME: libxpm PACKAGE VERSION: 1_3.5.17 CVE: CVE-2023-43789 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user can trigger an out-of-bounds read error and read contents of memory on the system. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-43789 LAYER: meta-oe PACKAGE NAME: yajl PACKAGE VERSION: 2.1.0 CVE: CVE-2017-16516 CVE STATUS: Patched CVE SUMMARY: In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajl_string_decode function in yajl_encode.c. This results in the whole ruby process terminating and potentially a denial of service. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-16516 LAYER: meta-oe PACKAGE NAME: yajl PACKAGE VERSION: 2.1.0 CVE: CVE-2022-24795 CVE STATUS: Patched CVE SUMMARY: yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of `yajl` contain an integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. The reallocation logic at `yajl_buf.c#L64` may result in the `need` 32bit integer wrapping to 0 when `need` approaches a value of 0x80000000 (i.e. ~2GB of data), which results in a reallocation of buf->alloc into a small heap chunk. These integers are declared as `size_t` in the 2.x branch of `yajl`, which practically prevents the issue from triggering on 64bit platforms, however this does not preclude this issue triggering on 32bit builds on which `size_t` is a 32bit integer. Subsequent population of this under-allocated heap chunk is based on the original buffer size, leading to heap memory corruption. This vulnerability mostly impacts process availability. Maintainers believe exploitation for arbitrary code execution is unlikely. A patch is available and anticipated to be part of yajl-ruby version 1.4.2. As a workaround, avoid passing large inputs to YAJL. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-24795 LAYER: meta-oe PACKAGE NAME: yajl PACKAGE VERSION: 2.1.0 CVE: CVE-2023-33460 CVE STATUS: Patched CVE SUMMARY: There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which will cause out-of-memory in server and cause crash. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-33460 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-1999-0958 CVE STATUS: Patched CVE SUMMARY: sudo 1.5.x allows local users to execute arbitrary commands via a .. (dot dot) attack. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-1999-0958 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-1999-1496 CVE STATUS: Patched CVE SUMMARY: Sudo 1.5 in Debian Linux 2.1 and Red Hat 6.0 allows local users to determine the existence of arbitrary files by attempting to execute the target filename as a program, which generates a different error message when the file does not exist. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-1999-1496 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2002-0043 CVE STATUS: Patched CVE SUMMARY: sudo 1.6.0 through 1.6.3p7 does not properly clear the environment before calling the mail program, which could allow local users to gain root privileges by modifying environment variables and changing how the mail program is invoked. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-0043 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2002-0184 CVE STATUS: Patched CVE SUMMARY: Sudo before 1.6.6 contains an off-by-one error that can result in a heap-based buffer overflow that may allow local users to gain root privileges via special characters in the -p (prompt) argument, which are not properly expanded. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-0184 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2004-1051 CVE STATUS: Patched CVE SUMMARY: sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-1051 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2004-1689 CVE STATUS: Patched CVE SUMMARY: sudoedit (aka sudo -e) in sudo 1.6.8 opens a temporary file with root privileges, which allows local users to read arbitrary files via a symlink attack on the temporary file before quitting sudoedit. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-1689 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2005-1119 CVE STATUS: Patched CVE SUMMARY: Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary files via a symlink attack on temporary files. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-1119 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2005-1831 CVE STATUS: Patched CVE SUMMARY: Sudo 1.6.8p7 on SuSE Linux 9.3, and possibly other Linux distributions, allows local users to gain privileges by using sudo to call su, then entering a blank password and hitting CTRL-C. NOTE: SuSE and multiple third-party researchers have not been able to replicate this issue, stating "Sudo catches SIGINT and returns an empty string for the password so I don't see how this could happen unless the user's actual password was empty. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 8.4 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-1831 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2005-1993 CVE STATUS: Patched CVE SUMMARY: Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL pseudo-command is used after a user entry in the sudoers file, allows local users to gain privileges via a symlink attack. CVSS v2 BASE SCORE: 3.7 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-1993 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2005-2959 CVE STATUS: Patched CVE SUMMARY: Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the (1) SHELLOPTS and (2) PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-2959 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2005-4158 CVE STATUS: Patched CVE SUMMARY: Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included by the script. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-4158 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2005-4890 CVE STATUS: Patched CVE SUMMARY: There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-4890 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2006-0151 CVE STATUS: Patched CVE SUMMARY: sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environment variable, which allows limited local users to gain privileges via a Python script, a variant of CVE-2005-4158. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-0151 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2007-3149 CVE STATUS: Patched CVE SUMMARY: sudo, when linked with MIT Kerberos 5 (krb5), does not properly check whether a user can currently authenticate to Kerberos, which allows local users to gain privileges, in a manner unintended by the sudo security model, via certain KRB5_ environment variable settings. NOTE: another researcher disputes this vulnerability, stating that the attacker must be "a user, who can already log into your system, and can already use sudo." CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-3149 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2007-4305 CVE STATUS: Patched CVE SUMMARY: Multiple race conditions in the (1) Sudo monitor mode and (2) Sysjail policies in Systrace on NetBSD and OpenBSD allow local users to defeat system call interposition, and consequently bypass access control policy and auditing. CVSS v2 BASE SCORE: 6.2 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-4305 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2009-0034 CVE STATUS: Patched CVE SUMMARY: parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-0034 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2010-0426 CVE STATUS: Patched CVE SUMMARY: sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user's home directory. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-0426 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2010-0427 CVE STATUS: Patched CVE SUMMARY: sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-0427 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2010-1163 CVE STATUS: Patched CVE SUMMARY: The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for ".", which allows local users to execute arbitrary commands via a Trojan horse executable, as demonstrated using sudoedit, a different vulnerability than CVE-2010-0426. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-1163 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2010-1646 CVE STATUS: Patched CVE SUMMARY: The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable. CVSS v2 BASE SCORE: 6.2 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-1646 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2010-2956 CVE STATUS: Patched CVE SUMMARY: Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence. CVSS v2 BASE SCORE: 6.2 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2956 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2011-0008 CVE STATUS: Patched CVE SUMMARY: A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on Fedora 14 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. NOTE: this vulnerability exists because of a CVE-2009-0034 regression. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-0008 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2011-0010 CVE STATUS: Patched CVE SUMMARY: check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-0010 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2012-0809 CVE STATUS: Patched CVE SUMMARY: Format string vulnerability in the sudo_debug function in Sudo 1.8.0 through 1.8.3p1 allows local users to execute arbitrary code via format string sequences in the program name for sudo. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0809 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2012-2337 CVE STATUS: Patched CVE SUMMARY: sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 address. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2337 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2012-3440 CVE STATUS: Patched CVE SUMMARY: A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (RHEL) 5 allows local users to overwrite arbitrary files via a symlink attack on the /var/tmp/nsswitch.conf.bak temporary file. CVSS v2 BASE SCORE: 5.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:N/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-3440 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2013-1775 CVE STATUS: Patched CVE SUMMARY: sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1775 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2013-1776 CVE STATUS: Patched CVE SUMMARY: sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1776 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2013-2776 CVE STATUS: Patched CVE SUMMARY: sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2776 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2013-2777 CVE STATUS: Patched CVE SUMMARY: sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to a session without a controlling terminal device and connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2777 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2014-0106 CVE STATUS: Patched CVE SUMMARY: Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable. CVSS v2 BASE SCORE: 6.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:S/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0106 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2014-9680 CVE STATUS: Patched CVE SUMMARY: sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstrated by interfering with terminal output, discarding kernel-log messages, or repositioning tape drives. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 3.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9680 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2015-5602 CVE STATUS: Patched CVE SUMMARY: sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by "/home/*/*/file.txt." CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5602 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2015-8239 CVE STATUS: Patched CVE SUMMARY: The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 7.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8239 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2016-7032 CVE STATUS: Patched CVE SUMMARY: sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the (1) system or (2) popen function. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 7.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7032 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2016-7076 CVE STATUS: Patched CVE SUMMARY: sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 6.4 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7076 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2017-1000367 CVE STATUS: Patched CVE SUMMARY: Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 6.4 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-1000367 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2017-1000368 CVE STATUS: Patched CVE SUMMARY: Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 8.2 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-1000368 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2019-14287 CVE STATUS: Patched CVE SUMMARY: In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command. CVSS v2 BASE SCORE: 9.0 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-14287 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2019-18634 CVE STATUS: Patched CVE SUMMARY: In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-18634 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2019-18684 CVE STATUS: Patched CVE SUMMARY: Sudo through 1.8.29 allows local users to escalate to root if they have write access to file descriptor 3 of the sudo process. This occurs because of a race condition between determining a uid, and the setresuid and openat system calls. The attacker can write "ALL ALL=(ALL) NOPASSWD:ALL" to /proc/#####/fd/3 at a time when Sudo is prompting for a password. NOTE: This has been disputed due to the way Linux /proc works. It has been argued that writing to /proc/#####/fd/3 would only be viable if you had permission to write to /etc/sudoers. Even with write permission to /proc/#####/fd/3, it would not help you write to /etc/sudoers CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 7.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-18684 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2019-19232 CVE STATUS: Patched CVE SUMMARY: In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a numeric uid that is not associated with any user. NOTE: The software maintainer believes that this is not a vulnerability because running a command via sudo as a user not present in the local password database is an intentional feature. Because this behavior surprised some users, sudo 1.8.30 introduced an option to enable/disable this behavior with the default being disabled. However, this does not change the fact that sudo was behaving as intended, and as documented, in earlier versions CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-19232 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2019-19234 CVE STATUS: Patched CVE SUMMARY: In Sudo through 1.8.29, the fact that a user has been blocked (e.g., by using the ! character in the shadow file instead of a password hash) is not considered, allowing an attacker (who has access to a Runas ALL sudoer account) to impersonate any blocked user. NOTE: The software maintainer believes that this CVE is not valid. Disabling local password authentication for a user is not the same as disabling all access to that user--the user may still be able to login via other means (ssh key, kerberos, etc). Both the Linux shadow(5) and passwd(1) manuals are clear on this. Indeed it is a valid use case to have local accounts that are _only_ accessible via sudo and that cannot be logged into with a password. Sudo 1.8.30 added an optional setting to check the _shell_ of the target user (not the encrypted password!) against the contents of /etc/shells but that is not the same thing as preventing access to users with an invalid password hash CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-19234 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2021-23239 CVE STATUS: Patched CVE SUMMARY: The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 2.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-23239 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2021-23240 CVE STATUS: Patched CVE SUMMARY: selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not vulnerable. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-23240 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2021-3156 CVE STATUS: Patched CVE SUMMARY: Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3156 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2022-43995 CVE STATUS: Patched CVE SUMMARY: Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.1 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-43995 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2023-22809 CVE STATUS: Patched CVE SUMMARY: In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-22809 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2023-27320 CVE STATUS: Patched CVE SUMMARY: Sudo before 1.9.13p2 has a double free in the per-command chroot feature. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.2 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-27320 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2023-28486 CVE STATUS: Patched CVE SUMMARY: Sudo before 1.9.13 does not escape control characters in log messages. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-28486 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2023-28487 CVE STATUS: Patched CVE SUMMARY: Sudo before 1.9.13 does not escape control characters in sudoreplay output. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-28487 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2023-42456 CVE STATUS: Patched CVE SUMMARY: Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to re-authenticate themselves. Supporting this functionality is a set of session files (timestamps) for each user, stored in `/var/run/sudo-rs/ts`. These files are named according to the username from which the sudo attempt is made (the origin user). An issue was discovered in versions prior to 0.2.1 where usernames containing the `.` and `/` characters could result in the corruption of specific files on the filesystem. As usernames are generally not limited by the characters they can contain, a username appearing to be a relative path can be constructed. For example we could add a user to the system containing the username `../../../../bin/cp`. When logged in as a user with that name, that user could run `sudo -K` to clear their session record file. The session code then constructs the path to the session file by concatenating the username to the session file storage directory, resulting in a resolved path of `/bin/cp`. The code then clears that file, resulting in the `cp` binary effectively being removed from the system. An attacker needs to be able to login as a user with a constructed username. Given that such a username is unlikely to exist on an existing system, they will also need to be able to create the users with the constructed usernames. The issue is patched in version 0.2.1 of sudo-rs. Sudo-rs now uses the uid for the user instead of their username for determining the filename. Note that an upgrade to this version will result in existing session files being ignored and users will be forced to re-authenticate. It also fully eliminates any possibility of path traversal, given that uids are always integer values. The `sudo -K` and `sudo -k` commands can run, even if a user has no sudo access. As a workaround, make sure that one's system does not contain any users with a specially crafted username. While this is the case and while untrusted users do not have the ability to create arbitrary users on the system, one should not be able to exploit this issue. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 3.1 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-42456 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2023-42465 CVE STATUS: Patched CVE SUMMARY: Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-42465 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2023-7090 CVE STATUS: Patched CVE SUMMARY: A flaw was found in sudo in the handling of ipa_hostname, where ipa_hostname from /etc/sssd/sssd.conf was not propagated in sudo. Therefore, it leads to privilege mismanagement vulnerability in applications, where client hosts retain privileges even after retracting them. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.6 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-7090 LAYER: meta PACKAGE NAME: libxv PACKAGE VERSION: 1.0.12 CVE: CVE-2013-1989 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in X.org libXv 1.0.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XvQueryPortAttributes, (2) XvListImageFormats, and (3) XvCreateImage function. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1989 LAYER: meta PACKAGE NAME: libxv PACKAGE VERSION: 1.0.12 CVE: CVE-2013-2066 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in X.org libXv 1.0.7 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XvQueryPortAttributes function. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2066 LAYER: meta PACKAGE NAME: libxv PACKAGE VERSION: 1.0.12 CVE: CVE-2016-5407 CVE STATUS: Patched CVE SUMMARY: The (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXv before 1.0.11 allow remote X servers to trigger out-of-bounds memory access operations via vectors involving length specifications in received data. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5407 LAYER: meta-oe PACKAGE NAME: tmux PACKAGE VERSION: 3.3a CVE: CVE-2011-1496 CVE STATUS: Patched CVE SUMMARY: tmux 1.3 and 1.4 does not properly drop group privileges, which allows local users to gain utmp group privileges via a filename to the -S command-line option. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1496 LAYER: meta-oe PACKAGE NAME: tmux PACKAGE VERSION: 3.3a CVE: CVE-2020-27347 CVE STATUS: Patched CVE SUMMARY: In tmux before version 3.1c the function input_csi_dispatch_sgr_colon() in file input.c contained a stack-based buffer-overflow that can be exploited by terminal output. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-27347 LAYER: meta PACKAGE NAME: iputils PACKAGE VERSION: 20240117 CVE: CVE-2000-1213 CVE STATUS: Patched CVE DETAIL: fixed-version CVE DESCRIPTION: Fixed in 2000-10-10, but the versioning of iputils breaks the version order. CVE SUMMARY: ping in iputils before 20001010, as distributed on Red Hat Linux 6.2 through 7J and other operating systems, does not drop privileges after acquiring a raw socket, which increases ping's exposure to bugs that otherwise would occur at lower privileges. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2000-1213 LAYER: meta PACKAGE NAME: iputils PACKAGE VERSION: 20240117 CVE: CVE-2000-1214 CVE STATUS: Patched CVE DETAIL: fixed-version CVE DESCRIPTION: Fixed in 2000-10-10, but the versioning of iputils breaks the version order. CVE SUMMARY: Buffer overflows in the (1) outpack or (2) buf variables of ping in iputils before 20001010, as distributed on Red Hat Linux 6.2 through 7J and other operating systems, may allow local users to gain privileges. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2000-1214 LAYER: meta PACKAGE NAME: iputils PACKAGE VERSION: 20240117 CVE: CVE-2010-2529 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in ping.c in iputils 20020927, 20070202, 20071127, and 20100214 on Mandriva Linux allows remote attackers to cause a denial of service (hang) via a crafted echo response. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2529 LAYER: meta PACKAGE NAME: libtasn1 PACKAGE VERSION: 4.20.0 CVE: CVE-2004-0401 CVE STATUS: Patched CVE SUMMARY: Unknown vulnerability in libtasn1 0.1.x before 0.1.2, and 0.2.x before 0.2.7, related to the DER parsing functions. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0401 LAYER: meta PACKAGE NAME: libtasn1 PACKAGE VERSION: 4.20.0 CVE: CVE-2006-0645 CVE STATUS: Patched CVE SUMMARY: Tiny ASN.1 Library (libtasn1) before 0.2.18, as used by (1) GnuTLS 1.2.x before 1.2.10 and 1.3.x before 1.3.4, and (2) GNU Shishi, allows attackers to crash the DER decoder and possibly execute arbitrary code via "out-of-bounds access" caused by invalid input, as demonstrated by the ProtoVer SSL test suite. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-0645 LAYER: meta PACKAGE NAME: libtasn1 PACKAGE VERSION: 4.20.0 CVE: CVE-2012-1569 CVE STATUS: Patched CVE SUMMARY: The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1569 LAYER: meta PACKAGE NAME: libtasn1 PACKAGE VERSION: 4.20.0 CVE: CVE-2014-3467 CVE STATUS: Patched CVE SUMMARY: Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3467 LAYER: meta PACKAGE NAME: libtasn1 PACKAGE VERSION: 4.20.0 CVE: CVE-2014-3468 CVE STATUS: Patched CVE SUMMARY: The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3468 LAYER: meta PACKAGE NAME: libtasn1 PACKAGE VERSION: 4.20.0 CVE: CVE-2014-3469 CVE STATUS: Patched CVE SUMMARY: The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3469 LAYER: meta PACKAGE NAME: libtasn1 PACKAGE VERSION: 4.20.0 CVE: CVE-2015-2806 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-2806 LAYER: meta PACKAGE NAME: libtasn1 PACKAGE VERSION: 4.20.0 CVE: CVE-2015-3622 CVE STATUS: Patched CVE SUMMARY: The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3622 LAYER: meta PACKAGE NAME: libtasn1 PACKAGE VERSION: 4.20.0 CVE: CVE-2016-4008 CVE STATUS: Patched CVE SUMMARY: The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4008 LAYER: meta PACKAGE NAME: libtasn1 PACKAGE VERSION: 4.20.0 CVE: CVE-2017-10790 CVE STATUS: Patched CVE SUMMARY: The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-10790 LAYER: meta PACKAGE NAME: libtasn1 PACKAGE VERSION: 4.20.0 CVE: CVE-2017-6891 CVE STATUS: Patched CVE SUMMARY: Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6891 LAYER: meta PACKAGE NAME: libtasn1 PACKAGE VERSION: 4.20.0 CVE: CVE-2018-1000654 CVE STATUS: Patched CVE SUMMARY: GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000654 LAYER: meta PACKAGE NAME: libtasn1 PACKAGE VERSION: 4.20.0 CVE: CVE-2018-6003 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-6003 LAYER: meta PACKAGE NAME: libtasn1 PACKAGE VERSION: 4.20.0 CVE: CVE-2021-46848 CVE STATUS: Patched CVE SUMMARY: GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-46848 LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2004-0691 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the BMP image format parser for the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0691 LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2004-0692 CVE STATUS: Patched CVE SUMMARY: The XPM parser in the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) via a malformed image file that triggers a null dereference, a different vulnerability than CVE-2004-0693. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0692 LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2004-0693 CVE STATUS: Patched CVE SUMMARY: The GIF parser in the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) via a malformed image file that triggers a null dereference, a different vulnerability than CVE-2004-0692. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0693 LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2005-0627 CVE STATUS: Patched CVE SUMMARY: Qt before 3.3.4 searches the BUILD_PREFIX directory, which could be world-writable, to load shared libraries regardless of the LD_LIBRARY_PATH environment variable, which allows local users to execute arbitrary programs. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-0627 LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2006-4811 CVE STATUS: Patched CVE SUMMARY: Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 before 4.2.1, as used in the KDE khtml library, kdelibs 3.1.3, and possibly other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted pixmap image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-4811 LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2007-0242 CVE STATUS: Patched CVE SUMMARY: The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-0242 LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2007-3388 CVE STATUS: Patched CVE SUMMARY: Multiple format string vulnerabilities in (1) qtextedit.cpp, (2) qdatatable.cpp, (3) qsqldatabase.cpp, (4) qsqlindex.cpp, (5) qsqlrecord.cpp, (6) qglobal.cpp, and (7) qsvgdevice.cpp in QTextEdit in Trolltech Qt 3 before 3.3.8 20070727 allow remote attackers to execute arbitrary code via format string specifiers in text used to compose an error message. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-3388 LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2007-4137 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of service (crash) via a crafted Unicode string that triggers a heap-based buffer overflow. NOTE: Qt 4 has the same error in the QUtf8Codec::convertToUnicode function, but it is not exploitable. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-4137 LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2009-2700 CVE STATUS: Patched CVE SUMMARY: src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-2700 LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2010-1766 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the WebSocketHandshake::readServerHandshake function in websockets/WebSocketHandshake.cpp in WebCore in WebKit before r56380, as used in Qt and other products, allows remote websockets servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an upgrade header that is long and invalid. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-1766 LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2010-2621 CVE STATUS: Patched CVE SUMMARY: The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2621 LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2010-5076 CVE STATUS: Patched CVE SUMMARY: QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-5076 LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2011-3193 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3193 LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2011-3194 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the TIFF reader in gui/image/qtiffhandler.cpp in Qt 4.7.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the TIFFTAG_SAMPLESPERPIXEL tag in a greyscale TIFF image with multiple samples per pixel. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3194 LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2012-5624 CVE STATUS: Patched CVE SUMMARY: The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-5624 LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2012-6093 CVE STATUS: Patched CVE SUMMARY: The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an "incompatible structure layout" that can read memory from the wrong location, which causes Qt to report an incorrect error when certificate validation fails and might cause users to make unsafe security decisions to accept a certificate. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6093 LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2013-0254 CVE STATUS: Patched CVE SUMMARY: The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0254 LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2013-4549 CVE STATUS: Patched CVE SUMMARY: QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4549 LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2014-0190 CVE STATUS: Patched CVE SUMMARY: The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0190 LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-0295 CVE STATUS: Patched CVE SUMMARY: The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0295 LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-1290 CVE STATUS: Patched CVE SUMMARY: The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1290 LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-1858 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1858 LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-1859 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1859 LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-1860 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1860 LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-7298 CVE STATUS: Patched CVE SUMMARY: ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote attackers to conduct man-in-the-middle (MITM) attacks by leveraging a server using a self-signed certificate. NOTE: this vulnerability exists because of a partial CVE-2015-4456 regression. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7298 LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-9541 CVE STATUS: Patched CVE SUMMARY: Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-9541 LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2017-10904 CVE STATUS: Patched CVE SUMMARY: Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-10904 LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2017-10905 CVE STATUS: Patched CVE SUMMARY: A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified vectors. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-10905 LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2017-15011 CVE STATUS: Patched CVE SUMMARY: The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and SugarSync, are configured for remote access and allow remote attackers to cause a denial of service (application crash) via an unspecified string. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15011 LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-15518 CVE STATUS: Patched CVE SUMMARY: QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-15518 LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-19865 CVE STATUS: Patched CVE SUMMARY: A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19865 LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-19869 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19869 LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-19870 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19870 LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-19871 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19871 LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-19872 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19872 LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-19873 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19873 LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-21035 CVE STATUS: Patched CVE SUMMARY: In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 8.6 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-21035 LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2020-0569 CVE STATUS: Patched CVE SUMMARY: Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access. CVSS v2 BASE SCORE: 2.7 CVSS v3 BASE SCORE: 5.7 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-0569 LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2020-0570 CVE STATUS: Patched CVE SUMMARY: Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 7.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-0570 LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2020-12267 CVE STATUS: Patched CVE SUMMARY: setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-12267 LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2020-13962 CVE STATUS: Patched CVE SUMMARY: Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.) CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-13962 LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2020-17507 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-17507 LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2020-24742 CVE STATUS: Patched CVE SUMMARY: An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-24742 LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2021-28025 CVE STATUS: Patched CVE SUMMARY: Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS). CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-28025 LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2021-3481 CVE STATUS: Patched CVE SUMMARY: A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access. The highest threat from this vulnerability is to data confidentiality and the application availability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.1 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3481 LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2021-38593 CVE STATUS: Patched CVE SUMMARY: Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-38593 LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2022-25255 CVE STATUS: Patched CVE SUMMARY: In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-25255 LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2022-25634 CVE STATUS: Patched CVE SUMMARY: Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-25634 LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2022-40983 CVE STATUS: Patched CVE SUMMARY: An integer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an integer overflow during memory allocation, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-40983 LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2022-43591 CVE STATUS: Patched CVE SUMMARY: A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an out-of-bounds memory access, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-43591 LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-24607 CVE STATUS: Patched CVE SUMMARY: Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-24607 LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-32573 CVE STATUS: Unpatched CVE SUMMARY: In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-32573 LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-32762 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-32762 LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-32763 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-32763 LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-33285 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-33285 LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-34410 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-34410 LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-37369 CVE STATUS: Unpatched CVE SUMMARY: In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-37369 LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-38197 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-38197 LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-43114 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFont{FromData], then it can cause the application to crash because of missing length checks. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-43114 LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-51714 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-51714 LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2024-39936 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed.. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.6 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-39936 LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2025-30348 CVE STATUS: Unpatched CVE SUMMARY: encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with relocation of later data). CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-30348 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2005-0470 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in wpa_supplicant before 0.2.7 allows remote attackers to cause a denial of service (segmentation fault) via invalid EAPOL-Key packet data. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-0470 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2007-6025 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in driver_wext.c in wpa_supplicant 0.6.0 and earlier allows remote attackers to cause a denial of service (crash) via crafted TSF data. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6025 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2014-3686 CVE STATUS: Patched CVE SUMMARY: wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via a crafted frame. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3686 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2015-0210 CVE STATUS: Patched CVE SUMMARY: wpa_supplicant 2.0-16 does not properly check certificate subject name, which allows remote attackers to cause a man-in-the-middle attack. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0210 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2015-1863 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (crash), read memory, or possibly execute arbitrary code via crafted SSID information in a management frame when creating or updating P2P entries. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1863 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2015-4141 CVE STATUS: Patched CVE SUMMARY: The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a negative chunk length, which triggers an out-of-bounds read or heap-based buffer overflow. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-4141 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2015-4142 CVE STATUS: Patched CVE SUMMARY: Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds read. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-4142 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2015-4143 CVE STATUS: Patched CVE SUMMARY: The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) Commit or (2) Confirm message payload. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-4143 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2015-4144 CVE STATUS: Patched CVE SUMMARY: The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate that a message is long enough to contain the Total-Length field, which allows remote attackers to cause a denial of service (crash) via a crafted message. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-4144 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2015-4145 CVE STATUS: Patched CVE SUMMARY: The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate a fragment is already being processed, which allows remote attackers to cause a denial of service (memory leak) via a crafted message. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-4145 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2015-4146 CVE STATUS: Patched CVE SUMMARY: The EAP-pwd peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not clear the L (Length) and M (More) flags before determining if a response should be fragmented, which allows remote attackers to cause a denial of service (crash) via a crafted message. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-4146 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2015-5314 CVE STATUS: Patched CVE SUMMARY: The eap_pwd_process function in eap_server/eap_server_pwd.c in hostapd 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when used with (1) an internal EAP server or (2) a RADIUS server and EAP-pwd is enabled in a runtime configuration, which allows remote attackers to cause a denial of service (process termination) via a large final fragment in an EAP-pwd message. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5314 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2015-5315 CVE STATUS: Patched CVE SUMMARY: The eap_pwd_process function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when EAP-pwd is enabled in a network configuration profile, which allows remote attackers to cause a denial of service (process termination) via a large final fragment in an EAP-pwd message. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5315 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2015-5316 CVE STATUS: Patched CVE SUMMARY: The eap_pwd_perform_confirm_exchange function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6, when EAP-pwd is enabled in a network configuration profile, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an EAP-pwd Confirm message followed by the Identity exchange. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5316 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2015-8041 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in the NDEF record parser in hostapd before 2.5 and wpa_supplicant before 2.5 allow remote attackers to cause a denial of service (process crash or infinite loop) via a large payload length field value in an (1) WPS or (2) P2P NFC NDEF record, which triggers an out-of-bounds read. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8041 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2016-4476 CVE STATUS: Patched CVE SUMMARY: hostapd 0.6.7 through 2.5 and wpa_supplicant 0.6.7 through 2.5 do not reject \n and \r characters in passphrase parameters, which allows remote attackers to cause a denial of service (daemon outage) via a crafted WPS operation. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4476 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2017-13077 CVE STATUS: Patched CVE SUMMARY: Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. CVSS v2 BASE SCORE: 5.4 CVSS v3 BASE SCORE: 6.8 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13077 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2017-13078 CVE STATUS: Patched CVE SUMMARY: Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13078 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2017-13079 CVE STATUS: Patched CVE SUMMARY: Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13079 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2017-13080 CVE STATUS: Patched CVE SUMMARY: Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13080 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2017-13081 CVE STATUS: Patched CVE SUMMARY: Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13081 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2017-13082 CVE STATUS: Patched CVE SUMMARY: Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 8.1 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13082 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2017-13084 CVE STATUS: Patched CVE SUMMARY: Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. CVSS v2 BASE SCORE: 5.4 CVSS v3 BASE SCORE: 6.8 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13084 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2017-13086 CVE STATUS: Patched CVE SUMMARY: Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. CVSS v2 BASE SCORE: 5.4 CVSS v3 BASE SCORE: 6.8 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13086 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2017-13087 CVE STATUS: Patched CVE SUMMARY: Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13087 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2017-13088 CVE STATUS: Patched CVE SUMMARY: Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13088 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2018-14526 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14526 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2019-11555 CVE STATUS: Patched CVE SUMMARY: The EAP-pwd implementation in hostapd (EAP server) before 2.8 and wpa_supplicant (EAP peer) before 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to a NULL pointer dereference (denial of service). This affects eap_server/eap_server_pwd.c and eap_peer/eap_pwd.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-11555 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2019-16275 CVE STATUS: Patched CVE SUMMARY: hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-16275 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2019-9494 CVE STATUS: Patched CVE SUMMARY: The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9494 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2019-9495 CVE STATUS: Patched CVE SUMMARY: The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful attack. Memory access patterns are visible in a shared cache. Weak passwords may be cracked. Versions of hostapd/wpa_supplicant 2.7 and newer, are not vulnerable to the timing attack described in CVE-2019-9494. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 3.7 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9495 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2019-9496 CVE STATUS: Patched CVE SUMMARY: An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. All version of hostapd with SAE support are vulnerable. An attacker may force the hostapd process to terminate, performing a denial of service attack. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9496 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2019-9497 CVE STATUS: Patched CVE SUMMARY: The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto library does not implement additional checks for the EC point, the attacker will not be able to derive the session key or complete the key exchange. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9497 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2019-9498 CVE STATUS: Patched CVE SUMMARY: The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaining session key and network access without needing or learning the password. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9498 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2019-9499 CVE STATUS: Patched CVE SUMMARY: The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection with a client. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9499 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2021-27803 CVE STATUS: Patched CVE SUMMARY: A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range. CVSS v2 BASE SCORE: 5.4 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-27803 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2021-30004 CVE STATUS: Patched CVE SUMMARY: In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-30004 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2022-23303 CVE STATUS: Patched CVE SUMMARY: The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-23303 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2022-23304 CVE STATUS: Patched CVE SUMMARY: The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-23304 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2023-52160 CVE STATUS: Patched CVE SUMMARY: The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-52160 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2024-3596 CVE STATUS: Patched CVE SUMMARY: RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-3596 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2024-5290 CVE STATUS: Ignored CVE DETAIL: not-applicable-platform CVE DESCRIPTION: this only affects Ubuntu and other platforms patching wpa-supplicant CVE SUMMARY: An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root). Membership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-5290 LAYER: meta PACKAGE NAME: xz PACKAGE VERSION: 5.4.6 CVE: CVE-2015-4035 CVE STATUS: Patched CVE SUMMARY: scripts/xzgrep.in in xzgrep 5.2.x before 5.2.0, before 5.0.0 does not properly process file names containing semicolons, which allows remote attackers to execute arbitrary code by having a user run xzgrep on a crafted file name. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-4035 LAYER: meta PACKAGE NAME: xz PACKAGE VERSION: 5.4.6 CVE: CVE-2020-22916 CVE STATUS: Patched CVE SUMMARY: An issue discovered in XZ 5.2.5 allows attackers to cause a denial of service via decompression of a crafted file. NOTE: the vendor disputes the claims of "endless output" and "denial of service" because decompression of the 17,486 bytes always results in 114,881,179 bytes, which is often a reasonable size increase. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-22916 LAYER: meta PACKAGE NAME: xz PACKAGE VERSION: 5.4.6 CVE: CVE-2021-29482 CVE STATUS: Patched CVE SUMMARY: xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malicous input. The problem has been fixed in release v0.5.8. As a workaround users can limit the size of the compressed file input to a reasonable size for their use case. The standard library had recently the same issue and got the CVE-2020-16845 allocated. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-29482 LAYER: meta PACKAGE NAME: xz PACKAGE VERSION: 5.4.6 CVE: CVE-2022-1271 CVE STATUS: Patched CVE SUMMARY: An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1271 LAYER: meta PACKAGE NAME: xz PACKAGE VERSION: 5.4.6 CVE: CVE-2024-3094 CVE STATUS: Patched CVE SUMMARY: Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 10.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-3094 LAYER: meta-oe PACKAGE NAME: zeromq PACKAGE VERSION: 4.3.5 CVE: CVE-2014-7202 CVE STATUS: Patched CVE SUMMARY: stream_engine.cpp in libzmq (aka ZeroMQ/C++)) 4.0.5 before 4.0.5 allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-7202 LAYER: meta-oe PACKAGE NAME: zeromq PACKAGE VERSION: 4.3.5 CVE: CVE-2014-7203 CVE STATUS: Patched CVE SUMMARY: libzmq (aka ZeroMQ/C++) 4.0.x before 4.0.5 does not ensure that nonces are unique, which allows man-in-the-middle attackers to conduct replay attacks via unspecified vectors. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-7203 LAYER: meta-oe PACKAGE NAME: zeromq PACKAGE VERSION: 4.3.5 CVE: CVE-2014-9721 CVE STATUS: Patched CVE SUMMARY: libzmq before 4.0.6 and 4.1.x before 4.1.1 allows remote attackers to conduct downgrade attacks and bypass ZMTP v3 protocol security mechanisms via a ZMTP v2 or earlier header. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9721 LAYER: meta-oe PACKAGE NAME: zeromq PACKAGE VERSION: 4.3.5 CVE: CVE-2021-20236 CVE STATUS: Patched CVE SUMMARY: A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-20236 LAYER: meta PACKAGE NAME: libjpeg-turbo PACKAGE VERSION: 1_3.0.1 CVE: CVE-2012-2806 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the get_sos function in jdmarker.c in libjpeg-turbo 1.2.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large component count in the header of a JPEG image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2806 LAYER: meta PACKAGE NAME: libjpeg-turbo PACKAGE VERSION: 1_3.0.1 CVE: CVE-2013-6629 CVE STATUS: Patched CVE SUMMARY: The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-6629 LAYER: meta PACKAGE NAME: libjpeg-turbo PACKAGE VERSION: 1_3.0.1 CVE: CVE-2014-9092 CVE STATUS: Patched CVE SUMMARY: libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9092 LAYER: meta PACKAGE NAME: libjpeg-turbo PACKAGE VERSION: 1_3.0.1 CVE: CVE-2016-3616 CVE STATUS: Patched CVE SUMMARY: The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3616 LAYER: meta PACKAGE NAME: libjpeg-turbo PACKAGE VERSION: 1_3.0.1 CVE: CVE-2017-15232 CVE STATUS: Patched CVE SUMMARY: libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15232 LAYER: meta PACKAGE NAME: libjpeg-turbo PACKAGE VERSION: 1_3.0.1 CVE: CVE-2017-9614 CVE STATUS: Patched CVE SUMMARY: The fill_input_buffer function in jdatasrc.c in libjpeg-turbo 1.5.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted jpg file. NOTE: Maintainer asserts the issue is due to a bug in downstream code caused by misuse of the libjpeg API CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9614 LAYER: meta PACKAGE NAME: libjpeg-turbo PACKAGE VERSION: 1_3.0.1 CVE: CVE-2018-1152 CVE STATUS: Patched CVE SUMMARY: libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1152 LAYER: meta PACKAGE NAME: libjpeg-turbo PACKAGE VERSION: 1_3.0.1 CVE: CVE-2018-14498 CVE STATUS: Patched CVE SUMMARY: get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14498 LAYER: meta PACKAGE NAME: libjpeg-turbo PACKAGE VERSION: 1_3.0.1 CVE: CVE-2018-19664 CVE STATUS: Patched CVE SUMMARY: libjpeg-turbo 2.0.1 has a heap-based buffer over-read in the put_pixel_rows function in wrbmp.c, as demonstrated by djpeg. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19664 LAYER: meta PACKAGE NAME: libjpeg-turbo PACKAGE VERSION: 1_3.0.1 CVE: CVE-2018-20330 CVE STATUS: Patched CVE SUMMARY: The tjLoadImage function in libjpeg-turbo 2.0.1 has an integer overflow with a resultant heap-based buffer overflow via a BMP image because multiplication of pitch and height is mishandled, as demonstrated by tjbench. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20330 LAYER: meta PACKAGE NAME: libjpeg-turbo PACKAGE VERSION: 1_3.0.1 CVE: CVE-2019-13960 CVE STATUS: Patched CVE SUMMARY: In libjpeg-turbo 2.0.2, a large amount of memory can be used during processing of an invalid progressive JPEG image containing incorrect width and height values in the image header. NOTE: the vendor's expectation, for use cases in which this memory usage would be a denial of service, is that the application should interpret libjpeg warnings as fatal errors (aborting decompression) and/or set limits on resource consumption or image sizes CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-13960 LAYER: meta PACKAGE NAME: libjpeg-turbo PACKAGE VERSION: 1_3.0.1 CVE: CVE-2020-13790 CVE STATUS: Patched CVE SUMMARY: libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 8.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-13790 LAYER: meta PACKAGE NAME: libjpeg-turbo PACKAGE VERSION: 1_3.0.1 CVE: CVE-2020-17541 CVE STATUS: Patched CVE SUMMARY: Libjpeg-turbo all version have a stack-based buffer overflow in the "transform" component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary code execution or denial of service of the target service. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-17541 LAYER: meta PACKAGE NAME: libjpeg-turbo PACKAGE VERSION: 1_3.0.1 CVE: CVE-2020-35538 CVE STATUS: Patched CVE SUMMARY: A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by libjpeg-turbo. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-35538 LAYER: meta PACKAGE NAME: libjpeg-turbo PACKAGE VERSION: 1_3.0.1 CVE: CVE-2021-20205 CVE STATUS: Patched CVE SUMMARY: Libjpeg-turbo versions 2.0.91 and 2.0.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted GIF image. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-20205 LAYER: meta PACKAGE NAME: libjpeg-turbo PACKAGE VERSION: 1_3.0.1 CVE: CVE-2021-29390 CVE STATUS: Patched CVE SUMMARY: libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in decompress_smooth_data in jdcoefct.c. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-29390 LAYER: meta PACKAGE NAME: libjpeg-turbo PACKAGE VERSION: 1_3.0.1 CVE: CVE-2021-46822 CVE STATUS: Patched CVE SUMMARY: The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the get_word_rgb_row function in rdppm.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-46822 LAYER: meta PACKAGE NAME: libjpeg-turbo PACKAGE VERSION: 1_3.0.1 CVE: CVE-2023-2804 CVE STATUS: Patched CVE SUMMARY: A heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2_merged_upsample_internal() function of jdmrgext.c file. The vulnerability can only be exploited with 12-bit data precision for which the range of the sample data type exceeds the valid sample range, hence, an attacker could craft a 12-bit lossless JPEG image that contains out-of-range 12-bit samples. An application attempting to decompress such image using merged upsampling would lead to segmentation fault or buffer overflows, causing an application to crash. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-2804 LAYER: meta PACKAGE NAME: libxi PACKAGE VERSION: 1_1.8.1 CVE: CVE-2013-1984 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in X.org libXi 1.7.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XGetDeviceControl, (2) XGetFeedbackControl, (3) XGetDeviceDontPropagateList, (4) XGetDeviceMotionEvents, (5) XIGetProperty, (6) XIGetSelectedEvents, (7) XGetDeviceProperties, and (8) XListInputDevices functions. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1984 LAYER: meta PACKAGE NAME: libxi PACKAGE VERSION: 1_1.8.1 CVE: CVE-2013-1995 CVE STATUS: Patched CVE SUMMARY: X.org libXi 1.7.1 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to an unexpected sign extension in the XListInputDevices function. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1995 LAYER: meta PACKAGE NAME: libxi PACKAGE VERSION: 1_1.8.1 CVE: CVE-2013-1998 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in X.org libXi 1.7.1 and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XGetDeviceButtonMapping, (2) XIPassiveGrabDevice, and (3) XQueryDeviceState functions. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1998 LAYER: meta PACKAGE NAME: libxi PACKAGE VERSION: 1_1.8.1 CVE: CVE-2016-7945 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service (out-of-bounds memory access or infinite loop) via vectors involving length fields. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7945 LAYER: meta PACKAGE NAME: libxi PACKAGE VERSION: 1_1.8.1 CVE: CVE-2016-7946 CVE STATUS: Patched CVE SUMMARY: X.org libXi before 1.7.7 allows remote X servers to cause a denial of service (infinite loop) via vectors involving length fields. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7946 LAYER: meta PACKAGE NAME: unzip PACKAGE VERSION: 1_6.0 CVE: CVE-2001-1268 CVE STATUS: Patched CVE SUMMARY: Directory traversal vulnerability in Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via a .. (dot dot) in an extracted filename. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2001-1268 LAYER: meta PACKAGE NAME: unzip PACKAGE VERSION: 1_6.0 CVE: CVE-2001-1269 CVE STATUS: Patched CVE SUMMARY: Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via filenames in the archive that begin with the '/' (slash) character. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2001-1269 LAYER: meta PACKAGE NAME: unzip PACKAGE VERSION: 1_6.0 CVE: CVE-2003-0282 CVE STATUS: Patched CVE SUMMARY: Directory traversal vulnerability in UnZip 5.50 allows attackers to overwrite arbitrary files via invalid characters between two . (dot) characters, which are filtered and result in a ".." sequence. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-0282 LAYER: meta PACKAGE NAME: unzip PACKAGE VERSION: 1_6.0 CVE: CVE-2005-0602 CVE STATUS: Patched CVE SUMMARY: Unzip 5.51 and earlier does not properly warn the user when extracting setuid or setgid files, which may allow local users to gain privileges. CVSS v2 BASE SCORE: 6.2 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-0602 LAYER: meta PACKAGE NAME: unzip PACKAGE VERSION: 1_6.0 CVE: CVE-2005-2475 CVE STATUS: Patched CVE SUMMARY: Race condition in Unzip 5.52 allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by Unzip after the decompression is complete. CVSS v2 BASE SCORE: 1.2 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-2475 LAYER: meta PACKAGE NAME: unzip PACKAGE VERSION: 1_6.0 CVE: CVE-2005-4667 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long arguments when it is invoked from other programs. CVSS v2 BASE SCORE: 3.7 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-4667 LAYER: meta PACKAGE NAME: unzip PACKAGE VERSION: 1_6.0 CVE: CVE-2008-0888 CVE STATUS: Patched CVE DETAIL: fixed-version CVE DESCRIPTION: Patch from https://bugzilla.redhat.com/attachment.cgi?id=293893&action=diff applied to 6.0 source CVE SUMMARY: The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or previously-freed data. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-0888 LAYER: meta PACKAGE NAME: unzip PACKAGE VERSION: 1_6.0 CVE: CVE-2014-8139 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8139 LAYER: meta PACKAGE NAME: unzip PACKAGE VERSION: 1_6.0 CVE: CVE-2014-8140 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8140 LAYER: meta PACKAGE NAME: unzip PACKAGE VERSION: 1_6.0 CVE: CVE-2014-8141 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8141 LAYER: meta PACKAGE NAME: unzip PACKAGE VERSION: 1_6.0 CVE: CVE-2014-9636 CVE STATUS: Patched CVE SUMMARY: unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9636 LAYER: meta PACKAGE NAME: unzip PACKAGE VERSION: 1_6.0 CVE: CVE-2014-9913 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the list_files function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via vectors related to the compression method. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 4.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9913 LAYER: meta PACKAGE NAME: unzip PACKAGE VERSION: 1_6.0 CVE: CVE-2015-1315 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the charset_to_intern function in unix/unix.c in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string, as demonstrated by converting a string from CP866 to UTF-8. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1315 LAYER: meta PACKAGE NAME: unzip PACKAGE VERSION: 1_6.0 CVE: CVE-2015-7696 CVE STATUS: Patched CVE SUMMARY: Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly execute arbitrary code via a crafted password-protected ZIP archive, possibly related to an Extra-Field size value. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7696 LAYER: meta PACKAGE NAME: unzip PACKAGE VERSION: 1_6.0 CVE: CVE-2015-7697 CVE STATUS: Patched CVE SUMMARY: Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7697 LAYER: meta PACKAGE NAME: unzip PACKAGE VERSION: 1_6.0 CVE: CVE-2016-9844 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via a large compression method value in the central directory file header. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 4.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9844 LAYER: meta PACKAGE NAME: unzip PACKAGE VERSION: 1_6.0 CVE: CVE-2018-1000031 CVE STATUS: Patched CVE SUMMARY: A heap-based buffer overflow exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service or to possibly achieve code execution. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000031 LAYER: meta PACKAGE NAME: unzip PACKAGE VERSION: 1_6.0 CVE: CVE-2018-1000032 CVE STATUS: Patched CVE SUMMARY: A heap-based buffer overflow exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service or to possibly achieve code execution. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000032 LAYER: meta PACKAGE NAME: unzip PACKAGE VERSION: 1_6.0 CVE: CVE-2018-1000033 CVE STATUS: Patched CVE SUMMARY: An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service and read sensitive memory. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000033 LAYER: meta PACKAGE NAME: unzip PACKAGE VERSION: 1_6.0 CVE: CVE-2018-1000034 CVE STATUS: Patched CVE SUMMARY: An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service and read sensitive memory. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000034 LAYER: meta PACKAGE NAME: unzip PACKAGE VERSION: 1_6.0 CVE: CVE-2018-1000035 CVE STATUS: Patched CVE SUMMARY: A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000035 LAYER: meta PACKAGE NAME: unzip PACKAGE VERSION: 1_6.0 CVE: CVE-2018-18384 CVE STATUS: Patched CVE SUMMARY: Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is supposed to be 12. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18384 LAYER: meta PACKAGE NAME: unzip PACKAGE VERSION: 1_6.0 CVE: CVE-2019-13232 CVE STATUS: Patched CVE SUMMARY: Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a "better zip bomb" issue. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 3.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-13232 LAYER: meta PACKAGE NAME: unzip PACKAGE VERSION: 1_6.0 CVE: CVE-2020-36561 CVE STATUS: Patched CVE SUMMARY: Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-36561 LAYER: meta PACKAGE NAME: unzip PACKAGE VERSION: 1_6.0 CVE: CVE-2021-4217 CVE STATUS: Patched CVE SUMMARY: A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 3.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4217 LAYER: meta PACKAGE NAME: unzip PACKAGE VERSION: 1_6.0 CVE: CVE-2022-0529 CVE STATUS: Patched CVE SUMMARY: A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0529 LAYER: meta PACKAGE NAME: unzip PACKAGE VERSION: 1_6.0 CVE: CVE-2022-0530 CVE STATUS: Patched CVE SUMMARY: A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0530 LAYER: meta PACKAGE NAME: groff PACKAGE VERSION: 1.23.0 CVE: CVE-2000-0803 CVE STATUS: Patched CVE SUMMARY: GNU Groff uses the current working directory to find a device description file, which allows a local user to gain additional privileges by including a malicious postpro directive in the description file, which is executed when another user runs groff. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2000-0803 LAYER: meta PACKAGE NAME: groff PACKAGE VERSION: 1.23.0 CVE: CVE-2001-1022 CVE STATUS: Patched CVE SUMMARY: Format string vulnerability in pic utility in groff 1.16.1 and other versions, and jgroff before 1.15, allows remote attackers to bypass the -S option and execute arbitrary commands via format string specifiers in the plot command. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2001-1022 LAYER: meta PACKAGE NAME: groff PACKAGE VERSION: 1.23.0 CVE: CVE-2002-0003 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the preprocessor in groff 1.16 and earlier allows remote attackers to gain privileges via lpd in the LPRng printing system. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-0003 LAYER: meta PACKAGE NAME: groff PACKAGE VERSION: 1.23.0 CVE: CVE-2004-0969 CVE STATUS: Patched CVE SUMMARY: The groffer script in the Groff package 1.18 and later versions, as used in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0969 LAYER: meta PACKAGE NAME: groff PACKAGE VERSION: 1.23.0 CVE: CVE-2009-5044 CVE STATUS: Patched CVE SUMMARY: contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 allows local users to overwrite arbitrary files via a symlink attack on a pdf#####.tmp temporary file. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-5044 LAYER: meta PACKAGE NAME: groff PACKAGE VERSION: 1.23.0 CVE: CVE-2009-5078 CVE STATUS: Patched CVE SUMMARY: contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 launches the Ghostscript program without the -dSAFER option, which allows remote attackers to create, overwrite, rename, or delete arbitrary files via a crafted document. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-5078 LAYER: meta PACKAGE NAME: groff PACKAGE VERSION: 1.23.0 CVE: CVE-2009-5079 CVE STATUS: Patched CVE SUMMARY: The (1) gendef.sh, (2) doc/fixinfo.sh, and (3) contrib/gdiffmk/tests/runtests.in scripts in GNU troff (aka groff) 1.21 and earlier allow local users to overwrite arbitrary files via a symlink attack on a gro#####.tmp or /tmp/##### temporary file. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-5079 LAYER: meta PACKAGE NAME: groff PACKAGE VERSION: 1.23.0 CVE: CVE-2009-5080 CVE STATUS: Patched CVE SUMMARY: The (1) contrib/eqn2graph/eqn2graph.sh, (2) contrib/grap2graph/grap2graph.sh, and (3) contrib/pic2graph/pic2graph.sh scripts in GNU troff (aka groff) 1.21 and earlier do not properly handle certain failed attempts to create temporary directories, which might allow local users to overwrite arbitrary files via a symlink attack on a file in a temporary directory, a different vulnerability than CVE-2004-1296. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-5080 LAYER: meta PACKAGE NAME: groff PACKAGE VERSION: 1.23.0 CVE: CVE-2009-5081 CVE STATUS: Patched CVE SUMMARY: The (1) config.guess, (2) contrib/groffer/perl/groffer.pl, and (3) contrib/groffer/perl/roff2.pl scripts in GNU troff (aka groff) 1.21 and earlier use an insufficient number of X characters in the template argument to the tempfile function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file, a different vulnerability than CVE-2004-0969. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-5081 LAYER: meta PACKAGE NAME: groff PACKAGE VERSION: 1.23.0 CVE: CVE-2009-5082 CVE STATUS: Patched CVE SUMMARY: The (1) configure and (2) config.guess scripts in GNU troff (aka groff) 1.20.1 on Openwall GNU/*/Linux (aka Owl) improperly create temporary files upon a failure of the mktemp function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-5082 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2009-0586 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the gst_vorbis_tag_add_coverart function (gst-libs/gst/tag/gstvorbistag.c) in vorbistag in gst-plugins-base (aka gstreamer-plugins-base) before 0.10.23 in GStreamer allows context-dependent attackers to execute arbitrary code via a crafted COVERART tag that is converted from a base64 representation, which triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-0586 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2015-0797 CVE STATUS: Patched CVE SUMMARY: GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 on Linux, allows remote attackers to cause a denial of service (buffer over-read and application crash) or possibly execute arbitrary code via crafted H.264 video data in an m4v file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0797 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2016-10198 CVE STATUS: Patched CVE SUMMARY: The gst_aac_parse_sink_setcaps function in gst/audioparsers/gstaacparse.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted audio file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10198 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2016-10199 CVE STATUS: Patched CVE SUMMARY: The qtdemux_tag_add_str_full function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted tag value. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10199 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2016-9445 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the vmnc decoder in the gstreamer allows remote attackers to cause a denial of service (crash) via large width and height values, which triggers a buffer overflow. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9445 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2016-9446 CVE STATUS: Patched CVE SUMMARY: The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9446 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2016-9447 CVE STATUS: Patched CVE SUMMARY: The ROM mappings in the NSF decoder in gstreamer 0.10.x allow remote attackers to cause a denial of service (out-of-bounds read or write) and possibly execute arbitrary code via a crafted NSF music file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9447 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2016-9634 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via the start_line parameter. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9634 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2016-9635 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'skip count' that goes beyond initialized buffer. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9635 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2016-9636 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'write count' that goes beyond the initialized buffer. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9636 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2016-9807 CVE STATUS: Patched CVE SUMMARY: The flx_decode_chunks function in gst/flx/gstflxdec.c in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted FLIC file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9807 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2016-9808 CVE STATUS: Patched CVE SUMMARY: The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted series of skip and count pairs. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9808 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2016-9809 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the gst_h264_parse_set_caps function in GStreamer before 1.10.2 allows remote attackers to have unspecified impact via a crafted file, which triggers an out-of-bounds read. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9809 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2016-9810 CVE STATUS: Patched CVE SUMMARY: The gst_decode_chain_free_internal function in the flxdex decoder in gst-plugins-good in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via an invalid file, which triggers an incorrect unref call. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9810 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2016-9811 CVE STATUS: Patched CVE SUMMARY: The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 4.7 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9811 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2016-9812 CVE STATUS: Patched CVE SUMMARY: The gst_mpegts_section_new function in the mpegts decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a too small section. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9812 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2016-9813 CVE STATUS: Patched CVE SUMMARY: The _parse_pat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9813 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2017-5837 CVE STATUS: Patched CVE SUMMARY: The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted video file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5837 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2017-5838 CVE STATUS: Patched CVE SUMMARY: The gst_date_time_new_from_iso8601_string function in gst/gstdatetime.c in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a malformed datetime string. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5838 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2017-5839 CVE STATUS: Patched CVE SUMMARY: The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 does not properly limit recursion, which allows remote attackers to cause a denial of service (stack overflow and crash) via vectors involving nested WAVEFORMATEX. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5839 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2017-5840 CVE STATUS: Patched CVE SUMMARY: The qtdemux_parse_samples function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving the current stts index. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5840 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2017-5841 CVE STATUS: Patched CVE SUMMARY: The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving ncdt tags. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5841 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2017-5842 CVE STATUS: Patched CVE SUMMARY: The html_context_handle_element function in gst/subparse/samiparse.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted SMI file, as demonstrated by OneNote_Manager.smi. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5842 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2017-5843 CVE STATUS: Patched CVE SUMMARY: Multiple use-after-free vulnerabilities in the (1) gst_mini_object_unref, (2) gst_tag_list_unref, and (3) gst_mxf_demux_update_essence_tracks functions in GStreamer before 1.10.3 allow remote attackers to cause a denial of service (crash) via vectors involving stream tags, as demonstrated by 02785736.mxf. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5843 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2017-5844 CVE STATUS: Patched CVE SUMMARY: The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted ASF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5844 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2017-5845 CVE STATUS: Patched CVE SUMMARY: The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a ncdt sub-tag that "goes behind" the surrounding tag. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5845 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2017-5846 CVE STATUS: Patched CVE SUMMARY: The gst_asf_demux_process_ext_stream_props function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors related to the number of languages in a video file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5846 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2017-5847 CVE STATUS: Patched CVE SUMMARY: The gst_asf_demux_process_ext_content_desc function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving extended content descriptors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5847 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2017-5848 CVE STATUS: Patched CVE SUMMARY: The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors involving PSM parsing. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5848 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2019-9928 CVE STATUS: Patched CVE SUMMARY: GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server, potentially allowing remote code execution. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9928 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2021-3497 CVE STATUS: Patched CVE SUMMARY: GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3497 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2021-3498 CVE STATUS: Patched CVE SUMMARY: GStreamer before 1.18.4 might cause heap corruption when parsing certain malformed Matroska files. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3498 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2021-3522 CVE STATUS: Patched CVE SUMMARY: GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3522 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2022-1920 CVE STATUS: Patched CVE SUMMARY: Integer overflow in matroskademux element in gst_matroska_demux_add_wvpk_header function which allows a heap overwrite while parsing matroska files. Potential for arbitrary code execution through heap overwrite. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1920 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2022-1921 CVE STATUS: Patched CVE SUMMARY: Integer overflow in avidemux element in gst_avi_demux_invert function which allows a heap overwrite while parsing avi files. Potential for arbitrary code execution through heap overwrite. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1921 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2022-1922 CVE STATUS: Patched CVE SUMMARY: DOS / potential heap overwrite in mkv demuxing using zlib decompression. Integer overflow in matroskademux element in gst_matroska_decompress_data function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use mremap to reduce the size of the chunk, and it will start to write to unmapped memory). However, if using a libc implementation that does not use mmap, or if the OS does not support mmap while using libc, then this could result in a heap overwrite. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1922 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2022-1923 CVE STATUS: Patched CVE SUMMARY: DOS / potential heap overwrite in mkv demuxing using bzip decompression. Integer overflow in matroskademux element in bzip decompression function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use mremap to reduce the size of the chunk, and it will start to write to unmapped memory). However, if using a libc implementation that does not use mmap, or if the OS does not support mmap while using libc, then this could result in a heap overwrite. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1923 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2022-1924 CVE STATUS: Patched CVE SUMMARY: DOS / potential heap overwrite in mkv demuxing using lzo decompression. Integer overflow in matroskademux element in lzo decompression function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use mremap to reduce the size of the chunk, and it will start to write to unmapped memory). However, if using a libc implementation that does not use mmap, or if the OS does not support mmap while using libc, then this could result in a heap overwrite. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1924 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2022-1925 CVE STATUS: Patched CVE SUMMARY: DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decompression. Integer overflow in matroskaparse element in gst_matroska_decompress_data function which causes a heap overflow. Due to restrictions on chunk sizes in the matroskademux element, the overflow can't be triggered, however the matroskaparse element has no size checks. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1925 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2022-2122 CVE STATUS: Patched CVE SUMMARY: DOS / potential heap overwrite in qtdemux using zlib decompression. Integer overflow in qtdemux element in qtdemux_inflate function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2122 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2023-37327 CVE STATUS: Patched CVE SUMMARY: GStreamer FLAC File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of FLAC audio files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20775. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.6 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-37327 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2023-37328 CVE STATUS: Patched CVE SUMMARY: GStreamer PGS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of PGS subtitle files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-20994. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-37328 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2023-37329 CVE STATUS: Patched CVE SUMMARY: GStreamer SRT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of SRT subtitle files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20968. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-37329 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2023-38103 CVE STATUS: Patched CVE SUMMARY: GStreamer RealMedia File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of MDPR chunks. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21443. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-38103 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2023-38104 CVE STATUS: Patched CVE SUMMARY: GStreamer RealMedia File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of MDPR chunks. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21444. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-38104 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2023-40474 CVE STATUS: Patched CVE SUMMARY: GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of MXF video files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-21660. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-40474 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2023-40475 CVE STATUS: Patched CVE SUMMARY: GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of MXF video files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-21661. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-40475 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2023-40476 CVE STATUS: Patched CVE SUMMARY: GStreamer H265 Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of H265 encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-21768. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-40476 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2023-44429 CVE STATUS: Patched CVE SUMMARY: GStreamer AV1 Codec Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of AV1 encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22226. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-44429 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2023-44446 CVE STATUS: Patched CVE SUMMARY: GStreamer MXF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of MXF video files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22299. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-44446 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2023-50186 CVE STATUS: Patched CVE SUMMARY: GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of metadata within AV1 encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22300. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-50186 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2024-0444 CVE STATUS: Ignored CVE DETAIL: cpe-incorrect CVE DESCRIPTION: this is patched in gstreamer1.0-plugins-bad in 1.22 branch since 1.22.9 CVE SUMMARY: GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of tile list data within AV1-encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22873. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-0444 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2024-4453 CVE STATUS: Patched CVE SUMMARY: GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of EXIF metadata. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-23896. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-4453 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2024-47537 CVE STATUS: Ignored CVE DETAIL: cpe-incorrect CVE DESCRIPTION: this is patched ic gstreamer1.0-plugins-good CVE SUMMARY: GStreamer is a library for constructing graphs of media-handling components. The program attempts to reallocate the memory pointed to by stream->samples to accommodate stream->n_samples + samples_count elements of type QtDemuxSample. The problem is that samples_count is read from the input file. And if this value is big enough, this can lead to an integer overflow during the addition. As a consequence, g_try_renew might allocate memory for a significantly smaller number of elements than intended. Following this, the program iterates through samples_count elements and attempts to write samples_count number of elements, potentially exceeding the actual allocated memory size and causing an OOB-write. This vulnerability is fixed in 1.24.10. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 8.6 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-47537 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2024-47538 CVE STATUS: Ignored CVE DETAIL: cpe-incorrect CVE DESCRIPTION: this is patched ic gstreamer1.0-plugins-base CVE SUMMARY: GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the `vorbis_handle_identification_packet` function within `gstvorbisdec.c`. The position array is a stack-allocated buffer of size 64. If vd->vi.channels exceeds 64, the for loop will write beyond the boundaries of the position array. The value written will always be `GST_AUDIO_CHANNEL_POSITION_NONE`. This vulnerability allows someone to overwrite the EIP address allocated in the stack. Additionally, this bug can overwrite the `GstAudioInfo` info structure. This vulnerability is fixed in 1.24.10. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 8.6 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-47538 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2024-47539 CVE STATUS: Ignored CVE DETAIL: cpe-incorrect CVE DESCRIPTION: this is patched ic gstreamer1.0-plugins-good CVE SUMMARY: GStreamer is a library for constructing graphs of media-handling components. An out-of-bounds write vulnerability was identified in the convert_to_s334_1a function in isomp4/qtdemux.c. The vulnerability arises due to a discrepancy between the size of memory allocated to the storage array and the loop condition i * 2 < ccpair_size. Specifically, when ccpair_size is even, the allocated size in storage does not match the loop's expected bounds, resulting in an out-of-bounds write. This bug allows for the overwriting of up to 3 bytes beyond the allocated bounds of the storage array. This vulnerability is fixed in 1.24.10. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 8.6 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-47539 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2024-47540 CVE STATUS: Ignored CVE DETAIL: cpe-incorrect CVE DESCRIPTION: this is patched ic gstreamer1.0-plugins-good CVE SUMMARY: GStreamer is a library for constructing graphs of media-handling components. An uninitialized stack variable vulnerability has been identified in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. When size < 4, the program calls gst_buffer_unmap with an uninitialized map variable. Then, in the gst_memory_unmap function, the program will attempt to unmap the buffer using the uninitialized map variable, causing a function pointer hijack, as it will jump to mem->allocator->mem_unmap_full or mem->allocator->mem_unmap. This vulnerability could allow an attacker to hijack the execution flow, potentially leading to code execution. This vulnerability is fixed in 1.24.10. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 8.6 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-47540 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2024-47541 CVE STATUS: Ignored CVE DETAIL: cpe-incorrect CVE DESCRIPTION: this is patched ic gstreamer1.0-plugins-base CVE SUMMARY: GStreamer is a library for constructing graphs of media-handling components. An OOB-write vulnerability has been identified in the gst_ssa_parse_remove_override_codes function of the gstssaparse.c file. This function is responsible for parsing and removing SSA (SubStation Alpha) style override codes, which are enclosed in curly brackets ({}). The issue arises when a closing curly bracket "}" appears before an opening curly bracket "{" in the input string. In this case, memmove() incorrectly duplicates a substring. With each successive loop iteration, the size passed to memmove() becomes progressively larger (strlen(end+1)), leading to a write beyond the allocated memory bounds. This vulnerability is fixed in 1.24.10. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 6.9 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-47541 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2024-47542 CVE STATUS: Ignored CVE DETAIL: cpe-incorrect CVE DESCRIPTION: this is patched ic gstreamer1.0-plugins-base CVE SUMMARY: GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference has been discovered in the id3v2_read_synch_uint function, located in id3v2.c. If id3v2_read_synch_uint is called with a null work->hdr.frame_data, the pointer guint8 *data is accessed without validation, resulting in a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 6.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-47542 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2024-47543 CVE STATUS: Ignored CVE DETAIL: cpe-incorrect CVE DESCRIPTION: this is patched ic gstreamer1.0-plugins-good CVE SUMMARY: GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in qtdemux_parse_container function within qtdemux.c. In the parent function qtdemux_parse_node, the value of length is not well checked. So, if length is big enough, it causes the pointer end to point beyond the boundaries of buffer. Subsequently, in the qtdemux_parse_container function, the while loop can trigger an OOB-read, accessing memory beyond the bounds of buf. This vulnerability can result in reading up to 4GB of process memory or potentially causing a segmentation fault (SEGV) when accessing invalid memory. This vulnerability is fixed in 1.24.10. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 5.1 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-47543 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2024-47544 CVE STATUS: Ignored CVE DETAIL: cpe-incorrect CVE DESCRIPTION: this is patched ic gstreamer1.0-plugins-good CVE SUMMARY: GStreamer is a library for constructing graphs of media-handling components. The function qtdemux_parse_sbgp in qtdemux.c is affected by a null dereference vulnerability. This vulnerability is fixed in 1.24.10. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 6.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-47544 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2024-47545 CVE STATUS: Ignored CVE DETAIL: cpe-incorrect CVE DESCRIPTION: this is patched ic gstreamer1.0-plugins-good CVE SUMMARY: GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in qtdemux_parse_trak function within qtdemux.c. During the strf parsing case, the subtraction size -= 40 can lead to a negative integer overflow if it is less than 40. If this happens, the subsequent call to gst_buffer_fill will invoke memcpy with a large tocopy size, resulting in an OOB-read. This vulnerability is fixed in 1.24.10. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 6.9 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-47545 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2024-47546 CVE STATUS: Ignored CVE DETAIL: cpe-incorrect CVE DESCRIPTION: this is patched ic gstreamer1.0-plugins-good CVE SUMMARY: GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in extract_cc_from_data function within qtdemux.c. In the FOURCC_c708 case, the subtraction atom_length - 8 may result in an underflow if atom_length is less than 8. When that subtraction underflows, *cclen ends up being a large number, and then cclen is passed to g_memdup2 leading to an out-of-bounds (OOB) read. This vulnerability is fixed in 1.24.10. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 6.9 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-47546 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2024-47596 CVE STATUS: Ignored CVE DETAIL: cpe-incorrect CVE DESCRIPTION: this is patched ic gstreamer1.0-plugins-good CVE SUMMARY: GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in the qtdemux_parse_svq3_stsd_data function within qtdemux.c. In the FOURCC_SMI_ case, seqh_size is read from the input file without proper validation. If seqh_size is greater than the remaining size of the data buffer, it can lead to an OOB-read in the following call to gst_buffer_fill, which internally uses memcpy. This vulnerability can result in reading up to 4GB of process memory or potentially causing a segmentation fault (SEGV) when accessing invalid memory. This vulnerability is fixed in 1.24.10. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 5.1 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-47596 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2024-47597 CVE STATUS: Ignored CVE DETAIL: cpe-incorrect CVE DESCRIPTION: this is patched ic gstreamer1.0-plugins-good CVE SUMMARY: GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been detected in the function qtdemux_parse_samples within qtdemux.c. This issue arises when the function qtdemux_parse_samples reads data beyond the boundaries of the stream->stco buffer. The following code snippet shows the call to qt_atom_parser_get_offset_unchecked, which leads to the OOB-read when parsing the provided GHSL-2024-245_crash1.mp4 file. This issue may lead to read up to 8 bytes out-of-bounds. This vulnerability is fixed in 1.24.10. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.1 CVSS v4 BASE SCORE: 5.1 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-47597 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2024-47598 CVE STATUS: Ignored CVE DETAIL: cpe-incorrect CVE DESCRIPTION: this is patched ic gstreamer1.0-plugins-good CVE SUMMARY: GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in the qtdemux_merge_sample_table function within qtdemux.c. The problem is that the size of the stts buffer isn’t properly checked before reading stts_duration, allowing the program to read 4 bytes beyond the boundaries of stts->data. This vulnerability reads up to 4 bytes past the allocated bounds of the stts array. This vulnerability is fixed in 1.24.10. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.1 CVSS v4 BASE SCORE: 5.1 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-47598 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2024-47599 CVE STATUS: Ignored CVE DETAIL: cpe-incorrect CVE DESCRIPTION: this is patched ic gstreamer1.0-plugins-good CVE SUMMARY: GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_jpeg_dec_negotiate function in gstjpegdec.c. This function does not check for a NULL return value from gst_video_decoder_set_output_state. When this happens, dereferences of the outstate pointer will lead to a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 6.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-47599 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2024-47600 CVE STATUS: Ignored CVE DETAIL: cpe-incorrect CVE DESCRIPTION: this is patched ic gstreamer1.0-plugins-base CVE SUMMARY: GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been detected in the format_channel_mask function in gst-discoverer.c. The vulnerability affects the local array position, which is defined with a fixed size of 64 elements. However, the function gst_discoverer_audio_info_get_channels may return a guint channels value greater than 64. This causes the for loop to attempt access beyond the bounds of the position array, resulting in an OOB-read when an index greater than 63 is used. This vulnerability can result in reading unintended bytes from the stack. Additionally, the dereference of value->value_nick after the OOB-read can lead to further memory corruption or undefined behavior. This vulnerability is fixed in 1.24.10. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.1 CVSS v4 BASE SCORE: 5.1 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-47600 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2024-47601 CVE STATUS: Ignored CVE DETAIL: cpe-incorrect CVE DESCRIPTION: this is patched ic gstreamer1.0-plugins-good CVE SUMMARY: GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_parse_blockgroup_or_simpleblock function within matroska-demux.c. This function does not properly check the validity of the GstBuffer *sub pointer before performing dereferences. As a result, null pointer dereferences may occur. This vulnerability is fixed in 1.24.10. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 6.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-47601 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2024-47602 CVE STATUS: Ignored CVE DETAIL: cpe-incorrect CVE DESCRIPTION: this is patched ic gstreamer1.0-plugins-good CVE SUMMARY: GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. This function does not properly check the validity of the stream->codec_priv pointer in the following code. If stream->codec_priv is NULL, the call to GST_READ_UINT16_LE will attempt to dereference a null pointer, leading to a crash of the application. This vulnerability is fixed in 1.24.10. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 6.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-47602 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2024-47603 CVE STATUS: Ignored CVE DETAIL: cpe-incorrect CVE DESCRIPTION: this is patched ic gstreamer1.0-plugins-good CVE SUMMARY: GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_update_tracks function within matroska-demux.c. The vulnerability occurs when the gst_caps_is_equal function is called with invalid caps values. If this happen, then in the function gst_buffer_get_size the call to GST_BUFFER_MEM_PTR can return a null pointer. Attempting to dereference the size field of this null pointer results in a null pointer dereference. This vulnerability is fixed in 1.24.10. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 6.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-47603 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2024-47606 CVE STATUS: Unpatched CVE SUMMARY: GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemux_parse_theora_extension within qtdemux.c. The vulnerability occurs due to an underflow of the gint size variable, which causes size to hold a large unintended value when cast to an unsigned integer. This 32-bit negative value is then cast to a 64-bit unsigned integer (0xfffffffffffffffa) in a subsequent call to gst_buffer_new_and_alloc. The function gst_buffer_new_allocate then attempts to allocate memory, eventually calling _sysmem_new_block. The function _sysmem_new_block adds alignment and header size to the (unsigned) size, causing the overflow of the 'slice_size' variable. As a result, only 0x89 bytes are allocated, despite the large input size. When the following memcpy call occurs in gst_buffer_fill, the data from the input file will overwrite the content of the GstMapInfo info structure. Finally, during the call to gst_memory_unmap, the overwritten memory may cause a function pointer hijack, as the mem->allocator->mem_unmap_full function is called with a corrupted pointer. This function pointer overwrite could allow an attacker to alter the execution flow of the program, leading to arbitrary code execution. This vulnerability is fixed in 1.24.10. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 8.6 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-47606 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2024-47607 CVE STATUS: Ignored CVE DETAIL: cpe-incorrect CVE DESCRIPTION: this is patched ic gstreamer1.0-plugins-base CVE SUMMARY: GStreamer is a library for constructing graphs of media-handling components. stack-buffer overflow has been detected in the gst_opus_dec_parse_header function within `gstopusdec.c'. The pos array is a stack-allocated buffer of size 64. If n_channels exceeds 64, the for loop will write beyond the boundaries of the pos array. The value written will always be GST_AUDIO_CHANNEL_POSITION_NONE. This bug allows to overwrite the EIP address allocated in the stack. This vulnerability is fixed in 1.24.10. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 8.6 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-47607 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2024-47613 CVE STATUS: Ignored CVE DETAIL: cpe-incorrect CVE DESCRIPTION: this is patched ic gstreamer1.0-plugins-good CVE SUMMARY: GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been identified in `gst_gdk_pixbuf_dec_flush` within `gstgdkpixbufdec.c`. This function invokes `memcpy`, using `out_pix` as the destination address. `out_pix` is expected to point to the frame 0 from the frame structure, which is read from the input file. However, in certain situations, it can points to a NULL frame, causing the subsequent call to `memcpy` to attempt writing to the null address (0x00), leading to a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 8.6 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-47613 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2024-47615 CVE STATUS: Ignored CVE DETAIL: cpe-incorrect CVE DESCRIPTION: this is patched ic gstreamer1.0-plugins-base CVE SUMMARY: GStreamer is a library for constructing graphs of media-handling components. An OOB-Write has been detected in the function gst_parse_vorbis_setup_packet within vorbis_parse.c. The integer size is read from the input file without proper validation. As a result, size can exceed the fixed size of the pad->vorbis_mode_sizes array (which size is 256). When this happens, the for loop overwrites the entire pad structure with 0s and 1s, affecting adjacent memory as well. This OOB-write can overwrite up to 380 bytes of memory beyond the boundaries of the pad->vorbis_mode_sizes array. This vulnerability is fixed in 1.24.10. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 8.6 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-47615 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2024-47774 CVE STATUS: Ignored CVE DETAIL: cpe-incorrect CVE DESCRIPTION: this is patched ic gstreamer1.0-plugins-good CVE SUMMARY: GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst_avi_subtitle_parse_gab2_chunk function within gstavisubtitle.c. The function reads the name_length value directly from the input file without checking it properly. Then, the a condition, does not properly handle cases where name_length is greater than 0xFFFFFFFF - 17, causing an integer overflow. In such scenario, the function attempts to access memory beyond the buffer leading to an OOB-read. This vulnerability is fixed in 1.24.10. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.1 CVSS v4 BASE SCORE: 5.1 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-47774 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2024-47775 CVE STATUS: Ignored CVE DETAIL: cpe-incorrect CVE DESCRIPTION: this is patched ic gstreamer1.0-plugins-good CVE SUMMARY: GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been found in the parse_ds64 function within gstwavparse.c. The parse_ds64 function does not check that the buffer buf contains sufficient data before attempting to read from it, doing multiple GST_READ_UINT32_LE operations without performing boundary checks. This can lead to an OOB-read when buf is smaller than expected. This vulnerability allows reading beyond the bounds of the data buffer, potentially leading to a crash (denial of service) or the leak of sensitive data. This vulnerability is fixed in 1.24.10. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.1 CVSS v4 BASE SCORE: 5.1 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-47775 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2024-47776 CVE STATUS: Ignored CVE DETAIL: cpe-incorrect CVE DESCRIPTION: this is patched ic gstreamer1.0-plugins-good CVE SUMMARY: GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in gst_wavparse_cue_chunk within gstwavparse.c. The vulnerability happens due to a discrepancy between the size of the data buffer and the size value provided to the function. This mismatch causes the comparison if (size < 4 + ncues * 24) to fail in some cases, allowing the subsequent loop to access beyond the bounds of the data buffer. The root cause of this discrepancy stems from a miscalculation when clipping the chunk size based on upstream data size. This vulnerability allows reading beyond the bounds of the data buffer, potentially leading to a crash (denial of service) or the leak of sensitive data. This vulnerability is fixed in 1.24.10. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.1 CVSS v4 BASE SCORE: 5.1 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-47776 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2024-47777 CVE STATUS: Ignored CVE DETAIL: cpe-incorrect CVE DESCRIPTION: this is patched ic gstreamer1.0-plugins-good CVE SUMMARY: GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst_wavparse_smpl_chunk function within gstwavparse.c. This function attempts to read 4 bytes from the data + 12 offset without checking if the size of the data buffer is sufficient. If the buffer is too small, the function reads beyond its bounds. This vulnerability may result in reading 4 bytes out of the boundaries of the data buffer. This vulnerability is fixed in 1.24.10. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.1 CVSS v4 BASE SCORE: 5.1 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-47777 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2024-47778 CVE STATUS: Ignored CVE DETAIL: cpe-incorrect CVE DESCRIPTION: this is patched ic gstreamer1.0-plugins-good CVE SUMMARY: GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in gst_wavparse_adtl_chunk within gstwavparse.c. This vulnerability arises due to insufficient validation of the size parameter, which can exceed the bounds of the data buffer. As a result, an OOB read occurs in the following while loop. This vulnerability can result in reading up to 4GB of process memory or potentially causing a segmentation fault (SEGV) when accessing invalid memory. This vulnerability is fixed in 1.24.10. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 5.1 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-47778 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2024-47834 CVE STATUS: Ignored CVE DETAIL: cpe-incorrect CVE DESCRIPTION: this is patched ic gstreamer1.0-plugins-good CVE SUMMARY: GStreamer is a library for constructing graphs of media-handling components. An Use-After-Free read vulnerability has been discovered affecting the processing of CodecPrivate elements in Matroska streams. In the GST_MATROSKA_ID_CODECPRIVATE case within the gst_matroska_demux_parse_stream function, a data chunk is allocated using gst_ebml_read_binary. Later, the allocated memory is freed in the gst_matroska_track_free function, by the call to g_free (track->codec_priv). Finally, the freed memory is accessed in the caps_serialize function through gst_value_serialize_buffer. The freed memory will be accessed in the gst_value_serialize_buffer function. This results in a UAF read vulnerability, as the function tries to process memory that has already been freed. This vulnerability is fixed in 1.24.10. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.1 CVSS v4 BASE SCORE: 5.1 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-47834 LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2024-47835 CVE STATUS: Ignored CVE DETAIL: cpe-incorrect CVE DESCRIPTION: this is patched ic gstreamer1.0-plugins-base CVE SUMMARY: GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been detected in the parse_lrc function within gstsubparse.c. The parse_lrc function calls strchr() to find the character ']' in the string line. The pointer returned by this call is then passed to g_strdup(). However, if the string line does not contain the character ']', strchr() returns NULL, and a call to g_strdup(start + 1) leads to a null pointer dereference. This vulnerability is fixed in 1.24.10. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 6.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-47835 LAYER: meta PACKAGE NAME: libsamplerate0 PACKAGE VERSION: 0.2.2 CVE: CVE-2017-7697 CVE STATUS: Patched CVE SUMMARY: In libsamplerate before 0.1.9, a buffer over-read occurs in the calc_output_single function in src_sinc.c via a crafted audio file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7697 LAYER: meta PACKAGE NAME: python3-setuptools PACKAGE VERSION: 69.1.1 CVE: CVE-2013-1633 CVE STATUS: Patched CVE SUMMARY: easy_install in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to the default use of the product. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1633 LAYER: meta PACKAGE NAME: python3-setuptools PACKAGE VERSION: 69.1.1 CVE: CVE-2022-40897 CVE STATUS: Patched CVE SUMMARY: Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-40897 LAYER: meta PACKAGE NAME: python3-setuptools PACKAGE VERSION: 69.1.1 CVE: CVE-2024-6345 CVE STATUS: Patched CVE SUMMARY: A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-6345 LAYER: meta-networking PACKAGE NAME: mosquitto PACKAGE VERSION: 2.0.20 CVE: CVE-2017-7650 CVE STATUS: Patched CVE SUMMARY: In Mosquitto before 1.4.12, pattern based ACLs can be bypassed by clients that set their username/client id to '#' or '+'. This allows locally or remotely connected clients to access MQTT topics that they do have the rights to. The same issue may be present in third party authentication/access control plugins for Mosquitto. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7650 LAYER: meta-networking PACKAGE NAME: mosquitto PACKAGE VERSION: 2.0.20 CVE: CVE-2017-7651 CVE STATUS: Patched CVE SUMMARY: In Eclipse Mosquitto 1.4.14, a user can shutdown the Mosquitto server simply by filling the RAM memory with a lot of connections with large payload. This can be done without authentications if occur in connection phase of MQTT protocol. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7651 LAYER: meta-networking PACKAGE NAME: mosquitto PACKAGE VERSION: 2.0.20 CVE: CVE-2017-7652 CVE STATUS: Patched CVE SUMMARY: In Eclipse Mosquitto 1.4.14, if a Mosquitto instance is set running with a configuration file, then sending a HUP signal to server triggers the configuration to be reloaded from disk. If there are lots of clients connected so that there are no more file descriptors/sockets available (default limit typically 1024 file descriptors on Linux), then opening the configuration file will fail. CVSS v2 BASE SCORE: 6.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7652 LAYER: meta-networking PACKAGE NAME: mosquitto PACKAGE VERSION: 2.0.20 CVE: CVE-2017-7653 CVE STATUS: Patched CVE SUMMARY: The Eclipse Mosquitto broker up to version 1.4.15 does not reject strings that are not valid UTF-8. A malicious client could cause other clients that do reject invalid UTF-8 strings to disconnect themselves from the broker by sending a topic string which is not valid UTF-8, and so cause a denial of service for the clients. CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7653 LAYER: meta-networking PACKAGE NAME: mosquitto PACKAGE VERSION: 2.0.20 CVE: CVE-2017-7654 CVE STATUS: Patched CVE SUMMARY: In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak vulnerability was found within the Mosquitto Broker. Unauthenticated clients can send crafted CONNECT packets which could cause a denial of service in the Mosquitto Broker. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7654 LAYER: meta-networking PACKAGE NAME: mosquitto PACKAGE VERSION: 2.0.20 CVE: CVE-2017-7655 CVE STATUS: Patched CVE SUMMARY: In Eclipse Mosquitto version from 1.0 to 1.4.15, a Null Dereference vulnerability was found in the Mosquitto library which could lead to crashes for those applications using the library. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7655 LAYER: meta-networking PACKAGE NAME: mosquitto PACKAGE VERSION: 2.0.20 CVE: CVE-2017-9868 CVE STATUS: Patched CVE SUMMARY: In Mosquitto through 1.4.12, mosquitto.db (aka the persistence file) is world readable, which allows local users to obtain sensitive MQTT topic information. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9868 LAYER: meta-networking PACKAGE NAME: mosquitto PACKAGE VERSION: 2.0.20 CVE: CVE-2018-12543 CVE STATUS: Patched CVE SUMMARY: In Eclipse Mosquitto versions 1.5 to 1.5.2 inclusive, if a message is published to Mosquitto that has a topic starting with $, but that is not $SYS, e.g. $test/test, then an assert is triggered that should otherwise not be reachable and Mosquitto will exit. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-12543 LAYER: meta-networking PACKAGE NAME: mosquitto PACKAGE VERSION: 2.0.20 CVE: CVE-2018-12546 CVE STATUS: Patched CVE SUMMARY: In Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) when a client publishes a retained message to a topic, then has its access to that topic revoked, the retained message will still be published to clients that subscribe to that topic in the future. In some applications this may result in clients being able cause effects that would otherwise not be allowed. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-12546 LAYER: meta-networking PACKAGE NAME: mosquitto PACKAGE VERSION: 2.0.20 CVE: CVE-2018-12550 CVE STATUS: Patched CVE SUMMARY: When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use an ACL file, and that ACL file is empty, or contains only comments or blank lines, then Mosquitto will treat this as though no ACL file has been defined and use a default allow policy. The new behaviour is to have an empty ACL file mean that all access is denied, which is not a useful configuration but is not unexpected. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-12550 LAYER: meta-networking PACKAGE NAME: mosquitto PACKAGE VERSION: 2.0.20 CVE: CVE-2018-12551 CVE STATUS: Patched CVE SUMMARY: When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use a password file for authentication, any malformed data in the password file will be treated as valid. This typically means that the malformed data becomes a username and no password. If this occurs, clients can circumvent authentication and get access to the broker by using the malformed username. In particular, a blank line will be treated as a valid empty username. Other security measures are unaffected. Users who have only used the mosquitto_passwd utility to create and modify their password files are unaffected by this vulnerability. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-12551 LAYER: meta-networking PACKAGE NAME: mosquitto PACKAGE VERSION: 2.0.20 CVE: CVE-2018-20145 CVE STATUS: Patched CVE SUMMARY: Eclipse Mosquitto 1.5.x before 1.5.5 allows ACL bypass: if the option per_listener_settings was set to true, and the default listener was in use, and the default listener specified an acl_file, then the acl file was being ignored. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20145 LAYER: meta-networking PACKAGE NAME: mosquitto PACKAGE VERSION: 2.0.20 CVE: CVE-2019-11778 CVE STATUS: Patched CVE SUMMARY: If an MQTT v5 client connects to Eclipse Mosquitto versions 1.6.0 to 1.6.4 inclusive, sets a last will and testament, sets a will delay interval, sets a session expiry interval, and the will delay interval is set longer than the session expiry interval, then a use after free error occurs, which has the potential to cause a crash in some situations. CVSS v2 BASE SCORE: 5.5 CVSS v3 BASE SCORE: 5.4 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-11778 LAYER: meta-networking PACKAGE NAME: mosquitto PACKAGE VERSION: 2.0.20 CVE: CVE-2019-11779 CVE STATUS: Patched CVE SUMMARY: In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-11779 LAYER: meta-networking PACKAGE NAME: mosquitto PACKAGE VERSION: 2.0.20 CVE: CVE-2021-28166 CVE STATUS: Patched CVE SUMMARY: In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated client that had connected with MQTT v5 sent a crafted CONNACK message to the broker, a NULL pointer dereference would occur. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-28166 LAYER: meta-networking PACKAGE NAME: mosquitto PACKAGE VERSION: 2.0.20 CVE: CVE-2021-34431 CVE STATUS: Patched CVE SUMMARY: In Eclipse Mosquitto version 1.6 to 2.0.10, if an authenticated client that had connected with MQTT v5 sent a crafted CONNECT message to the broker a memory leak would occur, which could be used to provide a DoS attack against the broker. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-34431 LAYER: meta-networking PACKAGE NAME: mosquitto PACKAGE VERSION: 2.0.20 CVE: CVE-2021-34432 CVE STATUS: Patched CVE SUMMARY: In Eclipse Mosquitto versions 2.07 and earlier, the server will crash if the client tries to send a PUBLISH packet with topic length = 0. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-34432 LAYER: meta-networking PACKAGE NAME: mosquitto PACKAGE VERSION: 2.0.20 CVE: CVE-2021-34434 CVE STATUS: Patched CVE SUMMARY: In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that client are not revoked. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-34434 LAYER: meta-networking PACKAGE NAME: mosquitto PACKAGE VERSION: 2.0.20 CVE: CVE-2021-41039 CVE STATUS: Patched CVE SUMMARY: In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client connecting with a large number of user-property properties could cause excessive CPU usage, leading to a loss of performance and possible denial of service. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-41039 LAYER: meta-networking PACKAGE NAME: mosquitto PACKAGE VERSION: 2.0.20 CVE: CVE-2023-0809 CVE STATUS: Patched CVE SUMMARY: In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0809 LAYER: meta-networking PACKAGE NAME: mosquitto PACKAGE VERSION: 2.0.20 CVE: CVE-2023-28366 CVE STATUS: Patched CVE SUMMARY: The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-28366 LAYER: meta-networking PACKAGE NAME: mosquitto PACKAGE VERSION: 2.0.20 CVE: CVE-2023-3592 CVE STATUS: Patched CVE SUMMARY: In Mosquitto before 2.0.16, a memory leak occurs when clients send v5 CONNECT packets with a will message that contains invalid property types. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-3592 LAYER: meta-networking PACKAGE NAME: mosquitto PACKAGE VERSION: 2.0.20 CVE: CVE-2023-5632 CVE STATUS: Patched CVE SUMMARY: In Eclipse Mosquito before and including 2.0.5, establishing a connection to the mosquitto server without sending data causes the EPOLLOUT event to be added, which results excessive CPU consumption. This could be used by a malicious actor to perform denial of service type attack. This issue is fixed in 2.0.6 CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-5632 LAYER: meta-networking PACKAGE NAME: mosquitto PACKAGE VERSION: 2.0.20 CVE: CVE-2024-10525 CVE STATUS: Patched CVE SUMMARY: In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a malicious broker sends a crafted SUBACK packet with no reason codes, a client using libmosquitto may make out of bounds memory access when acting in its on_subscribe callback. This affects the mosquitto_sub and mosquitto_rr clients. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 7.2 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-10525 LAYER: meta-networking PACKAGE NAME: mosquitto PACKAGE VERSION: 2.0.20 CVE: CVE-2024-3935 CVE STATUS: Patched CVE SUMMARY: In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to create an outgoing bridge connection, and that bridge connection has an incoming topic configured that makes use of topic remapping, then if the remote connection sends a crafted PUBLISH packet to the broker a double free will occur with a subsequent crash of the broker. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 6.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-3935 LAYER: meta-networking PACKAGE NAME: mosquitto PACKAGE VERSION: 2.0.20 CVE: CVE-2024-8376 CVE STATUS: Patched CVE SUMMARY: In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 7.2 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-8376 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2004-2531 CVE STATUS: Patched CVE SUMMARY: X.509 Certificate Signature Verification in Gnu transport layer security library (GnuTLS) 1.0.16 allows remote attackers to cause a denial of service (CPU consumption) via certificates containing long chains and signed with large RSA keys. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-2531 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2005-1431 CVE STATUS: Patched CVE SUMMARY: The "record packet parsing" in GnuTLS 1.2 before 1.2.3 and 1.0 before 1.0.25 allows remote attackers to cause a denial of service, possibly related to padding bytes in gnutils_cipher.c. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-1431 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2006-4790 CVE STATUS: Patched CVE SUMMARY: verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from correctly verifying X.509 and other certificates that use PKCS, a variant of CVE-2006-4339. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-4790 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2006-7239 CVE STATUS: Patched CVE SUMMARY: The _gnutls_x509_oid2mac_algorithm function in lib/gnutls_algorithms.c in GnuTLS before 1.4.2 allows remote attackers to cause a denial of service (crash) via a crafted X.509 certificate that uses a hash algorithm that is not supported by GnuTLS, which triggers a NULL pointer dereference. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-7239 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2008-1948 CVE STATUS: Patched CVE SUMMARY: The _gnutls_server_name_recv_params function in lib/ext_server_name.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message during extension handling, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a zero value for the length of Server Names, which leads to a buffer overflow in session resumption data in the pack_security_parameters function, aka GNUTLS-SA-2008-1-1. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1948 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2008-1949 CVE STATUS: Patched CVE SUMMARY: The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service (NULL dereference and crash) via a TLS message containing multiple Client Hello messages, aka GNUTLS-SA-2008-1-2. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1949 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2008-1950 CVE STATUS: Patched CVE SUMMARY: Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Client Hello message within a TLS record with an invalid Record Length, which leads to an invalid cipher padding length, aka GNUTLS-SA-2008-1-3. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1950 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2008-2377 CVE STATUS: Patched CVE SUMMARY: Use-after-free vulnerability in the _gnutls_handshake_hash_buffers_clear function in lib/gnutls_handshake.c in libgnutls in GnuTLS 2.3.5 through 2.4.0 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via TLS transmission of data that is improperly used when the peer calls gnutls_handshake within a normal session, leading to attempted access to a deallocated libgcrypt handle. CVSS v2 BASE SCORE: 7.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-2377 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2008-4989 CVE STATUS: Patched CVE SUMMARY: The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN). CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-4989 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2009-1415 CVE STATUS: Patched CVE SUMMARY: lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a malformed DSA key that triggers a (1) free of an uninitialized pointer or (2) double free. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-1415 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2009-1416 CVE STATUS: Patched CVE SUMMARY: lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-1416 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2009-1417 CVE STATUS: Patched CVE SUMMARY: gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-1417 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2009-2409 CVE STATUS: Patched CVE SUMMARY: The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-2409 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2009-2730 CVE STATUS: Patched CVE SUMMARY: libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-2730 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2009-3555 CVE STATUS: Patched CVE SUMMARY: The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-3555 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2009-5138 CVE STATUS: Patched CVE SUMMARY: GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates, a different vulnerability than CVE-2014-1959. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-5138 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2010-0731 CVE STATUS: Patched CVE SUMMARY: The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list (CRL) check and cause a stack-based buffer overflow via a crafted X.509 certificate, related to extraction of a serial number. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-0731 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2011-4128 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service (application crash) via a large SessionTicket. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-4128 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2012-0390 CVE STATUS: Patched CVE SUMMARY: The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related issue to CVE-2011-4108. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0390 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2012-1569 CVE STATUS: Patched CVE SUMMARY: The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1569 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2012-1573 CVE STATUS: Patched CVE SUMMARY: gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1573 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2012-1663 CVE STATUS: Patched CVE SUMMARY: Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted certificate list. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1663 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2013-1619 CVE STATUS: Patched CVE SUMMARY: The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1619 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2013-2116 CVE STATUS: Patched CVE SUMMARY: The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service (buffer over-read and crash) via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2116 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2013-4466 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the dane_query_tlsa function in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.15 and 3.2.x before 3.2.5 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4466 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2013-4487 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries. NOTE: this issue is due to an incomplete fix for CVE-2013-4466. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4487 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2014-0092 CVE STATUS: Patched CVE SUMMARY: lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0092 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2014-1959 CVE STATUS: Patched CVE SUMMARY: lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-1959 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2014-3465 CVE STATUS: Patched CVE SUMMARY: The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted X.509 certificate, related to a missing LDAP description for an OID when printing the DN. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3465 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2014-3466 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3466 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2014-3467 CVE STATUS: Patched CVE SUMMARY: Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3467 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2014-3468 CVE STATUS: Patched CVE SUMMARY: The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3468 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2014-3469 CVE STATUS: Patched CVE SUMMARY: The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3469 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2014-8155 CVE STATUS: Patched CVE SUMMARY: GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate that is (1) not yet valid or (2) no longer valid. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8155 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2014-8564 CVE STATUS: Patched CVE SUMMARY: The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate signing requests (CSR), related to generating key IDs. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8564 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2015-0282 CVE STATUS: Patched CVE SUMMARY: GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via unspecified vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0282 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2015-0294 CVE STATUS: Patched CVE SUMMARY: GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0294 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2015-3308 CVE STATUS: Patched CVE SUMMARY: Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3308 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2015-6251 CVE STATUS: Patched CVE SUMMARY: Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-6251 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2015-8313 CVE STATUS: Patched CVE SUMMARY: GnuTLS incorrectly validates the first byte of padding in CBC modes CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8313 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2016-4456 CVE STATUS: Patched CVE SUMMARY: The "GNUTLS_KEYLOGFILE" environment variable in gnutls 3.4.12 allows remote attackers to overwrite and corrupt arbitrary files in the filesystem. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4456 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2016-7444 CVE STATUS: Patched CVE SUMMARY: The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7444 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2017-5334 CVE STATUS: Patched CVE SUMMARY: Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5334 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2017-5335 CVE STATUS: Patched CVE SUMMARY: The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5335 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2017-5336 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5336 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2017-5337 CVE STATUS: Patched CVE SUMMARY: Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5337 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2017-7507 CVE STATUS: Patched CVE SUMMARY: GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7507 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2017-7869 CVE STATUS: Patched CVE SUMMARY: GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7869 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2018-10844 CVE STATUS: Patched CVE SUMMARY: It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-10844 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2018-10845 CVE STATUS: Patched CVE SUMMARY: It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-10845 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2018-10846 CVE STATUS: Patched CVE SUMMARY: A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-10846 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2018-16868 CVE STATUS: Patched CVE SUMMARY: A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 4.7 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16868 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2019-3829 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-3829 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2019-3836 CVE STATUS: Patched CVE SUMMARY: It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-3836 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2020-11501 CVE STATUS: Patched CVE SUMMARY: GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks the security guarantees of the DTLS protocol. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 7.4 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-11501 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2020-13777 CVE STATUS: Patched CVE SUMMARY: GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 7.4 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-13777 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2020-24659 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-24659 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2021-20231 CVE STATUS: Patched CVE SUMMARY: A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-20231 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2021-20232 CVE STATUS: Patched CVE SUMMARY: A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-20232 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2021-4209 CVE STATUS: Patched CVE SUMMARY: A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4209 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2022-2509 CVE STATUS: Patched CVE SUMMARY: A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2509 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2023-0361 CVE STATUS: Patched CVE SUMMARY: A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.4 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0361 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2023-5981 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-5981 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2024-0553 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-0553 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2024-0567 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-0567 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2024-12243 CVE STATUS: Patched CVE SUMMARY: A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-12243 LAYER: meta PACKAGE NAME: libsoup-2.4 PACKAGE VERSION: 2.74.3 CVE: CVE-2006-5876 CVE STATUS: Patched CVE SUMMARY: The soup_headers_parse function in soup-headers.c for libsoup HTTP library before 2.2.99 allows remote attackers to cause a denial of service (crash) via malformed HTTP headers, probably involving missing fields or values. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-5876 LAYER: meta PACKAGE NAME: libsoup-2.4 PACKAGE VERSION: 2.74.3 CVE: CVE-2009-0585 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the soup_base64_encode function in soup-misc.c in libsoup 2.x.x before 2.2.x, and 2.x before 2.24, allows context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-0585 LAYER: meta PACKAGE NAME: libsoup-2.4 PACKAGE VERSION: 2.74.3 CVE: CVE-2011-2524 CVE STATUS: Patched CVE SUMMARY: Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in a URI. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-2524 LAYER: meta PACKAGE NAME: libsoup-2.4 PACKAGE VERSION: 2.74.3 CVE: CVE-2012-2132 CVE STATUS: Patched CVE SUMMARY: libsoup 2.32.2 and earlier does not validate certificates or clear the trust flag when the ssl-ca-file does not exist, which allows remote attackers to bypass authentication by connecting with a SSL connection. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2132 LAYER: meta PACKAGE NAME: libsoup-2.4 PACKAGE VERSION: 2.74.3 CVE: CVE-2017-2885 CVE STATUS: Patched CVE SUMMARY: An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-2885 LAYER: meta PACKAGE NAME: libsoup-2.4 PACKAGE VERSION: 2.74.3 CVE: CVE-2018-11713 CVE STATUS: Patched CVE SUMMARY: WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without libsoup 2.62.0, unexpectedly failed to use system proxy settings for WebSocket connections. As a result, users could be deanonymized by crafted web sites via a WebSocket connection. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11713 LAYER: meta PACKAGE NAME: libsoup-2.4 PACKAGE VERSION: 2.74.3 CVE: CVE-2018-12910 CVE STATUS: Patched CVE SUMMARY: The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-12910 LAYER: meta PACKAGE NAME: libsoup-2.4 PACKAGE VERSION: 2.74.3 CVE: CVE-2019-17266 CVE STATUS: Patched CVE SUMMARY: libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer over-read because soup_ntlm_parse_challenge() in soup-auth-ntlm.c does not properly check an NTLM message's length before proceeding with a memcpy. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-17266 LAYER: meta PACKAGE NAME: libx11 PACKAGE VERSION: 1_1.8.9 CVE: CVE-2006-5397 CVE STATUS: Patched CVE SUMMARY: The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2 and 1.0.3 opens a file for reading twice using the same file descriptor, which causes a file descriptor leak that allows local users to read files specified by the XCOMPOSEFILE environment variable via the duplicate file descriptor. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-5397 LAYER: meta PACKAGE NAME: libx11 PACKAGE VERSION: 1_1.8.9 CVE: CVE-2007-1667 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-1667 LAYER: meta PACKAGE NAME: libx11 PACKAGE VERSION: 1_1.8.9 CVE: CVE-2013-1981 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XQueryFont, (2) _XF86BigfontQueryFont, (3) XListFontsWithInfo, (4) XGetMotionEvents, (5) XListHosts, (6) XGetModifierMapping, (7) XGetPointerMapping, (8) XGetKeyboardMapping, (9) XGetWindowProperty, (10) XGetImage, (11) LoadColornameDB, (12) XrmGetFileDatabase, (13) _XimParseStringFile, or (14) TransFileName functions. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1981 LAYER: meta PACKAGE NAME: libx11 PACKAGE VERSION: 1_1.8.9 CVE: CVE-2013-1997 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XAllocColorCells, (2) _XkbReadGetDeviceInfoReply, (3) _XkbReadGeomShapes, (4) _XkbReadGetGeometryReply, (5) _XkbReadKeySyms, (6) _XkbReadKeyActions, (7) _XkbReadKeyBehaviors, (8) _XkbReadModifierMap, (9) _XkbReadExplicitComponents, (10) _XkbReadVirtualModMap, (11) _XkbReadGetNamesReply, (12) _XkbReadGetMapReply, (13) _XimXGetReadData, (14) XListFonts, (15) XListExtensions, and (16) XGetFontPath functions. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1997 LAYER: meta PACKAGE NAME: libx11 PACKAGE VERSION: 1_1.8.9 CVE: CVE-2013-2004 CVE STATUS: Patched CVE SUMMARY: The (1) GetDatabase and (2) _XimParseStringFile functions in X.org libX11 1.5.99.901 (1.6 RC1) and earlier do not restrict the recursion depth when processing directives to include files, which allows X servers to cause a denial of service (stack consumption) via a crafted file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2004 LAYER: meta PACKAGE NAME: libx11 PACKAGE VERSION: 1_1.8.9 CVE: CVE-2013-7439 CVE STATUS: Patched CVE SUMMARY: Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allow remote attackers to have unspecified impact via a crafted request, which triggers a buffer overflow. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-7439 LAYER: meta PACKAGE NAME: libx11 PACKAGE VERSION: 1_1.8.9 CVE: CVE-2016-7942 CVE STATUS: Patched CVE SUMMARY: The XGetImage function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving image type and geometry, which triggers out-of-bounds read operations. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7942 LAYER: meta PACKAGE NAME: libx11 PACKAGE VERSION: 1_1.8.9 CVE: CVE-2016-7943 CVE STATUS: Patched CVE SUMMARY: The XListFonts function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving length fields, which trigger out-of-bounds write operations. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7943 LAYER: meta PACKAGE NAME: libx11 PACKAGE VERSION: 1_1.8.9 CVE: CVE-2018-14598 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14598 LAYER: meta PACKAGE NAME: libx11 PACKAGE VERSION: 1_1.8.9 CVE: CVE-2018-14599 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14599 LAYER: meta PACKAGE NAME: libx11 PACKAGE VERSION: 1_1.8.9 CVE: CVE-2018-14600 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c interprets a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code execution. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14600 LAYER: meta PACKAGE NAME: libx11 PACKAGE VERSION: 1_1.8.9 CVE: CVE-2020-14344 CVE STATUS: Patched CVE SUMMARY: An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are shipped with Red Hat Enterprise Linux. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 6.7 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-14344 LAYER: meta PACKAGE NAME: libx11 PACKAGE VERSION: 1_1.8.9 CVE: CVE-2020-14363 CVE STATUS: Patched CVE SUMMARY: An integer overflow vulnerability leading to a double-free was found in libX11. This flaw allows a local privileged attacker to cause an application compiled with libX11 to crash, or in some cases, result in arbitrary code execution. The highest threat from this flaw is to confidentiality, integrity as well as system availability. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-14363 LAYER: meta PACKAGE NAME: libx11 PACKAGE VERSION: 1_1.8.9 CVE: CVE-2021-31535 CVE STATUS: Patched CVE SUMMARY: LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. The libX11 XLookupColor request (intended for server-side color lookup) contains a flaw allowing a client to send color-name requests with a name longer than the maximum size allowed by the protocol (and also longer than the maximum packet size for normal-sized packets). The user-controlled data exceeding the maximum size is then interpreted by the server as additional X protocol requests and executed, e.g., to disable X server authorization completely. For example, if the victim encounters malicious terminal control sequences for color codes, then the attacker may be able to take full control of the running graphical session. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-31535 LAYER: meta PACKAGE NAME: libx11 PACKAGE VERSION: 1_1.8.9 CVE: CVE-2023-3138 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-3138 LAYER: meta PACKAGE NAME: libx11 PACKAGE VERSION: 1_1.8.9 CVE: CVE-2023-43785 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-43785 LAYER: meta PACKAGE NAME: libx11 PACKAGE VERSION: 1_1.8.9 CVE: CVE-2023-43786 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-43786 LAYER: meta PACKAGE NAME: libx11 PACKAGE VERSION: 1_1.8.9 CVE: CVE-2023-43787 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-43787 LAYER: meta PACKAGE NAME: pango PACKAGE VERSION: 1.52.1 CVE: CVE-2009-1194 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow, as demonstrated by a long document.location value in Firefox. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-1194 LAYER: meta PACKAGE NAME: pango PACKAGE VERSION: 1.52.1 CVE: CVE-2010-0421 CVE STATUS: Patched CVE SUMMARY: Array index error in the hb_ot_layout_build_glyph_classes function in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted font file, related to building a synthetic Glyph Definition (aka GDEF) table by using this font's charmap and the Unicode property database. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-0421 LAYER: meta PACKAGE NAME: pango PACKAGE VERSION: 1.52.1 CVE: CVE-2011-0020 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object. CVSS v2 BASE SCORE: 7.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-0020 LAYER: meta PACKAGE NAME: pango PACKAGE VERSION: 1.52.1 CVE: CVE-2011-0064 CVE STATUS: Patched CVE SUMMARY: The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-0064 LAYER: meta PACKAGE NAME: pango PACKAGE VERSION: 1.52.1 CVE: CVE-2011-3193 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3193 LAYER: meta PACKAGE NAME: pango PACKAGE VERSION: 1.52.1 CVE: CVE-2018-15120 CVE STATUS: Patched CVE SUMMARY: libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-15120 LAYER: meta PACKAGE NAME: pango PACKAGE VERSION: 1.52.1 CVE: CVE-2019-1010238 CVE STATUS: Patched CVE SUMMARY: Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-1010238 LAYER: meta-oe PACKAGE NAME: linuxptp PACKAGE VERSION: 4.1 CVE: CVE-2021-3570 CVE STATUS: Patched CVE SUMMARY: A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This flaw affects linuxptp versions before 3.1.1, before 2.0.1, before 1.9.3, before 1.8.1, before 1.7.1, before 1.6.1 and before 1.5.1. CVSS v2 BASE SCORE: 8.0 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3570 LAYER: meta-oe PACKAGE NAME: linuxptp PACKAGE VERSION: 4.1 CVE: CVE-2021-3571 CVE STATUS: Patched CVE SUMMARY: A flaw was found in the ptp4l program of the linuxptp package. When ptp4l is operating on a little-endian architecture as a PTP transparent clock, a remote attacker could send a crafted one-step sync message to cause an information leak or crash. The highest threat from this vulnerability is to data confidentiality and system availability. This flaw affects linuxptp versions before 3.1.1 and before 2.0.1. CVSS v2 BASE SCORE: 5.5 CVSS v3 BASE SCORE: 7.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3571 LAYER: meta-oe PACKAGE NAME: linuxptp PACKAGE VERSION: 4.1 CVE: CVE-2024-42861 CVE STATUS: Unpatched CVE SUMMARY: An issue in IEEE 802.1AS linuxptp v.4.2 and before allowing a remote attacker to cause a denial of service via a crafted Pdelay_Req message to the time synchronization function CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-42861 LAYER: meta PACKAGE NAME: sysstat PACKAGE VERSION: 12.7.5 CVE: CVE-2004-0107 CVE STATUS: Patched CVE SUMMARY: The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier allow local users to overwrite arbitrary files via symlink attacks on temporary files, a different vulnerability than CVE-2004-0108. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0107 LAYER: meta PACKAGE NAME: sysstat PACKAGE VERSION: 12.7.5 CVE: CVE-2004-0108 CVE STATUS: Patched CVE SUMMARY: The isag utility, which processes sysstat data, allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CAN-2004-0107. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0108 LAYER: meta PACKAGE NAME: sysstat PACKAGE VERSION: 12.7.5 CVE: CVE-2007-3852 CVE STATUS: Patched CVE SUMMARY: The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates /tmp/sysstat.run insecurely, which allows local users to execute arbitrary code. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-3852 LAYER: meta PACKAGE NAME: sysstat PACKAGE VERSION: 12.7.5 CVE: CVE-2018-19416 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in sysstat 12.1.1. The remap_struct function in sa_common.c has an out-of-bounds read during a memmove call, as demonstrated by sadf. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19416 LAYER: meta PACKAGE NAME: sysstat PACKAGE VERSION: 12.7.5 CVE: CVE-2018-19517 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in sysstat 12.1.1. The remap_struct function in sa_common.c has an out-of-bounds read during a memset call, as demonstrated by sadf. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19517 LAYER: meta PACKAGE NAME: sysstat PACKAGE VERSION: 12.7.5 CVE: CVE-2019-16167 CVE STATUS: Patched CVE SUMMARY: sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-16167 LAYER: meta PACKAGE NAME: sysstat PACKAGE VERSION: 12.7.5 CVE: CVE-2019-19725 CVE STATUS: Patched CVE SUMMARY: sysstat through 12.2.0 has a double free in check_file_actlst in sa_common.c. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-19725 LAYER: meta PACKAGE NAME: sysstat PACKAGE VERSION: 12.7.5 CVE: CVE-2022-39377 CVE STATUS: Patched CVE SUMMARY: sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocated for the buffer representing system activities. This issue may lead to Remote Code Execution (RCE). This issue has been patched in version 12.7.1. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-39377 LAYER: meta PACKAGE NAME: sysstat PACKAGE VERSION: 12.7.5 CVE: CVE-2023-33204 CVE STATUS: Patched CVE SUMMARY: sysstat through 12.7.2 allows a multiplication integer overflow in check_overflow in common.c. NOTE: this issue exists because of an incomplete fix for CVE-2022-39377. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-33204 LAYER: meta PACKAGE NAME: gcc-sanitizers PACKAGE VERSION: 13.3.0 CVE: CVE-1999-1439 CVE STATUS: Patched CVE SUMMARY: gcc 2.7.2 allows local users to overwrite arbitrary files via a symlink attack on temporary .i, .s, or .o files. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-1999-1439 LAYER: meta PACKAGE NAME: gcc-sanitizers PACKAGE VERSION: 13.3.0 CVE: CVE-2000-1219 CVE STATUS: Patched CVE SUMMARY: The -ftrapv compiler option in gcc and g++ 3.3.3 and earlier does not handle all types of integer overflows, which may leave applications vulnerable to vulnerabilities related to overflows. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2000-1219 LAYER: meta PACKAGE NAME: gcc-sanitizers PACKAGE VERSION: 13.3.0 CVE: CVE-2002-2439 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the new[] operator in gcc before 4.8.0 allows attackers to have unspecified impacts. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-2439 LAYER: meta PACKAGE NAME: gcc-sanitizers PACKAGE VERSION: 13.3.0 CVE: CVE-2006-1902 CVE STATUS: Patched CVE SUMMARY: fold_binary in fold-const.c in GNU Compiler Collection (gcc) 4.1 improperly handles pointer overflow when folding a certain expr comparison to a corresponding offset comparison in cases other than EQ_EXPR and NE_EXPR, which might introduce buffer overflow vulnerabilities into applications that could be exploited by context-dependent attackers.NOTE: the vendor states that the essence of the issue is "not correctly interpreting an offset to a pointer as a signed value." CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-1902 LAYER: meta PACKAGE NAME: gcc-sanitizers PACKAGE VERSION: 13.3.0 CVE: CVE-2008-1367 CVE STATUS: Patched CVE SUMMARY: gcc 4.3.x does not generate a cld instruction while compiling functions used for string manipulation such as memcpy and memmove on x86 and i386, which can prevent the direction flag (DF) from being reset in violation of ABI conventions and cause data to be copied in the wrong direction during signal handling in the Linux kernel, which might allow context-dependent attackers to trigger memory corruption. NOTE: this issue was originally reported for CPU consumption in SBCL. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1367 LAYER: meta PACKAGE NAME: gcc-sanitizers PACKAGE VERSION: 13.3.0 CVE: CVE-2008-1685 CVE STATUS: Patched CVE SUMMARY: gcc 4.2.0 through 4.3.0 in GNU Compiler Collection, when casts are not used, considers the sum of a pointer and an int to be greater than or equal to the pointer, which might lead to removal of length testing code that was intended as a protection mechanism against integer overflow and buffer overflow attacks, and provide no diagnostic message about this removal. NOTE: the vendor has determined that this compiler behavior is correct according to section 6.5.6 of the C99 standard (aka ISO/IEC 9899:1999) CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1685 LAYER: meta PACKAGE NAME: gcc-sanitizers PACKAGE VERSION: 13.3.0 CVE: CVE-2013-4598 CVE STATUS: Patched CVE SUMMARY: The Groups, Communities and Co (GCC) module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permission, which allows remote attackers to access the configuration pages via unspecified vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4598 LAYER: meta PACKAGE NAME: gcc-sanitizers PACKAGE VERSION: 13.3.0 CVE: CVE-2015-5276 CVE STATUS: Patched CVE SUMMARY: The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5276 LAYER: meta PACKAGE NAME: gcc-sanitizers PACKAGE VERSION: 13.3.0 CVE: CVE-2017-11671 CVE STATUS: Patched CVE SUMMARY: Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 4.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11671 LAYER: meta PACKAGE NAME: gcc-sanitizers PACKAGE VERSION: 13.3.0 CVE: CVE-2018-12886 CVE STATUS: Patched CVE SUMMARY: stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-12886 LAYER: meta PACKAGE NAME: gcc-sanitizers PACKAGE VERSION: 13.3.0 CVE: CVE-2019-15847 CVE STATUS: Patched CVE SUMMARY: The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-15847 LAYER: meta PACKAGE NAME: gcc-sanitizers PACKAGE VERSION: 13.3.0 CVE: CVE-2021-37322 CVE STATUS: Ignored CVE DETAIL: cpe-incorrect CVE DESCRIPTION: Is a binutils 2.26 issue, not gcc CVE SUMMARY: GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via the component cplus-dem.c. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-37322 LAYER: meta PACKAGE NAME: gcc-sanitizers PACKAGE VERSION: 13.3.0 CVE: CVE-2021-3826 CVE STATUS: Patched CVE SUMMARY: Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3826 LAYER: meta PACKAGE NAME: gcc-sanitizers PACKAGE VERSION: 13.3.0 CVE: CVE-2021-46195 CVE STATUS: Patched CVE SUMMARY: GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-46195 LAYER: meta PACKAGE NAME: gcc-sanitizers PACKAGE VERSION: 13.3.0 CVE: CVE-2022-27943 CVE STATUS: Patched CVE SUMMARY: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-27943 LAYER: meta PACKAGE NAME: gcc-sanitizers PACKAGE VERSION: 13.3.0 CVE: CVE-2023-4039 CVE STATUS: Patched CVE DETAIL: fixed-version CVE DESCRIPTION: Fixed via CVE-2023-4039.patch included here. Set the status explictly to deal with all recipes that share the gcc-source CVE SUMMARY: **DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables. The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4039 LAYER: meta PACKAGE NAME: libslirp PACKAGE VERSION: 4.7.0 CVE: CVE-2019-14378 CVE STATUS: Patched CVE SUMMARY: ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-14378 LAYER: meta PACKAGE NAME: libslirp PACKAGE VERSION: 4.7.0 CVE: CVE-2019-15890 CVE STATUS: Patched CVE SUMMARY: libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-15890 LAYER: meta PACKAGE NAME: libslirp PACKAGE VERSION: 4.7.0 CVE: CVE-2020-10756 CVE STATUS: Patched CVE SUMMARY: An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory, resulting in possible information disclosure. This flaw affects versions of libslirp before 4.3.1. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-10756 LAYER: meta PACKAGE NAME: libslirp PACKAGE VERSION: 4.7.0 CVE: CVE-2020-1983 CVE STATUS: Patched CVE SUMMARY: A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-1983 LAYER: meta PACKAGE NAME: libslirp PACKAGE VERSION: 4.7.0 CVE: CVE-2020-29129 CVE STATUS: Patched CVE SUMMARY: ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 4.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-29129 LAYER: meta PACKAGE NAME: libslirp PACKAGE VERSION: 4.7.0 CVE: CVE-2020-29130 CVE STATUS: Patched CVE SUMMARY: slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 4.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-29130 LAYER: meta PACKAGE NAME: libslirp PACKAGE VERSION: 4.7.0 CVE: CVE-2020-7039 CVE STATUS: Patched CVE SUMMARY: tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 5.6 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-7039 LAYER: meta PACKAGE NAME: libslirp PACKAGE VERSION: 4.7.0 CVE: CVE-2020-7211 CVE STATUS: Patched CVE SUMMARY: tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Windows. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-7211 LAYER: meta PACKAGE NAME: libslirp PACKAGE VERSION: 4.7.0 CVE: CVE-2020-8608 CVE STATUS: Patched CVE SUMMARY: In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 5.6 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-8608 LAYER: meta PACKAGE NAME: libslirp PACKAGE VERSION: 4.7.0 CVE: CVE-2021-3592 CVE STATUS: Patched CVE SUMMARY: An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malicious guest could use this flaw to leak 10 bytes of uninitialized heap memory from the host. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 3.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3592 LAYER: meta PACKAGE NAME: libslirp PACKAGE VERSION: 4.7.0 CVE: CVE-2021-3593 CVE STATUS: Patched CVE SUMMARY: An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 3.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3593 LAYER: meta PACKAGE NAME: libslirp PACKAGE VERSION: 4.7.0 CVE: CVE-2021-3594 CVE STATUS: Patched CVE SUMMARY: An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 3.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3594 LAYER: meta PACKAGE NAME: libslirp PACKAGE VERSION: 4.7.0 CVE: CVE-2021-3595 CVE STATUS: Patched CVE SUMMARY: An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the 'tftp_t' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 3.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3595 LAYER: meta PACKAGE NAME: blktrace PACKAGE VERSION: 1.3.0+git CVE: CVE-2018-10689 CVE STATUS: Patched CVE SUMMARY: blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux kernel and Android, has a buffer overflow in the dev_map_read function in btt/devmap.c because the device and devno arrays are too small, as demonstrated by an invalid free when using the btt program with a crafted file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-10689 LAYER: meta PACKAGE NAME: socat PACKAGE VERSION: 1.8.0.0 CVE: CVE-2004-1484 CVE STATUS: Patched CVE SUMMARY: Format string vulnerability in the _msg function in error.c in socat 1.4.0.3 and earlier, when used as an HTTP proxy client and run with the -ly option, allows remote attackers or local users to execute arbitrary code via format string specifiers in a syslog message. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-1484 LAYER: meta PACKAGE NAME: socat PACKAGE VERSION: 1.8.0.0 CVE: CVE-2010-2799 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the nestlex function in nestlex.c in Socat 1.5.0.0 through 1.7.1.2 and 2.0.0-b1 through 2.0.0-b3, when bidirectional data relay is enabled, allows context-dependent attackers to execute arbitrary code via long command-line arguments. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2799 LAYER: meta PACKAGE NAME: socat PACKAGE VERSION: 1.8.0.0 CVE: CVE-2012-0219 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the xioscan_readline function in xio-readline.c in socat 1.4.0.0 through 1.7.2.0 and 2.0.0-b1 through 2.0.0-b4 allows local users to execute arbitrary code via the READLINE address. CVSS v2 BASE SCORE: 6.2 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0219 LAYER: meta PACKAGE NAME: socat PACKAGE VERSION: 1.8.0.0 CVE: CVE-2013-3571 CVE STATUS: Patched CVE SUMMARY: socat 1.2.0.0 before 1.7.2.2 and 2.0.0-b1 before 2.0.0-b6, when used for a listen type address and the fork option is enabled, allows remote attackers to cause a denial of service (file descriptor consumption) via multiple request that are refused based on the (1) sourceport, (2) lowport, (3) range, or (4) tcpwrap restrictions. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-3571 LAYER: meta PACKAGE NAME: socat PACKAGE VERSION: 1.8.0.0 CVE: CVE-2014-0019 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in socat 1.3.0.0 through 1.7.2.2 and 2.0.0-b1 through 2.0.0-b6 allows local users to cause a denial of service (segmentation fault) via a long server name in the PROXY-CONNECT address in the command line. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0019 LAYER: meta PACKAGE NAME: socat PACKAGE VERSION: 1.8.0.0 CVE: CVE-2015-1379 CVE STATUS: Patched CVE SUMMARY: The signal handler implementations in socat before 1.7.3.0 and 2.0.0-b8 allow remote attackers to cause a denial of service (process freeze or crash). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1379 LAYER: meta PACKAGE NAME: socat PACKAGE VERSION: 1.8.0.0 CVE: CVE-2016-2217 CVE STATUS: Patched CVE SUMMARY: The OpenSSL address implementation in Socat 1.7.3.0 and 2.0.0-b8 does not use a prime number for the DH, which makes it easier for remote attackers to obtain the shared secret. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2217 LAYER: meta PACKAGE NAME: socat PACKAGE VERSION: 1.8.0.0 CVE: CVE-2024-54661 CVE STATUS: Patched CVE SUMMARY: readline.sh in socat before1.8.0.2 relies on the /tmp/$USER/stderr2 file. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-54661 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-1999-0155 CVE STATUS: Patched CVE SUMMARY: The ghostscript command with the -dSAFER option allows remote attackers to execute commands. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-1999-0155 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2000-1162 CVE STATUS: Patched CVE SUMMARY: ghostscript before 5.10-16 allows local users to overwrite files of other users via a symlink attack. CVSS v2 BASE SCORE: 3.7 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2000-1162 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2000-1163 CVE STATUS: Patched CVE SUMMARY: ghostscript before 5.10-16 uses an empty LD_RUN_PATH environmental variable to find libraries in the current directory, which could allow local users to execute commands as other users by placing a Trojan horse library into a directory from which another user executes ghostscript. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2000-1163 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2001-1353 CVE STATUS: Patched CVE SUMMARY: ghostscript before 6.51 allows local users to read and write arbitrary files as the 'lp' user via the file operator, even with -dSAFER enabled. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2001-1353 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2002-0363 CVE STATUS: Patched CVE SUMMARY: ghostscript before 6.53 allows attackers to execute arbitrary commands by using .locksafe or .setsafe to reset the current pagedevice. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-0363 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2004-0967 CVE STATUS: Patched CVE SUMMARY: The (1) pj-gs.sh, (2) ps2epsi, (3) pv.sh, and (4) sysvlp.sh scripts in the ESP Ghostscript (espgs) package in Trustix Secure Linux 1.5 through 2.1, and other operating systems, allow local users to overwrite files via a symlink attack on temporary files. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0967 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2008-0411 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the zseticcspace function in zicc.c in Ghostscript 8.61 and earlier allows remote attackers to execute arbitrary code via a postscript (.ps) file containing a long Range array in a .seticcspace operator. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-0411 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2008-6679 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the BaseFont writer module in Ghostscript 8.62, and possibly other versions, allows remote attackers to cause a denial of service (ps2pdf crash) and possibly execute arbitrary code via a crafted Postscript file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-6679 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2009-0196 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the big2_decode_symbol_dict function (jbig2_symbol_dict.c) in the JBIG2 decoding library (jbig2dec) in Ghostscript 8.64, and probably earlier versions, allows remote attackers to execute arbitrary code via a PDF file with a JBIG2 symbol dictionary segment with a large run length value. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-0196 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2009-0583 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain "native color space," related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-0583 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2009-0584 CVE STATUS: Patched CVE SUMMARY: icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using a device file for processing a crafted image file associated with large integer values for certain sizes, related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-0584 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2009-0792 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain "native color space," related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images. NOTE: this issue exists because of an incomplete fix for CVE-2009-0583. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-0792 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2009-3743 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the Ins_MINDEX function in the TrueType bytecode interpreter in Ghostscript before 8.71 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a malformed TrueType font in a document that trigger an integer overflow and a heap-based buffer overflow. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-3743 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2009-4270 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the errprintf function in base/gsmisc.c in ghostscript 8.64 through 8.70 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file, as originally reported for debug logging code in gdevcups.c in the CUPS output driver. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-4270 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2009-4897 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in gs/psi/iscan.c in Ghostscript 8.64 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document containing a long name. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-4897 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2010-1628 CVE STATUS: Patched CVE SUMMARY: Ghostscript 8.64, 8.70, and possibly other versions allows context-dependent attackers to execute arbitrary code via a PostScript file containing unlimited recursive procedure invocations, which trigger memory corruption in the stack of the interpreter. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-1628 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2010-1869 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the parser function in GhostScript 8.70 and 8.64 allows context-dependent attackers to execute arbitrary code via a crafted PostScript file. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-1869 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2010-2055 CVE STATUS: Patched CVE SUMMARY: Ghostscript 8.71 and earlier reads initialization files from the current working directory, which allows local users to execute arbitrary PostScript commands via a Trojan horse file, related to improper support for the -P- option to the gs program, as demonstrated using gs_init.ps, a different vulnerability than CVE-2010-4820. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2055 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2010-4054 CVE STATUS: Patched CVE SUMMARY: The gs_type2_interpret function in Ghostscript allows remote attackers to cause a denial of service (incorrect pointer dereference and application crash) via crafted font data in a compressed data stream, aka bug 691043. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-4054 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2010-4820 CVE STATUS: Patched CVE SUMMARY: Untrusted search path vulnerability in Ghostscript 8.62 allows local users to execute arbitrary PostScript code via a Trojan horse Postscript library file in Encoding/ under the current working directory, a different vulnerability than CVE-2010-2055. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-4820 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2012-4405 CVE STATUS: Patched CVE SUMMARY: Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PostScript or (2) PDF file with embedded images, which triggers a heap-based buffer overflow. NOTE: this issue is also described as an array index error. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4405 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2012-4875 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in gdevwpr2.c in Ghostscript 9.04, when processing the OutputFile device parameter, allows user-assisted remote attackers to execute arbitrary code via a long file name in a PostScript document. NOTE: as of 20120314, the developer was not able to reproduce the issue and disputed it CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4875 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2013-6629 CVE STATUS: Patched CVE SUMMARY: The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-6629 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2016-10217 CVE STATUS: Patched CVE SUMMARY: The pdf14_open function in base/gdevp14.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted file that is mishandled in the color management module. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10217 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2016-10218 CVE STATUS: Patched CVE SUMMARY: The pdf14_pop_transparency_group function in base/gdevp14.c in the PDF Transparency module in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10218 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2016-10219 CVE STATUS: Patched CVE SUMMARY: The intersect function in base/gxfill.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10219 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2016-10220 CVE STATUS: Patched CVE SUMMARY: The gs_makewordimagedevice function in base/gsdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file that is mishandled in the PDF Transparency module. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10220 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2016-10317 CVE STATUS: Patched CVE SUMMARY: The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10317 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2016-7976 CVE STATUS: Patched CVE SUMMARY: The PS Interpreter in Ghostscript 9.18 and 9.20 allows remote attackers to execute arbitrary code via crafted userparams. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7976 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2016-7977 CVE STATUS: Patched CVE SUMMARY: Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7977 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2016-7978 CVE STATUS: Patched CVE SUMMARY: Use-after-free vulnerability in Ghostscript 9.20 might allow remote attackers to execute arbitrary code via vectors related to a reference leak in .setdevice. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7978 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2016-7979 CVE STATUS: Patched CVE SUMMARY: Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type confusion in .initialize_dsc_parser. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7979 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2016-8602 CVE STATUS: Patched CVE SUMMARY: The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Postscript document that calls .sethalftone5 with an empty operand stack. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-8602 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2016-9601 CVE STATUS: Patched CVE SUMMARY: ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript jbig2_decode_gray_scale_image function which is used to decode halftone segments in a JBIG2 image. A document (PostScript or PDF) with an embedded, specially crafted, jbig2 image could trigger a segmentation fault in ghostscript. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9601 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2017-11714 CVE STATUS: Patched CVE SUMMARY: psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references to the scanner state structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document, related to an out-of-bounds read in the igc_reloc_struct_ptr function in psi/igc.c. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11714 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2017-15652 CVE STATUS: Patched CVE SUMMARY: Artifex Ghostscript 9.22 is affected by: Obtain Information. The impact is: obtain sensitive information. The component is: affected source code file, affected function, affected executable, affected libga (imagemagick used that). The attack vector is: Someone must open a postscript file though ghostscript. Because of imagemagick also use libga, so it was affected as well. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15652 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2017-5951 CVE STATUS: Patched CVE SUMMARY: The mem_get_bits_rectangle function in base/gdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5951 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2017-7207 CVE STATUS: Patched CVE SUMMARY: The mem_get_bits_rectangle function in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PostScript document. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7207 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2017-7948 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the mark_curve function in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via a crafted PostScript document. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7948 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2017-8291 CVE STATUS: Patched CVE SUMMARY: Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8291 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2017-8908 CVE STATUS: Patched CVE SUMMARY: The mark_line_tr function in gxscanc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PostScript document. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8908 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2017-9611 CVE STATUS: Patched CVE SUMMARY: The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9611 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2017-9835 CVE STATUS: Patched CVE SUMMARY: The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document. This is related to a lack of an integer overflow check in base/gsalloc.c. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9835 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2018-10194 CVE STATUS: Patched CVE SUMMARY: The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-10194 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2018-11645 CVE STATUS: Patched CVE SUMMARY: psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the status command even if -dSAFER is used, which might allow remote attackers to determine the existence and size of arbitrary files, a similar issue to CVE-2016-7977. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11645 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2018-15908 CVE STATUS: Patched CVE SUMMARY: In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-15908 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2018-15909 CVE STATUS: Patched CVE SUMMARY: In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-15909 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2018-15910 CVE STATUS: Patched CVE SUMMARY: In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-15910 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2018-15911 CVE STATUS: Patched CVE SUMMARY: In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-15911 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2018-16509 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16509 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2018-16510 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Artifex Ghostscript before 9.24. Incorrect exec stack handling in the "CS" and "SC" PDF primitives could be used by remote attackers able to supply crafted PDFs to crash the interpreter or possibly have unspecified other impact. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16510 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2018-16511 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Artifex Ghostscript before 9.24. A type confusion in "ztype" could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16511 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2018-16513 CVE STATUS: Patched CVE SUMMARY: In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the setcolor function to crash the interpreter or possibly have unspecified other impact. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16513 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2018-16539 CVE STATUS: Patched CVE SUMMARY: In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16539 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2018-16540 CVE STATUS: Patched CVE SUMMARY: In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16540 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2018-16541 CVE STATUS: Patched CVE SUMMARY: In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16541 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2018-16542 CVE STATUS: Patched CVE SUMMARY: In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16542 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2018-16543 CVE STATUS: Patched CVE SUMMARY: In Artifex Ghostscript before 9.24, gssetresolution and gsgetresolution allow attackers to have an unspecified impact. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16543 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2018-16585 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Artifex Ghostscript before 9.24. The .setdistillerkeys PostScript command is accepted even though it is not intended for use during document processing (e.g., after the startup phase). This leads to memory corruption, allowing remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact. Note: A reputable source believes that the CVE is potentially a duplicate of CVE-2018-15910 as explained in Red Hat bugzilla (https://bugzilla.redhat.com/show_bug.cgi?id=1626193) CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16585 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2018-16802 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix for CVE-2018-16509. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16802 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2018-16863 CVE STATUS: Patched CVE SUMMARY: It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document. This only affects ghostscript 9.07 as shipped with Red Hat Enterprise Linux 7. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 7.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16863 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2018-17183 CVE STATUS: Patched CVE SUMMARY: Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-17183 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2018-17961 CVE STATUS: Patched CVE SUMMARY: Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.6 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-17961 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2018-18073 CVE STATUS: Patched CVE SUMMARY: Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18073 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2018-18284 CVE STATUS: Patched CVE SUMMARY: Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.6 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18284 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2018-19134 CVE STATUS: Patched CVE SUMMARY: In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. A specially crafted PostScript document could exploit this to crash Ghostscript or, possibly, execute arbitrary code in the context of the Ghostscript process. This is a type confusion issue because of failure to check whether the Implementation of a pattern dictionary was a structure type. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19134 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2018-19409 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19409 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2018-19475 CVE STATUS: Patched CVE SUMMARY: psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19475 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2018-19476 CVE STATUS: Patched CVE SUMMARY: psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19476 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2018-19477 CVE STATUS: Patched CVE SUMMARY: psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19477 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2018-19478 CVE STATUS: Patched CVE SUMMARY: In Artifex Ghostscript before 9.26, a carefully crafted PDF file can trigger an extremely long running computation when parsing the file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19478 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2019-10216 CVE STATUS: Patched CVE SUMMARY: In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-10216 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2019-14811 CVE STATUS: Patched CVE SUMMARY: A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-14811 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2019-14812 CVE STATUS: Patched CVE SUMMARY: A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-14812 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2019-14813 CVE STATUS: Patched CVE SUMMARY: A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 7.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-14813 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2019-14817 CVE STATUS: Patched CVE SUMMARY: A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-14817 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2019-14869 CVE STATUS: Patched CVE SUMMARY: A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges within the Ghostscript and access files outside of restricted areas or execute commands. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-14869 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2019-25059 CVE STATUS: Patched CVE SUMMARY: Artifex Ghostscript through 9.26 mishandles .completefont. NOTE: this issue exists because of an incomplete fix for CVE-2019-3839. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-25059 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2019-3835 CVE STATUS: Patched CVE SUMMARY: It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 7.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-3835 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2019-3838 CVE STATUS: Patched CVE SUMMARY: It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 7.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-3838 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2019-3839 CVE STATUS: Patched CVE SUMMARY: It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscript versions before 9.27 are vulnerable. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-3839 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2019-6116 CVE STATUS: Patched CVE SUMMARY: In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-6116 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2020-14373 CVE STATUS: Patched CVE SUMMARY: A use after free was found in igc_reloc_struct_ptr() of psi/igc.c of ghostscript-9.25. A local attacker could supply a specially crafted PDF file to cause a denial of service. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-14373 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2020-15900 CVE STATUS: Patched CVE SUMMARY: A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and could underflow to max uint32_t. This was fixed in commit 5d499272b95a6b890a1397e11d20937de000d31b. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-15900 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2020-16287 CVE STATUS: Patched CVE SUMMARY: A buffer overflow vulnerability in lprn_is_black() in contrib/lips4/gdevlprn.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-16287 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2020-16288 CVE STATUS: Patched CVE SUMMARY: A buffer overflow vulnerability in pj_common_print_page() in devices/gdevpjet.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-16288 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2020-16289 CVE STATUS: Patched CVE SUMMARY: A buffer overflow vulnerability in cif_print_page() in devices/gdevcif.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-16289 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2020-16290 CVE STATUS: Patched CVE SUMMARY: A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-16290 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2020-16291 CVE STATUS: Patched CVE SUMMARY: A buffer overflow vulnerability in contrib/gdevdj9.c of Artifex Software GhostScript v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-16291 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2020-16292 CVE STATUS: Patched CVE SUMMARY: A buffer overflow vulnerability in mj_raster_cmd() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-16292 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2020-16293 CVE STATUS: Patched CVE SUMMARY: A null pointer dereference vulnerability in compose_group_nonknockout_nonblend_isolated_allmask_common() in base/gxblend.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-16293 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2020-16294 CVE STATUS: Patched CVE SUMMARY: A buffer overflow vulnerability in epsc_print_page() in devices/gdevepsc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-16294 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2020-16295 CVE STATUS: Patched CVE SUMMARY: A null pointer dereference vulnerability in clj_media_size() in devices/gdevclj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-16295 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2020-16296 CVE STATUS: Patched CVE SUMMARY: A buffer overflow vulnerability in GetNumWrongData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript from v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-16296 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2020-16297 CVE STATUS: Patched CVE SUMMARY: A buffer overflow vulnerability in FloydSteinbergDitheringC() in contrib/gdevbjca.c of Artifex Software GhostScript v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-16297 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2020-16298 CVE STATUS: Patched CVE SUMMARY: A buffer overflow vulnerability in mj_color_correct() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-16298 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2020-16299 CVE STATUS: Patched CVE SUMMARY: A Division by Zero vulnerability in bj10v_print_page() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-16299 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2020-16300 CVE STATUS: Patched CVE SUMMARY: A buffer overflow vulnerability in tiff12_print_page() in devices/gdevtfnx.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-16300 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2020-16301 CVE STATUS: Patched CVE SUMMARY: A buffer overflow vulnerability in okiibm_print_page1() in devices/gdevokii.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-16301 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2020-16302 CVE STATUS: Patched CVE SUMMARY: A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. This is fixed in v9.51. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-16302 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2020-16303 CVE STATUS: Patched CVE SUMMARY: A use-after-free vulnerability in xps_finish_image_path() in devices/vector/gdevxps.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. This is fixed in v9.51. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-16303 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2020-16304 CVE STATUS: Patched CVE SUMMARY: A buffer overflow vulnerability in image_render_color_thresh() in base/gxicolor.c of Artifex Software GhostScript v9.18 to v9.50 allows a remote attacker to escalate privileges via a crafted eps file. This is fixed in v9.51. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-16304 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2020-16305 CVE STATUS: Patched CVE SUMMARY: A buffer overflow vulnerability in pcx_write_rle() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-16305 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2020-16306 CVE STATUS: Patched CVE SUMMARY: A null pointer dereference vulnerability in devices/gdevtsep.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. This is fixed in v9.51. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-16306 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2020-16307 CVE STATUS: Patched CVE SUMMARY: A null pointer dereference vulnerability in devices/vector/gdevtxtw.c and psi/zbfont.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. This is fixed in v9.51. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-16307 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2020-16308 CVE STATUS: Patched CVE SUMMARY: A buffer overflow vulnerability in p_print_image() in devices/gdevcdj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-16308 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2020-16309 CVE STATUS: Patched CVE SUMMARY: A buffer overflow vulnerability in lxm5700m_print_page() in devices/gdevlxm.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted eps file. This is fixed in v9.51. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-16309 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2020-16310 CVE STATUS: Patched CVE SUMMARY: A division by zero vulnerability in dot24_print_page() in devices/gdevdm24.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-16310 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2020-17538 CVE STATUS: Patched CVE SUMMARY: A buffer overflow vulnerability in GetNumSameData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript from v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-17538 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2020-21710 CVE STATUS: Patched CVE SUMMARY: A divide by zero issue discovered in eps_print_page in gdevepsn.c in Artifex Software GhostScript 9.50 allows remote attackers to cause a denial of service via opening of crafted PDF file. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-21710 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2020-21890 CVE STATUS: Patched CVE SUMMARY: Buffer Overflow vulnerability in clj_media_size function in devices/gdevclj.c in Artifex Ghostscript 9.50 allows remote attackers to cause a denial of service or other unspecified impact(s) via opening of crafted PDF document. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-21890 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2020-27792 CVE STATUS: Patched CVE SUMMARY: A heap-based buffer overwrite vulnerability was found in GhostScript's lp8000_print_page() function in the gdevlp8k.c file. This flaw allows an attacker to trick a user into opening a crafted PDF file, triggering the heap buffer overflow that could lead to memory corruption or a denial of service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.1 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-27792 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2020-36773 CVE STATUS: Patched CVE SUMMARY: Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a single character code in a PDF document can map to more than one Unicode code point (e.g., for a ligature). CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-36773 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2021-3781 CVE STATUS: Patched CVE SUMMARY: A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 9.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3781 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2021-45944 CVE STATUS: Patched CVE SUMMARY: Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampled_data_sample (called from sampled_data_continue and interp). CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-45944 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2021-45949 CVE STATUS: Patched CVE SUMMARY: Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish (called from sampled_data_continue and interp). CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-45949 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2022-2085 CVE STATUS: Patched CVE SUMMARY: A NULL pointer dereference vulnerability was found in Ghostscript, which occurs when it tries to render a large number of bits in memory. When allocating a buffer device, it relies on an init_device_procs defined for the device that uses it as a prototype that depends upon the number of bits per pixel. For bpp > 64, mem_x_device is used and does not have an init_device_procs defined. This flaw allows an attacker to parse a large number of bits (more than 64 bits per pixel), which triggers a NULL pointer dereference flaw, causing an application to crash. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2085 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2023-28879 CVE STATUS: Patched CVE SUMMARY: In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-28879 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2023-36664 CVE STATUS: Patched CVE SUMMARY: Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix). CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-36664 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2023-38559 CVE STATUS: Ignored CVE DETAIL: cpe-incorrect CVE DESCRIPTION: Issue only appears in versions before 10.02.0 CVE SUMMARY: A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to cause a denial of service via outputting a crafted PDF file for a DEVN device with gs. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-38559 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2023-38560 CVE STATUS: Ignored CVE DETAIL: not-applicable-config CVE DESCRIPTION: PCL isn't part of the Ghostscript release CVE SUMMARY: An integer overflow flaw was found in pcl/pl/plfont.c:418 in pl_glyph_name in ghostscript. This issue may allow a local attacker to cause a denial of service via transforming a crafted PCL file to PDF format. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-38560 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2023-4042 CVE STATUS: Patched CVE SUMMARY: A flaw was found in ghostscript. The fix for CVE-2020-16305 in ghostscript was not included in RHSA-2021:1852-06 advisory as it was claimed to be. This issue only affects the ghostscript package as shipped with Red Hat Enterprise Linux 8. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4042 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2023-43115 CVE STATUS: Patched CVE SUMMARY: In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJS server can be specified on a gs command line (the IJS device inherently must execute a command to start the IJS server). CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-43115 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2023-46751 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-46751 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2024-29506 CVE STATUS: Patched CVE SUMMARY: Artifex Ghostscript before 10.03.0 has a stack-based buffer overflow in the pdfi_apply_filter() function via a long PDF filter name. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-29506 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2024-29507 CVE STATUS: Patched CVE SUMMARY: Artifex Ghostscript before 10.03.0 sometimes has a stack-based buffer overflow via the CIDFSubstPath and CIDFSubstFont parameters. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.4 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-29507 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2024-29508 CVE STATUS: Patched CVE SUMMARY: Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function pdf_base_font_alloc. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 3.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-29508 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2024-29509 CVE STATUS: Patched CVE SUMMARY: Artifex Ghostscript before 10.03.0 has a heap-based overflow when PDFPassword (e.g., for runpdf) has a \000 byte in the middle. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-29509 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2024-29510 CVE STATUS: Patched CVE SUMMARY: Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-29510 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2024-29511 CVE STATUS: Patched CVE SUMMARY: Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, has a directory traversal issue that allows arbitrary file reading (and writing of error messages to arbitrary files) via OCRLanguage. For example, exploitation can use debug_file /tmp/out and user_patterns_file /etc/passwd. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-29511 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2024-33869 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Artifex Ghostscript before 10.03.1. Path traversal and command execution can occur (via a crafted PostScript document) because of path reduction in base/gpmisc.c. For example, restrictions on use of %pipe% can be bypassed via the aa/../%pipe%command# output filename. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-33869 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2024-33870 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Artifex Ghostscript before 10.03.1. There is path traversal (via a crafted PostScript document) to arbitrary files if the current directory is in the permitted paths. For example, there can be a transformation of ../../foo to ./../../foo and this will grant access if ./ is permitted. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.3 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-33870 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2024-33871 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp (and oprp) devices can have an arbitrary name for a dynamic library; this library is then loaded. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-33871 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2024-46951 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-46951 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2024-46952 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in pdf/pdf_xref.c in Artifex Ghostscript before 10.04.0. There is a buffer overflow during handling of a PDF XRef stream (related to W array values). CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-46952 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2024-46953 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-46953 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2024-46954 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in decode_utf8 in base/gp_utf8.c in Artifex Ghostscript before 10.04.0. Overlong UTF-8 encoding leads to possible ../ directory traversal. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-46954 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2024-46955 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bounds read when reading color in Indexed color space. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-46955 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2024-46956 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-46956 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2025-27830 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs during serialization of DollarBlend in a font, for base/write_t1.c and psi/zfapi.c. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-27830 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2025-27831 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Artifex Ghostscript before 10.05.0. The DOCXWRITE TXTWRITE device has a text buffer overflow via long characters to devices/vector/doc_common.c. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-27831 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2025-27832 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Artifex Ghostscript before 10.05.0. The NPDL device has a Compression buffer overflow for contrib/japanese/gdevnpdl.c. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-27832 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2025-27833 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs for a long TTF font name to pdf/pdf_fmap.c. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-27833 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2025-27834 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs via an oversized Type 4 function in a PDF document to pdf/pdf_func.c. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-27834 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2025-27835 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs when converting glyphs to Unicode in psi/zbfont.c. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-27835 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2025-27836 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Artifex Ghostscript before 10.05.0. The BJ10V device has a Print buffer overflow in contrib/japanese/gdev10v.c. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-27836 LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2025-27837 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Artifex Ghostscript before 10.05.0. Access to arbitrary files can occur through a truncated path with invalid UTF-8 characters, for base/gp_mswin.c and base/winrtsup.cpp. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-27837 LAYER: meta PACKAGE NAME: lz4 PACKAGE VERSION: 1_1.9.4 CVE: CVE-2014-4715 CVE STATUS: Patched CVE DETAIL: fixed-version CVE DESCRIPTION: Fixed in r118, which is larger than the current version. CVE SUMMARY: Yann Collet LZ4 before r119, when used on certain 32-bit platforms that allocate memory beyond 0x80000000, does not properly detect integer overflows, which allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted Literal Run, a different vulnerability than CVE-2014-4611. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-4715 LAYER: meta PACKAGE NAME: lz4 PACKAGE VERSION: 1_1.9.4 CVE: CVE-2019-17543 CVE STATUS: Patched CVE SUMMARY: LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states "only a few specific / uncommon usages of the API are at risk." CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-17543 LAYER: meta PACKAGE NAME: lz4 PACKAGE VERSION: 1_1.9.4 CVE: CVE-2021-3520 CVE STATUS: Patched CVE SUMMARY: There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3520 LAYER: meta PACKAGE NAME: mpg123 PACKAGE VERSION: 1.32.10 CVE: CVE-2003-0577 CVE STATUS: Patched CVE SUMMARY: mpg123 0.59r allows remote attackers to cause a denial of service and possibly execute arbitrary code via an MP3 file with a zero bitrate, which creates a negative frame size. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-0577 LAYER: meta PACKAGE NAME: mpg123 PACKAGE VERSION: 1.32.10 CVE: CVE-2003-0865 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in readstring of httpget.c for mpg123 0.59r and 0.59s allows remote attackers to execute arbitrary code via a long request. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-0865 LAYER: meta PACKAGE NAME: mpg123 PACKAGE VERSION: 1.32.10 CVE: CVE-2004-0805 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in layer2.c in mpg123 0.59r and possibly mpg123 0.59s allows remote attackers to execute arbitrary code via a certain (1) mp3 or (2) mp2 file. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0805 LAYER: meta PACKAGE NAME: mpg123 PACKAGE VERSION: 1.32.10 CVE: CVE-2004-0982 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the getauthfromURL function in httpget.c in mpg123 pre0.59s and mpg123 0.59r could allow remote attackers or local users to execute arbitrary code via an mp3 file that contains a long string before the @ (at sign) in a URL. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0982 LAYER: meta PACKAGE NAME: mpg123 PACKAGE VERSION: 1.32.10 CVE: CVE-2004-0991 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in mpg123 before 0.59s-r9 allows remote attackers to execute arbitrary code via frame headers in MP2 or MP3 files. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0991 LAYER: meta PACKAGE NAME: mpg123 PACKAGE VERSION: 1.32.10 CVE: CVE-2004-1284 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the find_next_file function in playlist.c for mpg123 0.59r allows remote attackers to execute arbitrary code via a crafted MP3 playlist. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-1284 LAYER: meta PACKAGE NAME: mpg123 PACKAGE VERSION: 1.32.10 CVE: CVE-2006-1655 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in mpg123 0.59r allow user-assisted attackers to trigger a segmentation fault and possibly have other impacts via a certain MP3 file, as demonstrated by mpg1DoS3. NOTE: this issue might be related to CVE-2004-0991, but it is not clear. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-1655 LAYER: meta PACKAGE NAME: mpg123 PACKAGE VERSION: 1.32.10 CVE: CVE-2006-3355 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in httpdget.c in mpg123 before 0.59s-rll allows remote attackers to execute arbitrary code via a long URL, which is not properly terminated before being used with the strncpy function. NOTE: This appears to be the result of an incomplete patch for CVE-2004-0982. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-3355 LAYER: meta PACKAGE NAME: mpg123 PACKAGE VERSION: 1.32.10 CVE: CVE-2007-0578 CVE STATUS: Patched CVE SUMMARY: The http_open function in httpget.c in mpg123 before 0.64 allows remote attackers to cause a denial of service (infinite loop) by closing the HTTP connection early. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-0578 LAYER: meta PACKAGE NAME: mpg123 PACKAGE VERSION: 1.32.10 CVE: CVE-2007-4397 CVE STATUS: Patched CVE SUMMARY: Multiple CRLF injection vulnerabilities in (1) xmms-thing 1.0, (2) XMMS Remote Control Script 1.07, (3) Disrok 1.0, (4) a2x 0.0.1, (5) Another xmms-info script 1.0, (6) XChat-XMMS 0.8.1, and other unspecified scripts for XChat allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-4397 LAYER: meta PACKAGE NAME: mpg123 PACKAGE VERSION: 1.32.10 CVE: CVE-2009-1301 CVE STATUS: Patched CVE SUMMARY: Integer signedness error in the store_id3_text function in the ID3v2 code in mpg123 before 1.7.2 allows remote attackers to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via an ID3 tag with a negative encoding value. NOTE: some of these details are obtained from third party information. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-1301 LAYER: meta PACKAGE NAME: mpg123 PACKAGE VERSION: 1.32.10 CVE: CVE-2014-9497 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in mpg123 before 1.18.0. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9497 LAYER: meta PACKAGE NAME: mpg123 PACKAGE VERSION: 1.32.10 CVE: CVE-2017-10683 CVE STATUS: Patched CVE SUMMARY: In mpg123 1.25.0, there is a heap-based buffer over-read in the convert_latin1 function in libmpg123/id3.c. A crafted input will lead to a remote denial of service attack. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-10683 LAYER: meta PACKAGE NAME: mpg123 PACKAGE VERSION: 1.32.10 CVE: CVE-2017-11126 CVE STATUS: Patched CVE SUMMARY: The III_i_stereo function in libmpg123/layer3.c in mpg123 through 1.25.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file that is mishandled in the code for the "block_type != 2" case, a similar issue to CVE-2017-9870. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11126 LAYER: meta PACKAGE NAME: mpg123 PACKAGE VERSION: 1.32.10 CVE: CVE-2017-12797 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the INT123_parse_new_id3 function in the ID3 parser in mpg123 before 1.25.5 on 32-bit platforms allows remote attackers to cause a denial of service via a crafted file, which triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12797 LAYER: meta PACKAGE NAME: mpg123 PACKAGE VERSION: 1.32.10 CVE: CVE-2017-12839 CVE STATUS: Patched CVE SUMMARY: A heap-based buffer over-read in the getbits function in src/libmpg123/getbits.h in mpg123 through 1.25.5 allows remote attackers to cause a possible denial-of-service (out-of-bounds read) or possibly have unspecified other impact via a crafted mp3 file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12839 LAYER: meta PACKAGE NAME: mpg123 PACKAGE VERSION: 1.32.10 CVE: CVE-2017-9545 CVE STATUS: Patched CVE SUMMARY: The next_text function in src/libmpg123/id3.c in mpg123 1.24.0 allows remote attackers to cause a denial of service (buffer over-read) via a crafted mp3 file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9545 LAYER: meta PACKAGE NAME: rxvt-unicode PACKAGE VERSION: 9.31 CVE: CVE-2004-2215 CVE STATUS: Patched CVE SUMMARY: RXVT-Unicode 3.4 and 3.5 does not properly close file descriptors, which allows local users to access the terminals of other users and possibly gain privileges. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-2215 LAYER: meta PACKAGE NAME: rxvt-unicode PACKAGE VERSION: 9.31 CVE: CVE-2005-0764 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in command.C for rxvt-unicode before 5.3 allows remote attackers to execute arbitrary code via a crafted file containing long escape sequences. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-0764 LAYER: meta PACKAGE NAME: rxvt-unicode PACKAGE VERSION: 9.31 CVE: CVE-2006-0126 CVE STATUS: Patched CVE SUMMARY: rxvt-unicode before 6.3, on certain platforms that use openpty and non-Unix pty devices such as Linux and most BSD platforms, does not maintain the intended permissions of tty devices, which allows local users to gain read and write access to the devices. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-0126 LAYER: meta PACKAGE NAME: rxvt-unicode PACKAGE VERSION: 9.31 CVE: CVE-2008-1142 CVE STATUS: Patched CVE SUMMARY: rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine. CVSS v2 BASE SCORE: 3.7 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1142 LAYER: meta PACKAGE NAME: rxvt-unicode PACKAGE VERSION: 9.31 CVE: CVE-2014-3121 CVE STATUS: Patched CVE SUMMARY: rxvt-unicode before 9.20 does not properly handle OSC escape sequences, which allows user-assisted remote attackers to manipulate arbitrary X window properties and execute arbitrary commands. CVSS v2 BASE SCORE: 7.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3121 LAYER: meta PACKAGE NAME: rxvt-unicode PACKAGE VERSION: 9.31 CVE: CVE-2021-33477 CVE STATUS: Patched CVE SUMMARY: rxvt-unicode 9.22, rxvt 2.7.10, mrxvt 0.5.4, and Eterm 0.9.7 allow (potentially remote) code execution because of improper handling of certain escape sequences (ESC G Q). A response is terminated by a newline. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-33477 LAYER: meta PACKAGE NAME: rxvt-unicode PACKAGE VERSION: 9.31 CVE: CVE-2022-4170 CVE STATUS: Patched CVE SUMMARY: The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-4170 LAYER: meta-multimedia PACKAGE NAME: sox PACKAGE VERSION: 14.4.2 CVE: CVE-2004-0557 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in the st_wavstartread function in wav.c for Sound eXchange (SoX) 12.17.2 through 12.17.4 allow remote attackers to execute arbitrary code via certain WAV file header fields. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0557 LAYER: meta-multimedia PACKAGE NAME: sox PACKAGE VERSION: 14.4.2 CVE: CVE-2021-23159 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function lsx_read_w_buf() in formats_i.c file. The vulnerability is exploitable with a crafted file, that could cause an application to crash. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-23159 LAYER: meta-multimedia PACKAGE NAME: sox PACKAGE VERSION: 14.4.2 CVE: CVE-2021-23172 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function startread() in hcom.c file. The vulnerability is exploitable with a crafted hcomn file, that could cause an application to crash. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-23172 LAYER: meta-multimedia PACKAGE NAME: sox PACKAGE VERSION: 14.4.2 CVE: CVE-2021-23210 CVE STATUS: Patched CVE SUMMARY: A floating point exception (divide-by-zero) issue was discovered in SoX in functon read_samples() of voc.c file. An attacker with a crafted file, could cause an application to crash. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-23210 LAYER: meta-multimedia PACKAGE NAME: sox PACKAGE VERSION: 14.4.2 CVE: CVE-2021-33844 CVE STATUS: Patched CVE SUMMARY: A floating point exception (divide-by-zero) issue was discovered in SoX in functon startread() of wav.c file. An attacker with a crafted wav file, could cause an application to crash. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-33844 LAYER: meta-multimedia PACKAGE NAME: sox PACKAGE VERSION: 14.4.2 CVE: CVE-2021-3643 CVE STATUS: Patched CVE SUMMARY: A flaw was found in sox 14.4.1. The lsx_adpcm_init function within libsox leads to a global-buffer-overflow. This flaw allows an attacker to input a malicious file, leading to the disclosure of sensitive information. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3643 LAYER: meta-multimedia PACKAGE NAME: sox PACKAGE VERSION: 14.4.2 CVE: CVE-2022-31650 CVE STATUS: Unpatched CVE SUMMARY: In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-31650 LAYER: meta-multimedia PACKAGE NAME: sox PACKAGE VERSION: 14.4.2 CVE: CVE-2022-31651 CVE STATUS: Unpatched CVE SUMMARY: In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in libsox.a. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-31651 LAYER: meta-multimedia PACKAGE NAME: sox PACKAGE VERSION: 14.4.2 CVE: CVE-2023-26590 CVE STATUS: Patched CVE SUMMARY: A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58. This flaw can lead to a denial of service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.2 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-26590 LAYER: meta-multimedia PACKAGE NAME: sox PACKAGE VERSION: 14.4.2 CVE: CVE-2023-32627 CVE STATUS: Patched CVE SUMMARY: A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc.c:334:18. This flaw can lead to a denial of service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.2 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-32627 LAYER: meta-multimedia PACKAGE NAME: sox PACKAGE VERSION: 14.4.2 CVE: CVE-2023-34318 CVE STATUS: Patched CVE SUMMARY: A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41. This flaw can lead to a denial of service, code execution, or information disclosure. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-34318 LAYER: meta-oe PACKAGE NAME: lcms PACKAGE VERSION: 2.16 CVE: CVE-2008-5316 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the ReadEmbeddedTextTag function in src/cmsio1.c in Little cms color engine (aka lcms) before 1.16 allows attackers to have an unknown impact via vectors related to a length parameter inconsistency involving the contents of "the input file," a different vulnerability than CVE-2007-2741. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-5316 LAYER: meta-oe PACKAGE NAME: lcms PACKAGE VERSION: 2.16 CVE: CVE-2008-5317 CVE STATUS: Patched CVE SUMMARY: Integer signedness error in the cmsAllocGamma function in src/cmsgamma.c in Little cms color engine (aka lcms) before 1.17 allows attackers to have an unknown impact via a file containing a certain "number of entries" value, which is interpreted improperly, leading to an allocation of insufficient memory. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-5317 LAYER: meta-oe PACKAGE NAME: lcms PACKAGE VERSION: 2.16 CVE: CVE-2013-4160 CVE STATUS: Patched CVE SUMMARY: Little CMS (lcms2) before 2.5, as used in OpenJDK 7 and possibly other products, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to (1) cmsStageAllocLabV2ToV4curves, (2) cmsPipelineDup, (3) cmsAllocProfileSequenceDescription, (4) CurvesAlloc, and (5) cmsnamed. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4160 LAYER: meta-oe PACKAGE NAME: lcms PACKAGE VERSION: 2.16 CVE: CVE-2013-4276 CVE STATUS: Patched CVE SUMMARY: Multiple stack-based buffer overflows in LittleCMS (aka lcms or liblcms) 1.19 and earlier allow remote attackers to cause a denial of service (crash) via a crafted (1) ICC color profile to the icctrans utility or (2) TIFF image to the tiffdiff utility. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4276 LAYER: meta-oe PACKAGE NAME: lcms PACKAGE VERSION: 2.16 CVE: CVE-2013-7455 CVE STATUS: Patched CVE SUMMARY: Double free vulnerability in the DefaultICCintents function in cmscnvrt.c in liblcms2 in Little CMS 2.x before 2.6 allows remote attackers to execute arbitrary code via a malformed ICC profile that triggers an error in the default intent handler. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-7455 LAYER: meta-oe PACKAGE NAME: lcms PACKAGE VERSION: 2.16 CVE: CVE-2016-10165 CVE STATUS: Patched CVE SUMMARY: The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 7.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10165 LAYER: meta-oe PACKAGE NAME: lcms PACKAGE VERSION: 2.16 CVE: CVE-2018-16435 CVE STATUS: Patched CVE SUMMARY: Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16435 LAYER: meta PACKAGE NAME: systemtap PACKAGE VERSION: 5.0 CVE: CVE-2009-0784 CVE STATUS: Patched CVE SUMMARY: Race condition in the SystemTap stap tool 0.0.20080705 and 0.0.20090314 allows local users in the stapusr group to insert arbitrary SystemTap kernel modules and gain privileges via unknown vectors. CVSS v2 BASE SCORE: 6.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-0784 LAYER: meta PACKAGE NAME: systemtap PACKAGE VERSION: 5.0 CVE: CVE-2009-2911 CVE STATUS: Patched CVE SUMMARY: SystemTap 1.0, when the --unprivileged option is used, does not properly restrict certain data sizes, which allows local users to (1) cause a denial of service or gain privileges via a print operation with a large number of arguments that trigger a kernel stack overflow, (2) cause a denial of service via crafted DWARF expressions that trigger a kernel stack frame overflow, or (3) cause a denial of service (infinite loop) via vectors that trigger creation of large unwind tables, related to Common Information Entry (CIE) and Call Frame Instruction (CFI) records. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-2911 LAYER: meta PACKAGE NAME: systemtap PACKAGE VERSION: 5.0 CVE: CVE-2009-4273 CVE STATUS: Patched CVE SUMMARY: stap-server in SystemTap before 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in stap command-line arguments in a request. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-4273 LAYER: meta PACKAGE NAME: systemtap PACKAGE VERSION: 5.0 CVE: CVE-2010-0411 CVE STATUS: Patched CVE SUMMARY: Multiple integer signedness errors in the (1) __get_argv and (2) __get_compat_argv functions in tapset/aux_syscalls.stp in SystemTap 1.1 allow local users to cause a denial of service (script crash, or system crash or hang) via a process with a large number of arguments, leading to a buffer overflow. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-0411 LAYER: meta PACKAGE NAME: systemtap PACKAGE VERSION: 5.0 CVE: CVE-2010-0412 CVE STATUS: Patched CVE SUMMARY: stap-server in SystemTap 1.1 does not properly restrict the value of the -B (aka BUILD) option, which allows attackers to have an unspecified impact via vectors associated with executing the make program, a different vulnerability than CVE-2009-4273. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-0412 LAYER: meta PACKAGE NAME: systemtap PACKAGE VERSION: 5.0 CVE: CVE-2010-4170 CVE STATUS: Patched CVE SUMMARY: The staprun runtime tool in SystemTap 1.3 does not properly clear the environment before executing modprobe, which allows local users to gain privileges by setting the MODPROBE_OPTIONS environment variable to specify a malicious configuration file. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-4170 LAYER: meta PACKAGE NAME: systemtap PACKAGE VERSION: 5.0 CVE: CVE-2010-4171 CVE STATUS: Patched CVE SUMMARY: The staprun runtime tool in SystemTap 1.3 does not verify that a module to unload was previously loaded by SystemTap, which allows local users to cause a denial of service (unloading of arbitrary kernel modules). CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-4171 LAYER: meta PACKAGE NAME: systemtap PACKAGE VERSION: 5.0 CVE: CVE-2011-1769 CVE STATUS: Patched CVE SUMMARY: SystemTap 1.4 and earlier, when unprivileged (aka stapusr) mode is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) via a crafted ELF program with DWARF expressions that are not properly handled by a stap script that performs context variable access. CVSS v2 BASE SCORE: 1.2 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1769 LAYER: meta PACKAGE NAME: systemtap PACKAGE VERSION: 5.0 CVE: CVE-2011-1781 CVE STATUS: Patched CVE SUMMARY: SystemTap 1.4, when unprivileged (aka stapusr) mode is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) via a crafted ELF program with DWARF expressions that are not properly handled by a stap script that performs stack unwinding (aka backtracing). CVSS v2 BASE SCORE: 1.2 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1781 LAYER: meta PACKAGE NAME: systemtap PACKAGE VERSION: 5.0 CVE: CVE-2011-2502 CVE STATUS: Patched CVE SUMMARY: runtime/staprun/staprun_funcs.c in the systemtap runtime tool (staprun) in SystemTap before 1.6 does not properly validate modules when a module path is specified by a user for user-space probing, which allows local users in the stapusr group to gain privileges via a crafted module in the search path in the -u argument. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-2502 LAYER: meta PACKAGE NAME: systemtap PACKAGE VERSION: 5.0 CVE: CVE-2011-2503 CVE STATUS: Patched CVE SUMMARY: The insert_module function in runtime/staprun/staprun_funcs.c in the systemtap runtime tool (staprun) in SystemTap before 1.6 does not properly validate a module when loading it, which allows local users to gain privileges via a race condition between the signature validation and the module initialization. CVSS v2 BASE SCORE: 3.7 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-2503 LAYER: meta PACKAGE NAME: systemtap PACKAGE VERSION: 5.0 CVE: CVE-2012-0875 CVE STATUS: Patched CVE SUMMARY: SystemTap 1.7, 1.6.7, and probably other versions, when unprivileged mode is enabled, allows local users to obtain sensitive information from kernel memory or cause a denial of service (kernel panic and crash) via vectors related to crafted DWARF data, which triggers a read of an invalid pointer. CVSS v2 BASE SCORE: 5.4 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0875 LAYER: meta PACKAGE NAME: python3-jinja2 PACKAGE VERSION: 3.1.4 CVE: CVE-2014-0012 CVE STATUS: Patched CVE SUMMARY: FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create temporary directories, which allows local users to gain privileges by pre-creating a temporary directory with a user's uid. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1402. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0012 LAYER: meta PACKAGE NAME: python3-jinja2 PACKAGE VERSION: 3.1.4 CVE: CVE-2014-1402 CVE STATUS: Patched CVE SUMMARY: The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with __jinja2_ in /tmp. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-1402 LAYER: meta PACKAGE NAME: python3-jinja2 PACKAGE VERSION: 3.1.4 CVE: CVE-2016-10745 CVE STATUS: Patched CVE SUMMARY: In Pallets Jinja before 2.8.1, str.format allows a sandbox escape. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 8.6 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10745 LAYER: meta PACKAGE NAME: python3-jinja2 PACKAGE VERSION: 3.1.4 CVE: CVE-2019-10906 CVE STATUS: Patched CVE SUMMARY: In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 8.6 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-10906 LAYER: meta PACKAGE NAME: python3-jinja2 PACKAGE VERSION: 3.1.4 CVE: CVE-2019-8341 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-8341 LAYER: meta PACKAGE NAME: python3-jinja2 PACKAGE VERSION: 3.1.4 CVE: CVE-2020-28493 CVE STATUS: Patched CVE SUMMARY: This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the `_punctuation_re regex` operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-28493 LAYER: meta PACKAGE NAME: python3-jinja2 PACKAGE VERSION: 3.1.4 CVE: CVE-2024-22195 CVE STATUS: Patched CVE SUMMARY: Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja `xmlattr` filter can be abused to inject arbitrary HTML attribute keys and values, bypassing the auto escaping mechanism and potentially leading to XSS. It may also be possible to bypass attribute validation checks if they are blacklist-based. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.4 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-22195 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2007-3641 CVE STATUS: Patched CVE SUMMARY: archive_read_support_format_tar.c in libarchive before 2.2.4 does not properly compute the length of a certain buffer when processing a malformed pax extension header, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PAX or (2) TAR archive that triggers a buffer overflow. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-3641 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2007-3644 CVE STATUS: Patched CVE SUMMARY: archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (infinite loop) via (1) an end-of-file condition within a pax extension header or (2) a malformed pax extension header in an (a) PAX or a (b) TAR archive. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-3644 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2007-3645 CVE STATUS: Patched CVE SUMMARY: archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (crash) via (1) an end-of-file condition within a tar header that follows a pax extension header or (2) a malformed pax extension header in an (a) PAX or a (b) TAR archive, which results in a NULL pointer dereference, a different issue than CVE-2007-3644. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-3645 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2010-4666 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in libarchive 3.0 pre-release code allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CAB file, which is not properly handled during the reading of Huffman code data within LZX compressed data. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-4666 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2011-1777 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in the (1) heap_add_entry and (2) relocate_dir functions in archive_read_support_format_iso9660.c in libarchive through 2.8.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ISO9660 image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1777 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2011-1778 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in libarchive through 2.8.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TAR archive. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1778 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2011-1779 CVE STATUS: Patched CVE SUMMARY: Multiple use-after-free vulnerabilities in libarchive 2.8.4 and 2.8.5 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted (1) TAR archive or (2) ISO9660 image. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1779 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2013-0211 CVE STATUS: Patched CVE SUMMARY: Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an improper conversion between unsigned and signed types, leading to a buffer overflow. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0211 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2015-2304 CVE STATUS: Patched CVE SUMMARY: Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-2304 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2015-8915 CVE STATUS: Patched CVE SUMMARY: bsdcpio in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read and crash) via crafted cpio file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8915 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2015-8916 CVE STATUS: Patched CVE SUMMARY: bsdtar in libarchive before 3.2.0 returns a success code without filling the entry when the header is a "split file in multivolume RAR," which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted rar file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8916 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2015-8917 CVE STATUS: Patched CVE SUMMARY: bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid character in the name of a cab file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8917 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2015-8918 CVE STATUS: Patched CVE SUMMARY: The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to "overlapping memcpy." CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8918 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2015-8919 CVE STATUS: Patched CVE SUMMARY: The lha_read_file_extended_header function in archive_read_support_format_lha.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap) via a crafted (1) lzh or (2) lha file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8919 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2015-8920 CVE STATUS: Patched CVE SUMMARY: The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8920 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2015-8921 CVE STATUS: Patched CVE SUMMARY: The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8921 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2015-8922 CVE STATUS: Patched CVE SUMMARY: The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted 7z file, related to the _7z_folder struct. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8922 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2015-8923 CVE STATUS: Patched CVE SUMMARY: The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers to cause a denial of service (crash) via a crafted zip file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8923 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2015-8924 CVE STATUS: Patched CVE SUMMARY: The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tar file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8924 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2015-8925 CVE STATUS: Patched CVE SUMMARY: The readline function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read) via a crafted mtree file, related to newline parsing. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8925 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2015-8926 CVE STATUS: Patched CVE SUMMARY: The archive_read_format_rar_read_data function in archive_read_support_format_rar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted rar archive. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8926 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2015-8927 CVE STATUS: Patched CVE SUMMARY: The trad_enc_decrypt_update function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap read and crash) via a crafted zip file, related to reading the password. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8927 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2015-8928 CVE STATUS: Patched CVE SUMMARY: The process_add_entry function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8928 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2015-8929 CVE STATUS: Patched CVE SUMMARY: Memory leak in the __archive_read_get_extract function in archive_read_extract2.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service via a tar file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8929 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2015-8930 CVE STATUS: Patched CVE SUMMARY: bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8930 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2015-8931 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefined behavior. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8931 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2015-8932 CVE STATUS: Patched CVE SUMMARY: The compress_bidder_init function in archive_read_support_filter_compress.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file, which triggers an invalid left shift. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8932 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2015-8933 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the archive_read_format_tar_skip function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8933 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2015-8934 CVE STATUS: Patched CVE SUMMARY: The copy_from_lzss_window function in archive_read_support_format_rar.c in libarchive 3.2.0 and earlier allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted rar file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8934 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2016-10209 CVE STATUS: Patched CVE SUMMARY: The archive_wstring_append_from_mbs function in archive_string.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10209 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2016-10349 CVE STATUS: Patched CVE SUMMARY: The archive_le32dec function in archive_endian.h in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10349 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2016-10350 CVE STATUS: Patched CVE SUMMARY: The archive_read_format_cab_read_header function in archive_read_support_format_cab.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10350 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2016-1541 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-1541 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2016-4300 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4300 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2016-4301 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the parse_device function in archive_read_support_format_mtree.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a crafted mtree file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4301 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2016-4302 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a RAR file with a zero-sized dictionary. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4302 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2016-4809 CVE STATUS: Patched CVE SUMMARY: The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4809 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2016-5418 CVE STATUS: Patched CVE SUMMARY: The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5418 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2016-5844 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a crafted ISO file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5844 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2016-6250 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors related to verifying filename lengths when writing an ISO9660 archive, which trigger a buffer overflow. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 8.6 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6250 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2016-7166 CVE STATUS: Patched CVE SUMMARY: libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7166 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2016-8687 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a crafted non-printable multibyte character in a filename. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-8687 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2016-8688 CVE STATUS: Patched CVE SUMMARY: The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service (crash) via a crafted file, which triggers an invalid read in the (1) detect_form or (2) bid_entry function in libarchive/archive_read_support_format_mtree.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-8688 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2016-8689 CVE STATUS: Patched CVE SUMMARY: The read_Header function in archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote attackers to cause a denial of service (out-of-bounds read) via multiple EmptyStream attributes in a header in a 7zip archive. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-8689 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2017-14166 CVE STATUS: Patched CVE SUMMARY: libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14166 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2017-14501 CVE STATUS: Patched CVE SUMMARY: An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14501 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2017-14502 CVE STATUS: Patched CVE SUMMARY: read_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14502 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2017-14503 CVE STATUS: Patched CVE SUMMARY: libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14503 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2017-5601 CVE STATUS: Patched CVE SUMMARY: An error in the lha_read_file_header_1() function (archive_read_support_format_lha.c) in libarchive 3.2.2 allows remote attackers to trigger an out-of-bounds read memory access and subsequently cause a crash via a specially crafted archive. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5601 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2018-1000877 CVE STATUS: Patched CVE SUMMARY: libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c, parse_codes(), realloc(rar->lzss.window, new_size) with new_size = 0 that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted RAR archive. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000877 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2018-1000878 CVE STATUS: Patched CVE SUMMARY: libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c that can result in Crash/DoS - it is unknown if RCE is possible. This attack appear to be exploitable via the victim must open a specially crafted RAR archive. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000878 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2018-1000879 CVE STATUS: Patched CVE SUMMARY: libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000879 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2018-1000880 CVE STATUS: Patched CVE SUMMARY: libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage from tiny file. This attack appear to be exploitable via the victim must open a specially crafted WARC file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000880 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2019-1000019 CVE STATUS: Patched CVE SUMMARY: libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to be exploitable via the victim opening a specially crafted 7zip file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-1000019 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2019-1000020 CVE STATUS: Patched CVE SUMMARY: libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS by infinite loop. This attack appears to be exploitable via the victim opening a specially crafted ISO9660 file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-1000020 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2019-11463 CVE STATUS: Patched CVE SUMMARY: A memory leak in archive_read_format_zip_cleanup in archive_read_support_format_zip.c in libarchive 3.3.4-dev allows remote attackers to cause a denial of service via a crafted ZIP file because of a HAVE_LZMA_H typo. NOTE: this only affects users who downloaded the development code from GitHub. Users of the product's official releases are unaffected. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-11463 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2019-18408 CVE STATUS: Patched CVE SUMMARY: archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-18408 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2019-19221 CVE STATUS: Patched CVE SUMMARY: In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes via a crafted archive. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-19221 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2020-21674 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in archive_string_append_from_wcs() (archive_string.c) in libarchive-3.4.1dev allows remote attackers to cause a denial of service (out-of-bounds write in heap memory resulting into a crash) via a crafted archive file. NOTE: this only affects users who downloaded the development code from GitHub. Users of the product's official releases are unaffected. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-21674 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2020-9308 CVE STATUS: Patched CVE SUMMARY: archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts to unpack a RAR5 file with an invalid or corrupted header (such as a header size of zero), leading to a SIGSEGV or possibly unspecified other impact. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-9308 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2021-23177 CVE STATUS: Patched CVE SUMMARY: An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to change the ACL of a file on the system and gain more privileges. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-23177 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2021-31566 CVE STATUS: Patched CVE SUMMARY: An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to gain more privileges in a system. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-31566 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2021-36976 CVE STATUS: Patched CVE SUMMARY: libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block). CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-36976 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2022-26280 CVE STATUS: Patched CVE SUMMARY: Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-26280 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2022-36227 CVE STATUS: Patched CVE SUMMARY: In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: "In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution." CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-36227 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2023-30571 CVE STATUS: Ignored CVE DETAIL: upstream-wontfix CVE DESCRIPTION: upstream has documented that reported function is not thread-safe CVE SUMMARY: Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 3.9 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-30571 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2024-20696 CVE STATUS: Patched CVE SUMMARY: Windows libarchive Remote Code Execution Vulnerability CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-20696 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2024-26256 CVE STATUS: Patched CVE SUMMARY: Libarchive Remote Code Execution Vulnerability CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-26256 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2024-37407 CVE STATUS: Patched CVE SUMMARY: Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file and mac-ext is enabled. This occurs in slurp_central_directory in archive_read_support_format_zip.c. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-37407 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2024-48615 CVE STATUS: Unpatched CVE SUMMARY: Null Pointer Dereference vulnerability in libarchive 3.7.6 and earlier when running program bsdtar in function header_pax_extension at rchive_read_support_format_tar.c:1844:8. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-48615 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2024-48957 CVE STATUS: Patched CVE SUMMARY: execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-48957 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2024-48958 CVE STATUS: Patched CVE SUMMARY: execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-48958 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2025-1632 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. CVSS v2 BASE SCORE: 1.7 CVSS v3 BASE SCORE: 3.3 CVSS v4 BASE SCORE: 4.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-1632 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2025-25724 CVE STATUS: Patched CVE SUMMARY: list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-25724 LAYER: meta PACKAGE NAME: libvorbis PACKAGE VERSION: 1.3.7 CVE: CVE-2007-3106 CVE STATUS: Patched CVE SUMMARY: lib/info.c in libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via invalid (1) blocksize_0 and (2) blocksize_1 values, which trigger a "heap overwrite" in the _01inverse function in res0.c. NOTE: this issue has been RECAST so that CVE-2007-4029 handles additional vectors. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-3106 LAYER: meta PACKAGE NAME: libvorbis PACKAGE VERSION: 1.3.7 CVE: CVE-2007-4029 CVE STATUS: Patched CVE SUMMARY: libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service via (1) an invalid mapping type, which triggers an out-of-bounds read in the vorbis_info_clear function in info.c, and (2) invalid blocksize values that trigger a segmentation fault in the read function in block.c. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-4029 LAYER: meta PACKAGE NAME: libvorbis PACKAGE VERSION: 1.3.7 CVE: CVE-2007-4065 CVE STATUS: Patched CVE SUMMARY: lib/vorbisfile.c in libvorbisfile in Xiph.Org libvorbis before 1.2.0 allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted OGG file, aka trac Changeset 13217. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-4065 LAYER: meta PACKAGE NAME: libvorbis PACKAGE VERSION: 1.3.7 CVE: CVE-2007-4066 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in Xiph.Org libvorbis before 1.2.0 allow context-dependent attackers to cause a denial of service or have other unspecified impact via a crafted OGG file, aka trac Changesets 13162, 13168, 13169, 13170, 13172, 13211, and 13215, as demonstrated by an overflow in oggenc.exe related to the _psy_noiseguards_8 array. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-4066 LAYER: meta PACKAGE NAME: libvorbis PACKAGE VERSION: 1.3.7 CVE: CVE-2008-1419 CVE STATUS: Patched CVE SUMMARY: Xiph.org libvorbis 1.2.0 and earlier does not properly handle a zero value for codebook.dim, which allows remote attackers to cause a denial of service (crash or infinite loop) or trigger an integer overflow. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1419 LAYER: meta PACKAGE NAME: libvorbis PACKAGE VERSION: 1.3.7 CVE: CVE-2008-1420 CVE STATUS: Patched CVE SUMMARY: Integer overflow in residue partition value (aka partvals) evaluation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to execute arbitrary code via a crafted OGG file, which triggers a heap overflow. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1420 LAYER: meta PACKAGE NAME: libvorbis PACKAGE VERSION: 1.3.7 CVE: CVE-2008-1423 CVE STATUS: Patched CVE SUMMARY: Integer overflow in a certain quantvals and quantlist calculation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted OGG file with a large virtual space for its codebook, which triggers a heap overflow. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1423 LAYER: meta PACKAGE NAME: libvorbis PACKAGE VERSION: 1.3.7 CVE: CVE-2008-2009 CVE STATUS: Patched CVE SUMMARY: Xiph.org libvorbis before 1.0 does not properly check for underpopulated Huffman trees, which allows remote attackers to cause a denial of service (crash) via a crafted OGG file that triggers memory corruption during execution of the _make_decode_tree function. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-2009 LAYER: meta PACKAGE NAME: libvorbis PACKAGE VERSION: 1.3.7 CVE: CVE-2017-11333 CVE STATUS: Patched CVE SUMMARY: The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (OOM) via a crafted wav file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11333 LAYER: meta PACKAGE NAME: libvorbis PACKAGE VERSION: 1.3.7 CVE: CVE-2017-14160 CVE STATUS: Patched CVE SUMMARY: The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact via a crafted mp4 file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14160 LAYER: meta PACKAGE NAME: libvorbis PACKAGE VERSION: 1.3.7 CVE: CVE-2017-14632 CVE STATUS: Patched CVE SUMMARY: Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14632 LAYER: meta PACKAGE NAME: libvorbis PACKAGE VERSION: 1.3.7 CVE: CVE-2017-14633 CVE STATUS: Patched CVE SUMMARY: In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis(). CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14633 LAYER: meta PACKAGE NAME: libvorbis PACKAGE VERSION: 1.3.7 CVE: CVE-2018-10392 CVE STATUS: Patched CVE SUMMARY: mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-10392 LAYER: meta PACKAGE NAME: libvorbis PACKAGE VERSION: 1.3.7 CVE: CVE-2018-10393 CVE STATUS: Patched CVE SUMMARY: bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-10393 LAYER: meta PACKAGE NAME: libvorbis PACKAGE VERSION: 1.3.7 CVE: CVE-2020-20412 CVE STATUS: Patched CVE SUMMARY: lib/codebook.c in libvorbis before 1.3.6, as used in StepMania 5.0.12 and other products, has insufficient array bounds checking via a crafted OGG file. NOTE: this may overlap CVE-2018-5146. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-20412 LAYER: meta PACKAGE NAME: libwebp PACKAGE VERSION: 1.3.2 CVE: CVE-2016-9085 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in libwebp allows attackers to have unspecified impact via unknown vectors. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 3.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9085 LAYER: meta PACKAGE NAME: libwebp PACKAGE VERSION: 1.3.2 CVE: CVE-2016-9969 CVE STATUS: Patched CVE SUMMARY: In libwebp 0.5.1, there is a double free bug in libwebpmux. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9969 LAYER: meta PACKAGE NAME: libwebp PACKAGE VERSION: 1.3.2 CVE: CVE-2018-25009 CVE STATUS: Patched CVE SUMMARY: A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16(). CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-25009 LAYER: meta PACKAGE NAME: libwebp PACKAGE VERSION: 1.3.2 CVE: CVE-2018-25010 CVE STATUS: Patched CVE SUMMARY: A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ApplyFilter(). CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-25010 LAYER: meta PACKAGE NAME: libwebp PACKAGE VERSION: 1.3.2 CVE: CVE-2018-25011 CVE STATUS: Patched CVE SUMMARY: A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in PutLE16(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-25011 LAYER: meta PACKAGE NAME: libwebp PACKAGE VERSION: 1.3.2 CVE: CVE-2018-25012 CVE STATUS: Patched CVE SUMMARY: A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24(). CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-25012 LAYER: meta PACKAGE NAME: libwebp PACKAGE VERSION: 1.3.2 CVE: CVE-2018-25013 CVE STATUS: Patched CVE SUMMARY: A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes(). CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-25013 LAYER: meta PACKAGE NAME: libwebp PACKAGE VERSION: 1.3.2 CVE: CVE-2018-25014 CVE STATUS: Patched CVE SUMMARY: A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-25014 LAYER: meta PACKAGE NAME: libwebp PACKAGE VERSION: 1.3.2 CVE: CVE-2020-36328 CVE STATUS: Patched CVE SUMMARY: A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-36328 LAYER: meta PACKAGE NAME: libwebp PACKAGE VERSION: 1.3.2 CVE: CVE-2020-36329 CVE STATUS: Patched CVE SUMMARY: A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-36329 LAYER: meta PACKAGE NAME: libwebp PACKAGE VERSION: 1.3.2 CVE: CVE-2020-36330 CVE STATUS: Patched CVE SUMMARY: A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-36330 LAYER: meta PACKAGE NAME: libwebp PACKAGE VERSION: 1.3.2 CVE: CVE-2020-36331 CVE STATUS: Patched CVE SUMMARY: A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-36331 LAYER: meta PACKAGE NAME: libwebp PACKAGE VERSION: 1.3.2 CVE: CVE-2020-36332 CVE STATUS: Patched CVE SUMMARY: A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-36332 LAYER: meta PACKAGE NAME: libwebp PACKAGE VERSION: 1.3.2 CVE: CVE-2023-1999 CVE STATUS: Patched CVE SUMMARY: There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-1999 LAYER: meta PACKAGE NAME: libwebp PACKAGE VERSION: 1.3.2 CVE: CVE-2023-4863 CVE STATUS: Patched CVE SUMMARY: Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4863 LAYER: meta PACKAGE NAME: iptables PACKAGE VERSION: 1.8.10 CVE: CVE-2001-1387 CVE STATUS: Patched CVE SUMMARY: iptables-save in iptables before 1.2.4 records the "--reject-with icmp-host-prohibited" rule as "--reject-with tcp-reset," which causes iptables to generate different responses than specified by the administrator, possibly leading to an information leak. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2001-1387 LAYER: meta PACKAGE NAME: iptables PACKAGE VERSION: 1.8.10 CVE: CVE-2001-1388 CVE STATUS: Patched CVE SUMMARY: iptables before 1.2.4 does not accurately convert rate limits that are specified on the command line, which could allow attackers or users to generate more or less traffic than intended by the administrator. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2001-1388 LAYER: meta PACKAGE NAME: iptables PACKAGE VERSION: 1.8.10 CVE: CVE-2012-2663 CVE STATUS: Patched CVE SUMMARY: extensions/libxt_tcp.c in iptables through 1.4.21 does not match TCP SYN+FIN packets in --syn rules, which might allow remote attackers to bypass intended firewall restrictions via crafted packets. NOTE: the CVE-2012-6638 fix makes this issue less relevant. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2663 LAYER: meta PACKAGE NAME: iptables PACKAGE VERSION: 1.8.10 CVE: CVE-2019-11360 CVE STATUS: Patched CVE SUMMARY: A buffer overflow in iptables-restore in netfilter iptables 1.8.2 allows an attacker to (at least) crash the program or potentially gain code execution via a specially crafted iptables-save file. This is related to add_param_to_argv in xshared.c. CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 4.2 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-11360 LAYER: meta PACKAGE NAME: gdb PACKAGE VERSION: 14.2 CVE: CVE-2005-1704 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the Binary File Descriptor (BFD) library for gdb before 6.3, binutils, elfutils, and possibly other packages, allows user-assisted attackers to execute arbitrary code via a crafted object file that specifies a large number of section headers, leading to a heap-based buffer overflow. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-1704 LAYER: meta PACKAGE NAME: gdb PACKAGE VERSION: 14.2 CVE: CVE-2005-1705 CVE STATUS: Patched CVE SUMMARY: gdb before 6.3 searches the current working directory to load the .gdbinit configuration file, which allows local users to execute arbitrary commands as the user running gdb. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-1705 LAYER: meta PACKAGE NAME: gdb PACKAGE VERSION: 14.2 CVE: CVE-2006-4146 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the (1) DWARF (dwarfread.c) and (2) DWARF2 (dwarf2read.c) debugging code in GNU Debugger (GDB) 6.5 allows user-assisted attackers, or restricted users, to execute arbitrary code via a crafted file with a location block (DW_FORM_block) that contains a large number of operations. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-4146 LAYER: meta PACKAGE NAME: gdb PACKAGE VERSION: 14.2 CVE: CVE-2011-4355 CVE STATUS: Patched CVE SUMMARY: GNU Project Debugger (GDB) before 7.5, when .debug_gdb_scripts is defined, automatically loads certain files from the current working directory, which allows local users to gain privileges via crafted files such as Python scripts. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-4355 LAYER: meta PACKAGE NAME: gdb PACKAGE VERSION: 14.2 CVE: CVE-2017-9778 CVE STATUS: Patched CVE SUMMARY: GNU Debugger (GDB) 8.0 and earlier fails to detect a negative length field in a DWARF section. A malformed section in an ELF binary or a core file can cause GDB to repeatedly allocate memory until a process limit is reached. This can, for example, impede efforts to analyze malware with GDB. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9778 LAYER: meta PACKAGE NAME: gdb PACKAGE VERSION: 14.2 CVE: CVE-2019-1010180 CVE STATUS: Patched CVE SUMMARY: GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-1010180 LAYER: meta PACKAGE NAME: gdb PACKAGE VERSION: 14.2 CVE: CVE-2023-39128 CVE STATUS: Patched CVE SUMMARY: GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a stack overflow via the function ada_decode at /gdb/ada-lang.c. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-39128 LAYER: meta PACKAGE NAME: gdb PACKAGE VERSION: 14.2 CVE: CVE-2023-39129 CVE STATUS: Patched CVE SUMMARY: GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap use after free via the function add_pe_exported_sym() at /gdb/coff-pe-read.c. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-39129 LAYER: meta PACKAGE NAME: gdb PACKAGE VERSION: 14.2 CVE: CVE-2023-39130 CVE STATUS: Patched CVE SUMMARY: GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap buffer overflow via the function pe_as16() at /gdb/coff-pe-read.c. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-39130 LAYER: meta PACKAGE NAME: time PACKAGE VERSION: 1.9 CVE: CVE-2020-26235 CVE STATUS: Patched CVE SUMMARY: In Rust time crate from version 0.2.7 and before version 0.2.23, unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires the user to set any environment variable in a different thread than the affected functions. The affected functions are time::UtcOffset::local_offset_at, time::UtcOffset::try_local_offset_at, time::UtcOffset::current_local_offset, time::UtcOffset::try_current_local_offset, time::OffsetDateTime::now_local and time::OffsetDateTime::try_now_local. Non-Unix targets are unaffected. This includes Windows and wasm. The issue was introduced in version 0.2.7 and fixed in version 0.2.23. CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-26235 LAYER: meta PACKAGE NAME: time PACKAGE VERSION: 1.9 CVE: CVE-2023-28756 CVE STATUS: Patched CVE SUMMARY: A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-28756 LAYER: meta PACKAGE NAME: kbd PACKAGE VERSION: 2.6.4 CVE: CVE-2011-0460 CVE STATUS: Patched CVE SUMMARY: The init script in kbd, possibly 1.14.1 and earlier, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/defkeymap.map. CVSS v2 BASE SCORE: 6.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-0460 LAYER: meta PACKAGE NAME: bluez5 PACKAGE VERSION: 5.72 CVE: CVE-2005-2547 CVE STATUS: Patched CVE SUMMARY: security.c in hcid for BlueZ 2.16, 2.17, and 2.18 allows remote attackers to execute arbitrary commands via shell metacharacters in the Bluetooth device name when invoking the PIN helper. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-2547 LAYER: meta PACKAGE NAME: bluez5 PACKAGE VERSION: 5.72 CVE: CVE-2006-6899 CVE STATUS: Patched CVE SUMMARY: hidd in BlueZ (bluez-utils) before 2.25 allows remote attackers to obtain control of the (1) Mouse and (2) Keyboard Human Interface Device (HID) via a certain configuration of two HID (PSM) endpoints, operating as a server, aka HidAttack. CVSS v2 BASE SCORE: 5.4 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-6899 LAYER: meta PACKAGE NAME: bluez5 PACKAGE VERSION: 5.72 CVE: CVE-2016-7837 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7837 LAYER: meta PACKAGE NAME: bluez5 PACKAGE VERSION: 5.72 CVE: CVE-2016-9797 CVE STATUS: Patched CVE SUMMARY: In BlueZ 5.42, a buffer over-read was observed in "l2cap_dump" function in "tools/parser/l2cap.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9797 LAYER: meta PACKAGE NAME: bluez5 PACKAGE VERSION: 5.72 CVE: CVE-2016-9798 CVE STATUS: Patched CVE SUMMARY: In BlueZ 5.42, a use-after-free was identified in "conf_opt" function in "tools/parser/l2cap.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9798 LAYER: meta PACKAGE NAME: bluez5 PACKAGE VERSION: 5.72 CVE: CVE-2016-9799 CVE STATUS: Patched CVE SUMMARY: In BlueZ 5.42, a buffer overflow was observed in "pklg_read_hci" function in "btsnoop.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9799 LAYER: meta PACKAGE NAME: bluez5 PACKAGE VERSION: 5.72 CVE: CVE-2016-9800 CVE STATUS: Patched CVE SUMMARY: In BlueZ 5.42, a buffer overflow was observed in "pin_code_reply_dump" function in "tools/parser/hci.c" source file. The issue exists because "pin" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame "pin_code_reply_cp *cp" parameter. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9800 LAYER: meta PACKAGE NAME: bluez5 PACKAGE VERSION: 5.72 CVE: CVE-2016-9801 CVE STATUS: Patched CVE SUMMARY: In BlueZ 5.42, a buffer overflow was observed in "set_ext_ctrl" function in "tools/parser/l2cap.c" source file when processing corrupted dump file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9801 LAYER: meta PACKAGE NAME: bluez5 PACKAGE VERSION: 5.72 CVE: CVE-2016-9802 CVE STATUS: Patched CVE SUMMARY: In BlueZ 5.42, a buffer over-read was identified in "l2cap_packet" function in "monitor/packet.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9802 LAYER: meta PACKAGE NAME: bluez5 PACKAGE VERSION: 5.72 CVE: CVE-2016-9803 CVE STATUS: Patched CVE SUMMARY: In BlueZ 5.42, an out-of-bounds read was observed in "le_meta_ev_dump" function in "tools/parser/hci.c" source file. This issue exists because 'subevent' (which is used to read correct element from 'ev_le_meta_str' array) is overflowed. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9803 LAYER: meta PACKAGE NAME: bluez5 PACKAGE VERSION: 5.72 CVE: CVE-2016-9804 CVE STATUS: Patched CVE SUMMARY: In BlueZ 5.42, a buffer overflow was observed in "commands_dump" function in "tools/parser/csr.c" source file. The issue exists because "commands" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame "frm->ptr" parameter. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9804 LAYER: meta PACKAGE NAME: bluez5 PACKAGE VERSION: 5.72 CVE: CVE-2016-9917 CVE STATUS: Patched CVE SUMMARY: In BlueZ 5.42, a buffer overflow was observed in "read_n" function in "tools/hcidump.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9917 LAYER: meta PACKAGE NAME: bluez5 PACKAGE VERSION: 5.72 CVE: CVE-2016-9918 CVE STATUS: Patched CVE SUMMARY: In BlueZ 5.42, an out-of-bounds read was identified in "packet_hexdump" function in "monitor/packet.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9918 LAYER: meta PACKAGE NAME: bluez5 PACKAGE VERSION: 5.72 CVE: CVE-2017-1000250 CVE STATUS: Patched CVE SUMMARY: All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-1000250 LAYER: meta PACKAGE NAME: bluez5 PACKAGE VERSION: 5.72 CVE: CVE-2018-10910 CVE STATUS: Patched CVE SUMMARY: A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication. Versions before bluez 5.51 are vulnerable. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 4.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-10910 LAYER: meta PACKAGE NAME: bluez5 PACKAGE VERSION: 5.72 CVE: CVE-2019-8921 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the handling of a SVC_ATTR_REQ by the SDP implementation. By crafting a malicious CSTATE, it is possible to trick the server into returning more bytes than the buffer actually holds, resulting in leaking arbitrary heap data. The root cause can be found in the function service_attr_req of sdpd-request.c. The server does not check whether the CSTATE data is the same in consecutive requests, and instead simply trusts that it is the same. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-8921 LAYER: meta PACKAGE NAME: bluez5 PACKAGE VERSION: 5.72 CVE: CVE-2019-8922 CVE STATUS: Patched CVE SUMMARY: A heap-based buffer overflow was discovered in bluetoothd in BlueZ through 5.48. There isn't any check on whether there is enough space in the destination buffer. The function simply appends all data passed to it. The values of all attributes that are requested are appended to the output buffer. There are no size checks whatsoever, resulting in a simple heap overflow if one can craft a request where the response is large enough to overflow the preallocated buffer. This issue exists in service_attr_req gets called by process_request (in sdpd-request.c), which also allocates the response buffer. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-8922 LAYER: meta PACKAGE NAME: bluez5 PACKAGE VERSION: 5.72 CVE: CVE-2020-0556 CVE STATUS: Patched CVE SUMMARY: Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 7.1 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-0556 LAYER: meta PACKAGE NAME: bluez5 PACKAGE VERSION: 5.72 CVE: CVE-2020-24490 CVE STATUS: Ignored CVE DETAIL: cpe-incorrect CVE DESCRIPTION: This issue has kernel fixes rather than bluez fixes CVE SUMMARY: Improper buffer restrictions in BlueZ may allow an unauthenticated user to potentially enable denial of service via adjacent access. This affects all Linux kernel versions that support BlueZ. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-24490 LAYER: meta PACKAGE NAME: bluez5 PACKAGE VERSION: 5.72 CVE: CVE-2020-27153 CVE STATUS: Patched CVE SUMMARY: In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 8.6 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-27153 LAYER: meta PACKAGE NAME: bluez5 PACKAGE VERSION: 5.72 CVE: CVE-2021-0129 CVE STATUS: Patched CVE SUMMARY: Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. CVSS v2 BASE SCORE: 2.7 CVSS v3 BASE SCORE: 5.7 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:S/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-0129 LAYER: meta PACKAGE NAME: bluez5 PACKAGE VERSION: 5.72 CVE: CVE-2021-3588 CVE STATUS: Patched CVE SUMMARY: The cli_feat_read_cb() function in src/gatt-database.c does not perform bounds checks on the 'offset' variable before using it as an index into an array for reading. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 3.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3588 LAYER: meta PACKAGE NAME: bluez5 PACKAGE VERSION: 5.72 CVE: CVE-2021-3658 CVE STATUS: Patched CVE SUMMARY: bluetoothd from bluez incorrectly saves adapters' Discoverable status when a device is powered down, and restores it when powered up. If a device is powered down while discoverable, it will be discoverable when powered on again. This could lead to inadvertent exposure of the bluetooth stack to physically nearby attackers. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3658 LAYER: meta PACKAGE NAME: bluez5 PACKAGE VERSION: 5.72 CVE: CVE-2021-41229 CVE STATUS: Patched CVE SUMMARY: BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdp_cstate_alloc_buf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be a very large object, which can be caused by an attacker continuously sending sdp packets and this may cause the service of the target device to crash. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 4.3 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-41229 LAYER: meta PACKAGE NAME: bluez5 PACKAGE VERSION: 5.72 CVE: CVE-2021-43400 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in gatt-database.c in BlueZ 5.61. A use-after-free can occur when a client disconnects during D-Bus processing of a WriteValue call. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-43400 LAYER: meta PACKAGE NAME: bluez5 PACKAGE VERSION: 5.72 CVE: CVE-2022-0204 CVE STATUS: Patched CVE SUMMARY: A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0204 LAYER: meta PACKAGE NAME: bluez5 PACKAGE VERSION: 5.72 CVE: CVE-2022-3563 CVE STATUS: Patched CVE SUMMARY: A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function read_50_controller_cap_complete of the file tools/mgmt-tester.c of the component BlueZ. The manipulation of the argument cap_len leads to null pointer dereference. It is recommended to apply a patch to fix this issue. VDB-211086 is the identifier assigned to this vulnerability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 3.5 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3563 LAYER: meta PACKAGE NAME: bluez5 PACKAGE VERSION: 5.72 CVE: CVE-2022-3637 CVE STATUS: Patched CVE SUMMARY: A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function jlink_init of the file monitor/jlink.c of the component BlueZ. The manipulation leads to denial of service. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211936. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 2.6 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3637 LAYER: meta PACKAGE NAME: bluez5 PACKAGE VERSION: 5.72 CVE: CVE-2022-39176 CVE STATUS: Patched CVE SUMMARY: BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-39176 LAYER: meta PACKAGE NAME: bluez5 PACKAGE VERSION: 5.72 CVE: CVE-2022-39177 CVE STATUS: Patched CVE SUMMARY: BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-39177 LAYER: meta PACKAGE NAME: bluez5 PACKAGE VERSION: 5.72 CVE: CVE-2024-8805 CVE STATUS: Patched CVE SUMMARY: BlueZ HID over GATT Profile Improper Access Control Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the HID over GATT Profile. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25177. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-8805 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2003-0102 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity size value in an ELF header (elfhdr.e_shentsize). CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-0102 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2004-1304 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the ELF header parsing code in file before 4.12 allows attackers to execute arbitrary code via a crafted ELF file. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-1304 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2007-1536 CVE STATUS: Patched CVE SUMMARY: Integer underflow in the file_printf function in the "file" program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-1536 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2007-2026 CVE STATUS: Patched CVE SUMMARY: The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported for AMaViS. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-2026 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2007-2799 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the "file" program 4.20, when running on 32-bit systems, as used in products including The Sleuth Kit, might allow user-assisted attackers to execute arbitrary code via a large file that triggers an overflow that bypasses an assert() statement. NOTE: this issue is due to an incorrect patch for CVE-2007-1536. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-2799 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2009-1515 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the cdf_read_sat function in src/cdf.c in Christos Zoulas file 5.00 allows user-assisted remote attackers to execute arbitrary code via a crafted compound document file, as demonstrated by a .msi, .doc, or .mpp file. NOTE: some of these details are obtained from third party information. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-1515 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2009-3930 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in Christos Zoulas file before 5.02 allow user-assisted remote attackers to have an unspecified impact via a malformed compound document (aka cdf) file that triggers a buffer overflow. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-3930 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2012-1571 CVE STATUS: Patched CVE SUMMARY: file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1571 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2013-7345 CVE STATUS: Patched CVE SUMMARY: The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-7345 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2014-0207 CVE STATUS: Patched CVE SUMMARY: The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0207 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2014-2270 CVE STATUS: Patched CVE SUMMARY: softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2270 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2014-3478 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3478 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2014-3479 CVE STATUS: Patched CVE SUMMARY: The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3479 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2014-3480 CVE STATUS: Patched CVE SUMMARY: The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3480 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2014-3487 CVE STATUS: Patched CVE SUMMARY: The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3487 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2014-3538 CVE STATUS: Patched CVE SUMMARY: file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3538 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2014-3587 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3587 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2014-8116 CVE STATUS: Patched CVE SUMMARY: The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8116 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2014-8117 CVE STATUS: Patched CVE SUMMARY: softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8117 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2014-9620 CVE STATUS: Patched CVE SUMMARY: The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9620 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2014-9621 CVE STATUS: Patched CVE SUMMARY: The ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a long string. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9621 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2014-9652 CVE STATUS: Patched CVE SUMMARY: The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9652 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2014-9653 CVE STATUS: Patched CVE SUMMARY: readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9653 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2017-1000249 CVE STATUS: Patched CVE SUMMARY: An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 (Oct 2016) lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an ELF binary. This was fixed in commit 35c94dc6acc418f1ad7f6241a6680e5327495793 (Aug 2017). CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-1000249 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2018-10360 CVE STATUS: Patched CVE SUMMARY: The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-10360 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2019-18218 CVE STATUS: Patched CVE SUMMARY: cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write). CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-18218 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2019-8904 CVE STATUS: Patched CVE SUMMARY: do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printf and file_vprintf. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-8904 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2019-8905 CVE STATUS: Patched CVE SUMMARY: do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 4.4 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-8905 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2019-8906 CVE STATUS: Patched CVE SUMMARY: do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 4.4 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-8906 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2019-8907 CVE STATUS: Patched CVE SUMMARY: do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-8907 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2022-48554 CVE STATUS: Patched CVE SUMMARY: File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: "File" is the name of an Open Source project. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-48554 LAYER: meta PACKAGE NAME: glib-networking PACKAGE VERSION: 2.78.1 CVE: CVE-2020-13645 CVE STATUS: Patched CVE SUMMARY: In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior, to fail the certificate verification. Applications that fail to provide the server identity, including Balsa before 2.5.11 and 2.6.x before 2.6.1, accept a TLS certificate if the certificate is valid for any host. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-13645 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2009-5030 CVE STATUS: Patched CVE SUMMARY: The tcd_free_encode function in tcd.c in OpenJPEG 1.3 through 1.5 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted tile information in a Gray16 TIFF image, which causes insufficient memory to be allocated and leads to an "invalid free." CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-5030 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2012-1499 CVE STATUS: Patched CVE SUMMARY: The JPEG 2000 codec (jp2.c) in OpenJPEG before 1.5 allows remote attackers to execute arbitrary code via a crafted palette index in a CMAP record of a JPEG image, which triggers memory corruption, aka "out-of heap-based buffer write." CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1499 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2012-3358 CVE STATUS: Patched CVE SUMMARY: Multiple heap-based buffer overflows in the j2k_read_sot function in j2k.c in OpenJPEG 1.5 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted (1) tile number or (2) tile length in a JPEG 2000 image file. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-3358 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2012-3535 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in OpenJPEG 1.5.0 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted JPEG2000 file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-3535 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2013-1447 CVE STATUS: Patched CVE SUMMARY: OpenJPEG 1.3 and earlier allows remote attackers to cause a denial of service (memory consumption or crash) via unspecified vectors related to NULL pointer dereferences, division-by-zero, and other errors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1447 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2013-4289 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in lib/openjp3d/jp3d.c in OpenJPEG before 1.5.2 allow remote attackers to have unspecified impact and vectors, which trigger a heap-based buffer overflow. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4289 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2013-4290 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in OpenJPEG before 1.5.2 allows remote attackers to have unspecified impact via unknown vectors to (1) lib/openjp3d/opj_jp3d_compress.c, (2) bin/jp3d/convert.c, or (3) lib/openjp3d/event.c. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4290 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2013-6045 CVE STATUS: Patched CVE SUMMARY: Multiple heap-based buffer overflows in OpenJPEG 1.3 and earlier might allow remote attackers to execute arbitrary code via unspecified vectors. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-6045 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2013-6052 CVE STATUS: Patched CVE SUMMARY: OpenJPEG 1.3 and earlier allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based out-of-bounds read. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-6052 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2013-6053 CVE STATUS: Patched CVE SUMMARY: OpenJPEG 1.5.1 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based out-of-bounds read. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-6053 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2013-6054 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in OpenJPEG 1.3 has unspecified impact and remote vectors, a different vulnerability than CVE-2013-6045. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-6054 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2013-6887 CVE STATUS: Patched CVE SUMMARY: OpenJPEG 1.5.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger NULL pointer dereferences, division-by-zero, and other errors. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-6887 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2014-0158 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the JPEG2000 image tile decoder in OpenJPEG before 1.5.2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file because of incorrect j2k_decode, j2k_read_eoc, and tcd_decode_tile interaction, a related issue to CVE-2013-6045. NOTE: this is not a duplicate of CVE-2013-1447, because the scope of CVE-2013-1447 was specifically defined in http://openwall.com/lists/oss-security/2013/12/04/6 as only "null pointer dereferences, division by zero, and anything that would just fit as DoS." CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0158 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2015-1239 CVE STATUS: Patched CVE SUMMARY: Double free vulnerability in the j2k_read_ppm_v3 function in OpenJPEG before r2997, as used in PDFium in Google Chrome, allows remote attackers to cause a denial of service (process crash) via a crafted PDF. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1239 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2015-8871 CVE STATUS: Patched CVE SUMMARY: Use-after-free vulnerability in the opj_j2k_write_mco function in j2k.c in OpenJPEG before 2.1.1 allows remote attackers to have unspecified impact via unknown vectors. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8871 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2016-10504 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow vulnerability in the opj_mqc_byteout function in mqc.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (application crash) via a crafted bmp file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10504 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2016-10505 CVE STATUS: Patched CVE SUMMARY: NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10505 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2016-10506 CVE STATUS: Patched CVE SUMMARY: Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10506 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2016-10507 CVE STATUS: Patched CVE SUMMARY: Integer overflow vulnerability in the bmp24toimage function in convertbmp.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted bmp file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10507 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2016-1923 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the opj_j2k_update_image_data function in OpenJpeg 2016.1.18 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-1923 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2016-1924 CVE STATUS: Patched CVE SUMMARY: The opj_tgt_reset function in OpenJpeg 2016.1.18 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-1924 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2016-3182 CVE STATUS: Patched CVE SUMMARY: The color_esycc_to_rgb function in bin/common/color.c in OpenJPEG before 2.1.1 allows attackers to cause a denial of service (memory corruption) via a crafted jpeg 2000 file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3182 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2016-3183 CVE STATUS: Patched CVE SUMMARY: The sycc422_t_rgb function in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted jpeg2000 file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3183 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2016-4796 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the color_cmyk_to_rgb in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (crash) via a crafted .j2k file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4796 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2016-4797 CVE STATUS: Patched CVE SUMMARY: Divide-by-zero vulnerability in the opj_tcd_init_tile function in tcd.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (application crash) via a crafted jp2 file. NOTE: this issue exists because of an incorrect fix for CVE-2014-7947. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4797 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2016-7163 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7163 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2016-7445 CVE STATUS: Patched CVE SUMMARY: convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7445 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2016-8332 CVE STATUS: Patched CVE SUMMARY: A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution. For a successful attack, the target user needs to open a malicious jpeg2000 file. The jpeg2000 image file format is mostly used for embedding images inside PDF documents and the OpenJpeg library is used by a number of popular PDF renderers making PDF documents a likely attack vector. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-8332 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2016-9112 CVE STATUS: Patched CVE SUMMARY: Floating Point Exception (aka FPE or divide by zero) in opj_pi_next_cprl function in openjp2/pi.c:523 in OpenJPEG 2.1.2. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9112 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2016-9113 CVE STATUS: Patched CVE SUMMARY: There is a NULL pointer dereference in function imagetobmp of convertbmp.c:980 of OpenJPEG 2.1.2. image->comps[0].data is not assigned a value after initialization(NULL). Impact is Denial of Service. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9113 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2016-9114 CVE STATUS: Patched CVE SUMMARY: There is a NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) of OpenJPEG 2.1.2. image->comps[compno].data is not assigned a value after initialization(NULL). Impact is Denial of Service. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9114 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2016-9115 CVE STATUS: Patched CVE SUMMARY: Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9115 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2016-9116 CVE STATUS: Patched CVE SUMMARY: NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9116 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2016-9117 CVE STATUS: Patched CVE SUMMARY: NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9117 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2016-9118 CVE STATUS: Patched CVE SUMMARY: Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of convert.c:1719 in OpenJPEG 2.1.2. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9118 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2016-9572 CVE STATUS: Patched CVE SUMMARY: A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9572 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2016-9573 CVE STATUS: Patched CVE SUMMARY: An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9573 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2016-9580 CVE STATUS: Patched CVE SUMMARY: An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 3.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9580 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2016-9581 CVE STATUS: Patched CVE SUMMARY: An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 3.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9581 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2016-9675 CVE STATUS: Patched CVE SUMMARY: openjpeg: A heap-based buffer overflow flaw was found in the patch for CVE-2013-6045. A crafted j2k image could cause the application to crash, or potentially execute arbitrary code. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9675 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2017-12982 CVE STATUS: Patched CVE SUMMARY: The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG 2.2.0 does not reject headers with a zero biBitCount, which allows remote attackers to cause a denial of service (memory allocation failure) in the opj_image_create function in lib/openjp2/image.c, related to the opj_aligned_alloc_n function in opj_malloc.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12982 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2017-14039 CVE STATUS: Patched CVE SUMMARY: A heap-based buffer overflow was discovered in the opj_t2_encode_packet function in lib/openjp2/t2.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14039 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2017-14040 CVE STATUS: Patched CVE SUMMARY: An invalid write access was discovered in bin/jp2/convert.c in OpenJPEG 2.2.0, triggering a crash in the tgatoimage function. The vulnerability may lead to remote denial of service or possibly unspecified other impact. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14040 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2017-14041 CVE STATUS: Patched CVE SUMMARY: A stack-based buffer overflow was discovered in the pgxtoimage function in bin/jp2/convert.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14041 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2017-14151 CVE STATUS: Patched CVE SUMMARY: An off-by-one error was discovered in opj_tcd_code_block_enc_allocate_data in lib/openjp2/tcd.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_mqc_flush in lib/openjp2/mqc.c and opj_t1_encode_cblk in lib/openjp2/t1.c) or possibly remote code execution. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14151 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2017-14152 CVE STATUS: Patched CVE SUMMARY: A mishandled zero case was discovered in opj_j2k_set_cinema_parameters in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_write_bytes_LE in lib/openjp2/cio.c and opj_j2k_write_sot in lib/openjp2/j2k.c) or possibly remote code execution. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14152 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2017-14164 CVE STATUS: Patched CVE SUMMARY: A size-validation issue was discovered in opj_j2k_write_sot in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_write_bytes_LE in lib/openjp2/cio.c) or possibly remote code execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-14152. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14164 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2017-17479 CVE STATUS: Patched CVE SUMMARY: In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtoimage function in jpwl/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17479 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2017-17480 CVE STATUS: Patched CVE SUMMARY: In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17480 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2018-14423 CVE STATUS: Patched CVE SUMMARY: Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in lib/openjp3d/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14423 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2018-16375 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in OpenJPEG 2.3.0. Missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c can lead to a heap-based buffer overflow. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16375 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2018-16376 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the function t2_encode_packet in lib/openmj2/t2.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16376 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2018-18088 CVE STATUS: Patched CVE SUMMARY: OpenJPEG 2.3.0 has a NULL pointer dereference for "red" in the imagetopnm function of jp2/convert.c CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18088 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2018-20845 CVE STATUS: Patched CVE SUMMARY: Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash). CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20845 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2018-20846 CVE STATUS: Patched CVE SUMMARY: Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash). CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20846 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2018-20847 CVE STATUS: Patched CVE SUMMARY: An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in openjp2/pi.c in OpenJPEG through 2.3.0 can lead to an integer overflow. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20847 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2018-21010 CVE STATUS: Patched CVE SUMMARY: OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in bin/common/color.c. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-21010 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2018-5727 CVE STATUS: Patched CVE SUMMARY: In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the opj_t1_encode_cblks function (openjp2/t1.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-5727 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2018-5785 CVE STATUS: Patched CVE SUMMARY: In OpenJPEG 2.3.0, there is an integer overflow caused by an out-of-bounds left shift in the opj_j2k_setup_encoder function (openjp2/j2k.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-5785 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2018-6616 CVE STATUS: Patched CVE SUMMARY: In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-6616 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2018-7648 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. The output prefix was not checked for length, which could overflow a buffer, when providing a prefix with 50 or more characters on the command line. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7648 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2019-12973 CVE STATUS: Patched CVE SUMMARY: In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to CVE-2018-6616. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-12973 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2019-6988 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a denial of service (attempted excessive memory allocation) in opj_calloc in openjp2/opj_malloc.c, when called from opj_tcd_init_tile in openjp2/tcd.c, as demonstrated by the 64-bit opj_decompress. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-6988 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2020-15389 CVE STATUS: Patched CVE SUMMARY: jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opj_image_destroy twice. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-15389 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2020-27814 CVE STATUS: Patched CVE SUMMARY: A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-27814 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2020-27823 CVE STATUS: Patched CVE SUMMARY: A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-27823 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2020-27824 CVE STATUS: Patched CVE SUMMARY: A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-27824 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2020-27841 CVE STATUS: Patched CVE SUMMARY: There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be processed by the openjpeg encoder, this could cause an out-of-bounds read. The greatest impact from this flaw is to application availability. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-27841 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2020-27842 CVE STATUS: Patched CVE SUMMARY: There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to application availability. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-27842 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2020-27843 CVE STATUS: Patched CVE SUMMARY: A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw allows an attacker to provide specially crafted input to the conversion or encoding functionality, causing an out-of-bounds read. The highest threat from this vulnerability is system availability. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-27843 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2020-27844 CVE STATUS: Patched CVE SUMMARY: A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to 2.4.0. This flaw allows an attacker to provide crafted input to openjpeg during conversion and encoding, causing an out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. CVSS v2 BASE SCORE: 8.3 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-27844 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2020-27845 CVE STATUS: Patched CVE SUMMARY: There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is able to provide untrusted input to openjpeg's conversion/encoding functionality, they could cause an out-of-bounds read. The highest impact of this flaw is to application availability. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-27845 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2020-6851 CVE STATUS: Patched CVE SUMMARY: OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-6851 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2020-8112 CVE STATUS: Patched CVE SUMMARY: opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-8112 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2021-29338 CVE STATUS: Patched CVE SUMMARY: Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service (DoS). This occurs when the attacker uses the command line option "-ImgDir" on a directory that contains 1048576 files. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-29338 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2021-3575 CVE STATUS: Patched CVE SUMMARY: A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3575 LAYER: meta-oe PACKAGE NAME: openjpeg PACKAGE VERSION: 2.5.3 CVE: CVE-2022-1122 CVE STATUS: Patched CVE SUMMARY: A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1122 LAYER: meta-oe PACKAGE NAME: lmbench PACKAGE VERSION: 3.0-a9 CVE: CVE-2008-4968 CVE STATUS: Patched CVE SUMMARY: The (1) rccs and (2) STUFF scripts in lmbench 3.0-a7 allow local users to overwrite arbitrary files via a symlink attack on a /tmp/sdiff.##### temporary file. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-4968 LAYER: meta PACKAGE NAME: perl PACKAGE VERSION: 5.38.2 CVE: CVE-1999-0034 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in suidperl (sperl), Perl 4.x and 5.x. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-1999-0034 LAYER: meta PACKAGE NAME: perl PACKAGE VERSION: 5.38.2 CVE: CVE-1999-1386 CVE STATUS: Patched CVE SUMMARY: Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-1999-1386 LAYER: meta PACKAGE NAME: perl PACKAGE VERSION: 5.38.2 CVE: CVE-2000-0703 CVE STATUS: Patched CVE SUMMARY: suidperl (aka sperl) does not properly cleanse the escape sequence "~!" before calling /bin/mail to send an error report, which allows local users to gain privileges by setting the "interactive" environmental variable and calling suidperl with a filename that contains the escape sequence. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2000-0703 LAYER: meta PACKAGE NAME: perl PACKAGE VERSION: 5.38.2 CVE: CVE-2003-0900 CVE STATUS: Patched CVE SUMMARY: Perl 5.8.1 on Fedora Core does not properly initialize the random number generator when forking, which makes it easier for attackers to predict random numbers. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-0900 LAYER: meta PACKAGE NAME: perl PACKAGE VERSION: 5.38.2 CVE: CVE-2004-0377 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the win32_stat function for (1) ActiveState's ActivePerl and (2) Larry Wall's Perl before 5.8.3 allows local or remote attackers to execute arbitrary commands via filenames that end in a backslash character. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0377 LAYER: meta PACKAGE NAME: perl PACKAGE VERSION: 5.38.2 CVE: CVE-2004-0452 CVE STATUS: Patched CVE SUMMARY: Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0452 LAYER: meta PACKAGE NAME: perl PACKAGE VERSION: 5.38.2 CVE: CVE-2004-0976 CVE STATUS: Patched CVE SUMMARY: Multiple scripts in the perl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0976 LAYER: meta PACKAGE NAME: perl PACKAGE VERSION: 5.38.2 CVE: CVE-2004-2286 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the duplication operator in ActivePerl allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large multiplier, which may trigger a buffer overflow. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-2286 LAYER: meta PACKAGE NAME: perl PACKAGE VERSION: 5.38.2 CVE: CVE-2005-0155 CVE STATUS: Patched CVE SUMMARY: The PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to create arbitrary files via the PERLIO_DEBUG variable. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-0155 LAYER: meta PACKAGE NAME: perl PACKAGE VERSION: 5.38.2 CVE: CVE-2005-0156 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-0156 LAYER: meta PACKAGE NAME: perl PACKAGE VERSION: 5.38.2 CVE: CVE-2005-0448 CVE STATUS: Patched CVE SUMMARY: Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452. CVSS v2 BASE SCORE: 1.2 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-0448 LAYER: meta PACKAGE NAME: perl PACKAGE VERSION: 5.38.2 CVE: CVE-2005-3962 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-3962 LAYER: meta PACKAGE NAME: perl PACKAGE VERSION: 5.38.2 CVE: CVE-2005-4278 CVE STATUS: Patched CVE SUMMARY: Untrusted search path vulnerability in Perl before 5.8.7-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-4278 LAYER: meta PACKAGE NAME: perl PACKAGE VERSION: 5.38.2 CVE: CVE-2007-5116 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-5116 LAYER: meta PACKAGE NAME: perl PACKAGE VERSION: 5.38.2 CVE: CVE-2008-1927 CVE STATUS: Patched CVE SUMMARY: Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1927 LAYER: meta PACKAGE NAME: perl PACKAGE VERSION: 5.38.2 CVE: CVE-2008-2827 CVE STATUS: Patched CVE SUMMARY: The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly check permissions before performing a chmod, which allows local users to modify the permissions of arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448 and CVE-2004-0452. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-2827 LAYER: meta PACKAGE NAME: perl PACKAGE VERSION: 5.38.2 CVE: CVE-2009-3626 CVE STATUS: Patched CVE SUMMARY: Perl 5.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a UTF-8 character with a large, invalid codepoint, which is not properly handled during a regular-expression match. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-3626 LAYER: meta PACKAGE NAME: perl PACKAGE VERSION: 5.38.2 CVE: CVE-2010-1158 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack consumption and application crash) by matching a crafted regular expression against a long string. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-1158 LAYER: meta PACKAGE NAME: perl PACKAGE VERSION: 5.38.2 CVE: CVE-2010-4777 CVE STATUS: Patched CVE SUMMARY: The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-4777 LAYER: meta PACKAGE NAME: perl PACKAGE VERSION: 5.38.2 CVE: CVE-2011-0761 CVE STATUS: Patched CVE SUMMARY: Perl 5.10.x allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an ability to inject arguments into a (1) getpeername, (2) readdir, (3) closedir, (4) getsockname, (5) rewinddir, (6) tell, or (7) telldir function call. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-0761 LAYER: meta PACKAGE NAME: perl PACKAGE VERSION: 5.38.2 CVE: CVE-2011-1487 CVE STATUS: Patched CVE SUMMARY: The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1487 LAYER: meta PACKAGE NAME: perl PACKAGE VERSION: 5.38.2 CVE: CVE-2011-2728 CVE STATUS: Patched CVE SUMMARY: The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB_ALTDIRFUNC flag, which triggers an uninitialized pointer dereference. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-2728 LAYER: meta PACKAGE NAME: perl PACKAGE VERSION: 5.38.2 CVE: CVE-2011-2939 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, which triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-2939 LAYER: meta PACKAGE NAME: perl PACKAGE VERSION: 5.38.2 CVE: CVE-2012-1151 CVE STATUS: Patched CVE SUMMARY: Multiple format string vulnerabilities in dbdimp.c in DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.19.0 for Perl allow remote PostgreSQL database servers to cause a denial of service (process crash) via format string specifiers in (1) a crafted database warning to the pg_warn function or (2) a crafted DBD statement to the dbd_st_prepare function. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1151 LAYER: meta PACKAGE NAME: perl PACKAGE VERSION: 5.38.2 CVE: CVE-2012-5195 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via the 'x' string repeat operator. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-5195 LAYER: meta PACKAGE NAME: perl PACKAGE VERSION: 5.38.2 CVE: CVE-2012-6329 CVE STATUS: Patched CVE SUMMARY: The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrated by the TWiki application before 5.1.3, and the Foswiki application 1.0.x through 1.0.10 and 1.1.x through 1.1.6. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6329 LAYER: meta PACKAGE NAME: perl PACKAGE VERSION: 5.38.2 CVE: CVE-2013-1667 CVE STATUS: Patched CVE SUMMARY: The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1667 LAYER: meta PACKAGE NAME: perl PACKAGE VERSION: 5.38.2 CVE: CVE-2013-7422 CVE STATUS: Patched CVE SUMMARY: Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-7422 LAYER: meta PACKAGE NAME: perl PACKAGE VERSION: 5.38.2 CVE: CVE-2014-4330 CVE STATUS: Patched CVE SUMMARY: The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump function. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-4330 LAYER: meta PACKAGE NAME: perl PACKAGE VERSION: 5.38.2 CVE: CVE-2015-8608 CVE STATUS: Patched CVE SUMMARY: The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8608 LAYER: meta PACKAGE NAME: perl PACKAGE VERSION: 5.38.2 CVE: CVE-2015-8853 CVE STATUS: Patched CVE SUMMARY: The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by "a\x80." CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8853 LAYER: meta PACKAGE NAME: perl PACKAGE VERSION: 5.38.2 CVE: CVE-2016-1238 CVE STATUS: Patched CVE SUMMARY: (1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-1238 LAYER: meta PACKAGE NAME: perl PACKAGE VERSION: 5.38.2 CVE: CVE-2016-2381 CVE STATUS: Patched CVE SUMMARY: Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2381 LAYER: meta PACKAGE NAME: perl PACKAGE VERSION: 5.38.2 CVE: CVE-2016-6185 CVE STATUS: Patched CVE SUMMARY: The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6185 LAYER: meta PACKAGE NAME: perl PACKAGE VERSION: 5.38.2 CVE: CVE-2017-12814 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12814 LAYER: meta PACKAGE NAME: perl PACKAGE VERSION: 5.38.2 CVE: CVE-2017-12837 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a '\N{}' escape and the case-insensitive modifier. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12837 LAYER: meta PACKAGE NAME: perl PACKAGE VERSION: 5.38.2 CVE: CVE-2017-12883 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid '\N{U+...}' escape. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12883 LAYER: meta PACKAGE NAME: perl PACKAGE VERSION: 5.38.2 CVE: CVE-2018-12015 CVE STATUS: Patched CVE SUMMARY: In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-12015 LAYER: meta PACKAGE NAME: perl PACKAGE VERSION: 5.38.2 CVE: CVE-2018-18311 CVE STATUS: Patched CVE SUMMARY: Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18311 LAYER: meta PACKAGE NAME: perl PACKAGE VERSION: 5.38.2 CVE: CVE-2018-18312 CVE STATUS: Patched CVE SUMMARY: Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18312 LAYER: meta PACKAGE NAME: perl PACKAGE VERSION: 5.38.2 CVE: CVE-2018-18313 CVE STATUS: Patched CVE SUMMARY: Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18313 LAYER: meta PACKAGE NAME: perl PACKAGE VERSION: 5.38.2 CVE: CVE-2018-18314 CVE STATUS: Patched CVE SUMMARY: Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18314 LAYER: meta PACKAGE NAME: perl PACKAGE VERSION: 5.38.2 CVE: CVE-2018-6797 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-6797 LAYER: meta PACKAGE NAME: perl PACKAGE VERSION: 5.38.2 CVE: CVE-2018-6798 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-6798 LAYER: meta PACKAGE NAME: perl PACKAGE VERSION: 5.38.2 CVE: CVE-2018-6913 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-6913 LAYER: meta PACKAGE NAME: perl PACKAGE VERSION: 5.38.2 CVE: CVE-2020-10543 CVE STATUS: Patched CVE SUMMARY: Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 8.2 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-10543 LAYER: meta PACKAGE NAME: perl PACKAGE VERSION: 5.38.2 CVE: CVE-2020-10878 CVE STATUS: Patched CVE SUMMARY: Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 8.6 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-10878 LAYER: meta PACKAGE NAME: perl PACKAGE VERSION: 5.38.2 CVE: CVE-2020-12723 CVE STATUS: Patched CVE SUMMARY: regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-12723 LAYER: meta PACKAGE NAME: perl PACKAGE VERSION: 5.38.2 CVE: CVE-2022-48522 CVE STATUS: Patched CVE SUMMARY: In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-48522 LAYER: meta PACKAGE NAME: perl PACKAGE VERSION: 5.38.2 CVE: CVE-2023-31484 CVE STATUS: Patched CVE SUMMARY: CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-31484 LAYER: meta PACKAGE NAME: perl PACKAGE VERSION: 5.38.2 CVE: CVE-2023-31486 CVE STATUS: Patched CVE SUMMARY: HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-31486 LAYER: meta PACKAGE NAME: perl PACKAGE VERSION: 5.38.2 CVE: CVE-2023-47038 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-47038 LAYER: meta PACKAGE NAME: perl PACKAGE VERSION: 5.38.2 CVE: CVE-2023-47039 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell (`cmd.exe`). When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute `cmd.exe` within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory. This flaw allows an attacker with limited privileges to place`cmd.exe` in locations with weak permissions, such as `C:\ProgramData`. By doing so, arbitrary code can be executed when an administrator attempts to use this executable from these compromised locations. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-47039 LAYER: meta PACKAGE NAME: perl PACKAGE VERSION: 5.38.2 CVE: CVE-2023-47100 CVE STATUS: Patched CVE SUMMARY: In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-47100 LAYER: meta PACKAGE NAME: perl PACKAGE VERSION: 5.38.2 CVE: CVE-2024-56406 CVE STATUS: Unpatched CVE SUMMARY: A heap buffer overflow vulnerability was discovered in Perl. Release branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10. When there are non-ASCII bytes in the left-hand-side of the `tr` operator, `S_do_trans_invmap` can overflow the destination pointer `d`.    $ perl -e '$_ = "\x{FF}" x 1000000; tr/\xFF/\x{100}/;'    Segmentation fault (core dumped) It is believed that this vulnerability can enable Denial of Service and possibly Code Execution attacks on platforms that lack sufficient defenses. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.6 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-56406 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.4 CVE: CVE-2009-3560 CVE STATUS: Patched CVE SUMMARY: The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-3560 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.4 CVE: CVE-2009-3720 CVE STATUS: Patched CVE SUMMARY: The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-3720 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.4 CVE: CVE-2012-0876 CVE STATUS: Patched CVE SUMMARY: The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0876 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.4 CVE: CVE-2012-1147 CVE STATUS: Patched CVE SUMMARY: readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1147 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.4 CVE: CVE-2012-1148 CVE STATUS: Patched CVE SUMMARY: Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1148 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.4 CVE: CVE-2012-6702 CVE STATUS: Patched CVE SUMMARY: Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6702 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.4 CVE: CVE-2013-0340 CVE STATUS: Patched CVE SUMMARY: expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0340 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.4 CVE: CVE-2015-1283 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1283 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.4 CVE: CVE-2016-0718 CVE STATUS: Patched CVE SUMMARY: Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-0718 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.4 CVE: CVE-2016-4472 CVE STATUS: Patched CVE SUMMARY: The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4472 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.4 CVE: CVE-2016-5300 CVE STATUS: Patched CVE SUMMARY: The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5300 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.4 CVE: CVE-2017-11742 CVE STATUS: Patched CVE SUMMARY: The writeRandomBytes_RtlGenRandom function in xmlparse.c in libexpat in Expat 2.2.1 and 2.2.2 on Windows allows local users to gain privileges via a Trojan horse ADVAPI32.DLL in the current working directory because of an untrusted search path, aka DLL hijacking. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11742 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.4 CVE: CVE-2017-9233 CVE STATUS: Patched CVE SUMMARY: XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9233 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.4 CVE: CVE-2018-20843 CVE STATUS: Patched CVE SUMMARY: In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks). CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20843 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.4 CVE: CVE-2019-15903 CVE STATUS: Patched CVE SUMMARY: In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-15903 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.4 CVE: CVE-2021-45960 CVE STATUS: Patched CVE SUMMARY: In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory). CVSS v2 BASE SCORE: 9.0 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-45960 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.4 CVE: CVE-2021-46143 CVE STATUS: Patched CVE SUMMARY: In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-46143 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.4 CVE: CVE-2022-22822 CVE STATUS: Patched CVE SUMMARY: addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-22822 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.4 CVE: CVE-2022-22823 CVE STATUS: Patched CVE SUMMARY: build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-22823 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.4 CVE: CVE-2022-22824 CVE STATUS: Patched CVE SUMMARY: defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-22824 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.4 CVE: CVE-2022-22825 CVE STATUS: Patched CVE SUMMARY: lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-22825 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.4 CVE: CVE-2022-22826 CVE STATUS: Patched CVE SUMMARY: nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-22826 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.4 CVE: CVE-2022-22827 CVE STATUS: Patched CVE SUMMARY: storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-22827 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.4 CVE: CVE-2022-23852 CVE STATUS: Patched CVE SUMMARY: Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-23852 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.4 CVE: CVE-2022-23990 CVE STATUS: Patched CVE SUMMARY: Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-23990 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.4 CVE: CVE-2022-25235 CVE STATUS: Patched CVE SUMMARY: xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-25235 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.4 CVE: CVE-2022-25236 CVE STATUS: Patched CVE SUMMARY: xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-25236 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.4 CVE: CVE-2022-25313 CVE STATUS: Patched CVE SUMMARY: In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-25313 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.4 CVE: CVE-2022-25314 CVE STATUS: Patched CVE SUMMARY: In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-25314 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.4 CVE: CVE-2022-25315 CVE STATUS: Patched CVE SUMMARY: In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-25315 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.4 CVE: CVE-2022-40674 CVE STATUS: Patched CVE SUMMARY: libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-40674 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.4 CVE: CVE-2022-43680 CVE STATUS: Patched CVE SUMMARY: In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-43680 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.4 CVE: CVE-2023-52425 CVE STATUS: Patched CVE SUMMARY: libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-52425 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.4 CVE: CVE-2023-52426 CVE STATUS: Patched CVE SUMMARY: libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-52426 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.4 CVE: CVE-2024-28757 CVE STATUS: Patched CVE SUMMARY: libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate). CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-28757 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.4 CVE: CVE-2024-45490 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-45490 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.4 CVE: CVE-2024-45491 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-45491 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.4 CVE: CVE-2024-45492 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-45492 LAYER: meta PACKAGE NAME: cracklib PACKAGE VERSION: 2.9.11 CVE: CVE-1999-1140 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in CrackLib 2.5 may allow local users to gain root privileges via a long GECOS field. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-1999-1140 LAYER: meta PACKAGE NAME: cracklib PACKAGE VERSION: 2.9.11 CVE: CVE-2016-6318 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the FascistGecosUser function in lib/fascist.c in cracklib allows local users to cause a denial of service (application crash) or gain privileges via a long GECOS field, involving longbuffer. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6318 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2002-0660 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in libpng 1.0.12-3.woody.2 and libpng3 1.2.1-1.1.woody.2 on Debian GNU/Linux 3.0, and other operating systems, may allow attackers to cause a denial of service and possibly execute arbitrary code, a different vulnerability than CVE-2002-0728. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-0660 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2002-0728 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the progressive reader for libpng 1.2.x before 1.2.4, and 1.0.x before 1.0.14, allows attackers to cause a denial of service (crash) via a PNG data stream that has more IDAT data than indicated by the IHDR chunk. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-0728 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2002-1363 CVE STATUS: Patched CVE SUMMARY: Portable Network Graphics (PNG) library libpng 1.2.5 and earlier does not correctly calculate offsets, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a buffer overflow attack on the row buffers. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-1363 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2004-0421 CVE STATUS: Patched CVE SUMMARY: The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0421 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2004-0597 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0597 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2004-0598 CVE STATUS: Patched CVE SUMMARY: The png_handle_iCCP function in libpng 1.2.5 and earlier allows remote attackers to cause a denial of service (application crash) via a certain PNG image that triggers a null dereference. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0598 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2004-0599 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in the (1) png_read_png in pngread.c or (2) png_handle_sPLT functions in pngrutil.c or (3) progressive display image reading capability in libpng 1.2.5 and earlier allow remote attackers to cause a denial of service (application crash) via a malformed PNG image. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0599 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2006-0481 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the alpha strip capability in libpng 1.2.7 allows context-dependent attackers to cause a denial of service (crash) when the png_do_strip_filler function is used to strip alpha channels out of the image. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-0481 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2006-3334 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to "chunk error processing," possibly involving the "chunk_name". CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-3334 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2006-5793 CVE STATUS: Patched CVE SUMMARY: The sPLT chunk handling code (png_set_sPLT function in pngset.c) in libpng 1.0.6 through 1.2.12 uses a sizeof operator on the wrong data type, which allows context-dependent attackers to cause a denial of service (crash) via malformed sPLT chunks that trigger an out-of-bounds read. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-5793 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2006-7244 CVE STATUS: Patched CVE SUMMARY: Memory leak in pngwutil.c in libpng 1.2.13beta1, and other versions before 1.2.15beta3, allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-7244 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2007-2445 CVE STATUS: Patched CVE SUMMARY: The png_handle_tRNS function in pngrutil.c in libpng before 1.0.25 and 1.2.x before 1.2.17 allows remote attackers to cause a denial of service (application crash) via a grayscale PNG image with a bad tRNS chunk CRC value. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-2445 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2007-5266 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.0.29 beta1 and 1.2.x before 1.2.21 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image that prevents a name field from being NULL terminated. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-5266 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2007-5267 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.2.22 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image, due to an incorrect fix for CVE-2007-5266. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-5267 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2007-5268 CVE STATUS: Patched CVE SUMMARY: pngrtran.c in libpng before 1.0.29 and 1.2.x before 1.2.21 use (1) logical instead of bitwise operations and (2) incorrect comparisons, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG image. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-5268 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2007-5269 CVE STATUS: Patched CVE SUMMARY: Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21 allow remote attackers to cause a denial of service (crash) via crafted (1) pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt (png_push_read_tEXt), (4) iTXt (png_handle_iTXt), and (5) ztXT (png_handle_ztXt) chunking in PNG images, which trigger out-of-bounds read operations. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-5269 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2008-1382 CVE STATUS: Patched CVE SUMMARY: libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialized memory. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1382 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2008-3964 CVE STATUS: Patched CVE SUMMARY: Multiple off-by-one errors in libpng before 1.2.32beta01, and 1.4 before 1.4.0beta34, allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a PNG image with crafted zTXt chunks, related to (1) the png_push_read_zTXt function in pngread.c, and possibly related to (2) pngtest.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3964 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2008-5907 CVE STATUS: Patched CVE SUMMARY: The png_check_keyword function in pngwutil.c in libpng before 1.0.42, and 1.2.x before 1.2.34, might allow context-dependent attackers to set the value of an arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords, related to an implicit cast of the '\0' character constant to a NULL pointer. NOTE: some sources incorrectly report this as a double free vulnerability. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-5907 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2008-6218 CVE STATUS: Patched CVE SUMMARY: Memory leak in the png_handle_tEXt function in pngrutil.c in libpng before 1.2.33 rc02 and 1.4.0 beta36 allows context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted PNG file. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-6218 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2009-0040 CVE STATUS: Patched CVE SUMMARY: The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-0040 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2009-2042 CVE STATUS: Patched CVE SUMMARY: libpng before 1.2.37 does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file and might allow remote attackers to read portions of sensitive memory via "out-of-bounds pixels" in the file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-2042 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2009-5063 CVE STATUS: Patched CVE SUMMARY: Memory leak in the embedded_profile_len function in pngwutil.c in libpng before 1.2.39beta5 allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length. NOTE: this is due to an incomplete fix for CVE-2006-7244. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-5063 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2010-0205 CVE STATUS: Patched CVE SUMMARY: The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a "decompression bomb" attack. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-0205 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2010-1205 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-1205 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2010-2249 CVE STATUS: Patched CVE SUMMARY: Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2249 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2011-0408 CVE STATUS: Patched CVE SUMMARY: pngrtran.c in libpng 1.5.x before 1.5.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted palette-based PNG image that triggers a buffer overflow, related to the png_do_expand_palette function, the png_do_rgb_to_gray function, and an integer underflow. NOTE: some of these details are obtained from third party information. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-0408 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2011-2501 CVE STATUS: Patched CVE SUMMARY: The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message data. NOTE: this vulnerability exists because of a CVE-2004-0421 regression. NOTE: this is called an off-by-one error by some sources. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-2501 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2011-2690 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4, when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and possibly have unspecified other impact, via a crafted PNG image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-2690 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2011-2691 CVE STATUS: Patched CVE SUMMARY: The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG image. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-2691 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2011-2692 CVE STATUS: Patched CVE SUMMARY: The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-2692 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2011-3045 CVE STATUS: Patched CVE SUMMARY: Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3045 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2011-3048 CVE STATUS: Patched CVE SUMMARY: The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3048 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2011-3328 CVE STATUS: Patched CVE SUMMARY: The png_handle_cHRM function in pngrutil.c in libpng 1.5.4, when color-correction support is enabled, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a malformed PNG image containing a cHRM chunk associated with a certain zero value. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3328 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2011-3464 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the png_formatted_warning function in pngerror.c in libpng 1.5.4 through 1.5.7 might allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors, which trigger a stack-based buffer overflow. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3464 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2012-3425 CVE STATUS: Patched CVE SUMMARY: The png_push_read_zTXt function in pngpread.c in libpng 1.0.x before 1.0.58, 1.2.x before 1.2.48, 1.4.x before 1.4.10, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large avail_in field value in a PNG image. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-3425 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2013-6954 CVE STATUS: Patched CVE SUMMARY: The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to pngrtran.c and pngset.c. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-6954 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2013-7353 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng before 1.5.14beta08 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a crafted image, which triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-7353 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2013-7354 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-7354 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2014-0333 CVE STATUS: Patched CVE SUMMARY: The png_push_read_chunk function in pngpread.c in the progressive decoder in libpng 1.6.x through 1.6.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an IDAT chunk with a length of zero. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0333 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2014-9495 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9495 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2015-0973 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0973 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2015-7981 CVE STATUS: Patched CVE SUMMARY: The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7981 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2015-8126 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8126 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2015-8472 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 7.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8472 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2015-8540 CVE STATUS: Patched CVE SUMMARY: Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8540 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2016-10087 CVE STATUS: Patched CVE SUMMARY: The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10087 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2016-3751 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23265085. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3751 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2017-12652 CVE STATUS: Patched CVE SUMMARY: libpng before 1.6.32 does not properly check the length of chunks against the user limit. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12652 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2018-13785 CVE STATUS: Patched CVE SUMMARY: In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-13785 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2018-14048 CVE STATUS: Patched CVE SUMMARY: An issue has been found in libpng 1.6.34. It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14048 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2018-14550 CVE STATUS: Patched CVE SUMMARY: An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the function get_token in pnm2png.c in pnm2png. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14550 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2019-6129 CVE STATUS: Patched CVE SUMMARY: png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. NOTE: a third party has stated "I don't think it is libpng's job to free this buffer. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-6129 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2019-7317 CVE STATUS: Patched CVE SUMMARY: png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-7317 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2021-4214 CVE STATUS: Patched CVE SUMMARY: A heap overflow flaw was found in libpngs' pngimage.c program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the pngimage utility, causing an application to crash, leading to a denial of service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4214 LAYER: meta PACKAGE NAME: libidn2 PACKAGE VERSION: 2.3.7 CVE: CVE-2017-14061 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the _isBidi function in bidi.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14061 LAYER: meta PACKAGE NAME: libidn2 PACKAGE VERSION: 2.3.7 CVE: CVE-2017-14062 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14062 LAYER: meta PACKAGE NAME: libidn2 PACKAGE VERSION: 2.3.7 CVE: CVE-2019-12290 CVE STATUS: Patched CVE SUMMARY: GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the inclusion of certain punycoded Unicode characters (that would be discarded when converted first to a Unicode label and then back to an ASCII label), arbitrary domains can be impersonated. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-12290 LAYER: meta PACKAGE NAME: libidn2 PACKAGE VERSION: 2.3.7 CVE: CVE-2019-18224 CVE STATUS: Patched CVE SUMMARY: idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-18224 LAYER: meta PACKAGE NAME: speex PACKAGE VERSION: 1.2.1 CVE: CVE-2008-1686 CVE STATUS: Patched CVE SUMMARY: Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1686 LAYER: meta PACKAGE NAME: speex PACKAGE VERSION: 1.2.1 CVE: CVE-2020-23903 CVE STATUS: Patched CVE SUMMARY: A Divide by Zero vulnerability in the function static int read_samples of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-23903 LAYER: meta PACKAGE NAME: speex PACKAGE VERSION: 1.2.1 CVE: CVE-2020-23904 CVE STATUS: Patched CVE SUMMARY: A stack buffer overflow in speexenc.c of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file. NOTE: the vendor states "I cannot reproduce it" and it "is a demo program. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-23904 LAYER: meta PACKAGE NAME: alsa-lib PACKAGE VERSION: 1.2.11 CVE: CVE-2005-0087 CVE STATUS: Patched CVE SUMMARY: The alsa-lib package in Red Hat Linux 4 disables stack protection for the libasound.so library, which makes it easier for attackers to execute arbitrary code if there are other vulnerabilities in the library. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-0087 LAYER: meta-oe PACKAGE NAME: hwloc PACKAGE VERSION: 2.9.3 CVE: CVE-2022-47022 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in open-mpi hwloc 2.1.0 allows attackers to cause a denial of service or other unspecified impacts via glibc-cpuset in topology-linux.c. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.7 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-47022 LAYER: meta-oe PACKAGE NAME: faad2 PACKAGE VERSION: 2.11.1+git CVE: CVE-2008-4201 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the decodeMP4file function (frontend/main.c) in FAAD2 2.6.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-4201 LAYER: meta-oe PACKAGE NAME: faad2 PACKAGE VERSION: 2.11.1+git CVE: CVE-2021-26567 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow vulnerability in frontend/main.c in faad2 before 2.2.7.1 allow local attackers to execute arbitrary code via filename and pathname options. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-26567 LAYER: meta-oe PACKAGE NAME: faad2 PACKAGE VERSION: 2.11.1+git CVE: CVE-2021-32272 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in faad2 before 2.10.0. A heap-buffer-overflow exists in the function stszin located in mp4read.c. It allows an attacker to cause Code Execution. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-32272 LAYER: meta-oe PACKAGE NAME: faad2 PACKAGE VERSION: 2.11.1+git CVE: CVE-2021-32273 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in faad2 through 2.10.0. A stack-buffer-overflow exists in the function ftypin located in mp4read.c. It allows an attacker to cause Code Execution. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-32273 LAYER: meta-oe PACKAGE NAME: faad2 PACKAGE VERSION: 2.11.1+git CVE: CVE-2021-32274 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function sbr_qmf_synthesis_64 located in sbr_qmf.c. It allows an attacker to cause code Execution. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-32274 LAYER: meta-oe PACKAGE NAME: faad2 PACKAGE VERSION: 2.11.1+git CVE: CVE-2021-32276 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in faad2 through 2.10.0. A NULL pointer dereference exists in the function get_sample() located in output.c. It allows an attacker to cause Denial of Service. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-32276 LAYER: meta-oe PACKAGE NAME: faad2 PACKAGE VERSION: 2.11.1+git CVE: CVE-2021-32277 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function sbr_qmf_analysis_32 located in sbr_qmf.c. It allows an attacker to cause code Execution. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-32277 LAYER: meta-oe PACKAGE NAME: faad2 PACKAGE VERSION: 2.11.1+git CVE: CVE-2021-32278 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function lt_prediction located in lt_predict.c. It allows an attacker to cause code Execution. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-32278 LAYER: meta-oe PACKAGE NAME: faad2 PACKAGE VERSION: 2.11.1+git CVE: CVE-2023-38857 CVE STATUS: Patched CVE SUMMARY: Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the stcoin function in mp4read.c. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-38857 LAYER: meta-oe PACKAGE NAME: faad2 PACKAGE VERSION: 2.11.1+git CVE: CVE-2023-38858 CVE STATUS: Patched CVE SUMMARY: Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the mp4info function in mp4read.c:1039. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-38858 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2004-0691 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the BMP image format parser for the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0691 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2004-0692 CVE STATUS: Patched CVE SUMMARY: The XPM parser in the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) via a malformed image file that triggers a null dereference, a different vulnerability than CVE-2004-0693. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0692 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2004-0693 CVE STATUS: Patched CVE SUMMARY: The GIF parser in the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) via a malformed image file that triggers a null dereference, a different vulnerability than CVE-2004-0692. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0693 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2005-0627 CVE STATUS: Patched CVE SUMMARY: Qt before 3.3.4 searches the BUILD_PREFIX directory, which could be world-writable, to load shared libraries regardless of the LD_LIBRARY_PATH environment variable, which allows local users to execute arbitrary programs. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-0627 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2006-4811 CVE STATUS: Patched CVE SUMMARY: Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 before 4.2.1, as used in the KDE khtml library, kdelibs 3.1.3, and possibly other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted pixmap image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-4811 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2007-0242 CVE STATUS: Patched CVE SUMMARY: The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-0242 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2007-3388 CVE STATUS: Patched CVE SUMMARY: Multiple format string vulnerabilities in (1) qtextedit.cpp, (2) qdatatable.cpp, (3) qsqldatabase.cpp, (4) qsqlindex.cpp, (5) qsqlrecord.cpp, (6) qglobal.cpp, and (7) qsvgdevice.cpp in QTextEdit in Trolltech Qt 3 before 3.3.8 20070727 allow remote attackers to execute arbitrary code via format string specifiers in text used to compose an error message. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-3388 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2007-4137 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of service (crash) via a crafted Unicode string that triggers a heap-based buffer overflow. NOTE: Qt 4 has the same error in the QUtf8Codec::convertToUnicode function, but it is not exploitable. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-4137 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2009-2700 CVE STATUS: Patched CVE SUMMARY: src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-2700 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2010-1766 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the WebSocketHandshake::readServerHandshake function in websockets/WebSocketHandshake.cpp in WebCore in WebKit before r56380, as used in Qt and other products, allows remote websockets servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an upgrade header that is long and invalid. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-1766 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2010-2621 CVE STATUS: Patched CVE SUMMARY: The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2621 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2010-5076 CVE STATUS: Patched CVE SUMMARY: QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-5076 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2011-3193 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3193 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2011-3194 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the TIFF reader in gui/image/qtiffhandler.cpp in Qt 4.7.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the TIFFTAG_SAMPLESPERPIXEL tag in a greyscale TIFF image with multiple samples per pixel. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3194 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2012-5624 CVE STATUS: Patched CVE SUMMARY: The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-5624 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2012-6093 CVE STATUS: Patched CVE SUMMARY: The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an "incompatible structure layout" that can read memory from the wrong location, which causes Qt to report an incorrect error when certificate validation fails and might cause users to make unsafe security decisions to accept a certificate. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6093 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2013-0254 CVE STATUS: Patched CVE SUMMARY: The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0254 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2013-4549 CVE STATUS: Patched CVE SUMMARY: QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4549 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2014-0190 CVE STATUS: Patched CVE SUMMARY: The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0190 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-0295 CVE STATUS: Patched CVE SUMMARY: The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0295 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-1290 CVE STATUS: Patched CVE SUMMARY: The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1290 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-1858 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1858 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-1859 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1859 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-1860 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1860 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-7298 CVE STATUS: Patched CVE SUMMARY: ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote attackers to conduct man-in-the-middle (MITM) attacks by leveraging a server using a self-signed certificate. NOTE: this vulnerability exists because of a partial CVE-2015-4456 regression. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7298 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-9541 CVE STATUS: Patched CVE SUMMARY: Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-9541 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2017-10904 CVE STATUS: Patched CVE SUMMARY: Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-10904 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2017-10905 CVE STATUS: Patched CVE SUMMARY: A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified vectors. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-10905 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2017-15011 CVE STATUS: Patched CVE SUMMARY: The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and SugarSync, are configured for remote access and allow remote attackers to cause a denial of service (application crash) via an unspecified string. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15011 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-15518 CVE STATUS: Patched CVE SUMMARY: QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-15518 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-19865 CVE STATUS: Patched CVE SUMMARY: A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19865 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-19869 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19869 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-19870 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19870 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-19871 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19871 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-19872 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19872 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-19873 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19873 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-21035 CVE STATUS: Patched CVE SUMMARY: In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 8.6 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-21035 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2020-0569 CVE STATUS: Patched CVE SUMMARY: Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access. CVSS v2 BASE SCORE: 2.7 CVSS v3 BASE SCORE: 5.7 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-0569 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2020-0570 CVE STATUS: Patched CVE SUMMARY: Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 7.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-0570 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2020-12267 CVE STATUS: Patched CVE SUMMARY: setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-12267 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2020-13962 CVE STATUS: Patched CVE SUMMARY: Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.) CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-13962 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2020-17507 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-17507 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2020-24742 CVE STATUS: Patched CVE SUMMARY: An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-24742 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2021-28025 CVE STATUS: Patched CVE SUMMARY: Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS). CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-28025 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2021-3481 CVE STATUS: Patched CVE SUMMARY: A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access. The highest threat from this vulnerability is to data confidentiality and the application availability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.1 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3481 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2021-38593 CVE STATUS: Patched CVE SUMMARY: Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-38593 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2022-25255 CVE STATUS: Patched CVE SUMMARY: In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-25255 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2022-25634 CVE STATUS: Patched CVE SUMMARY: Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-25634 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2022-40983 CVE STATUS: Patched CVE SUMMARY: An integer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an integer overflow during memory allocation, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-40983 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2022-43591 CVE STATUS: Patched CVE SUMMARY: A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an out-of-bounds memory access, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-43591 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-24607 CVE STATUS: Patched CVE SUMMARY: Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-24607 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-32573 CVE STATUS: Unpatched CVE SUMMARY: In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-32573 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-32762 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-32762 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-32763 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-32763 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-33285 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-33285 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-34410 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-34410 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-37369 CVE STATUS: Unpatched CVE SUMMARY: In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-37369 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-38197 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-38197 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-43114 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFont{FromData], then it can cause the application to crash because of missing length checks. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-43114 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-51714 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-51714 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2024-39936 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed.. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.6 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-39936 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2025-30348 CVE STATUS: Unpatched CVE SUMMARY: encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with relocation of later data). CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-30348 LAYER: meta PACKAGE NAME: cairo PACKAGE VERSION: 1.18.0 CVE: CVE-2007-5503 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in Cairo before 1.4.12 might allow remote attackers to execute arbitrary code, as demonstrated using a crafted PNG image with large width and height values, which is not properly handled by the read_png function. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-5503 LAYER: meta PACKAGE NAME: cairo PACKAGE VERSION: 1.18.0 CVE: CVE-2014-5116 CVE STATUS: Patched CVE SUMMARY: The cairo_image_surface_get_data function in Cairo 1.10.2, as used in GTK+ and Wireshark, allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a large string. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-5116 LAYER: meta PACKAGE NAME: cairo PACKAGE VERSION: 1.18.0 CVE: CVE-2016-3190 CVE STATUS: Patched CVE SUMMARY: The fill_xrgb32_lerp_opaque_spans function in cairo-image-compositor.c in cairo before 1.14.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a negative span length. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3190 LAYER: meta PACKAGE NAME: cairo PACKAGE VERSION: 1.18.0 CVE: CVE-2016-9082 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the write_png function in cairo 1.14.6 allows remote attackers to cause a denial of service (invalid pointer dereference) via a large svg file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9082 LAYER: meta PACKAGE NAME: cairo PACKAGE VERSION: 1.18.0 CVE: CVE-2017-7475 CVE STATUS: Patched CVE SUMMARY: Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7475 LAYER: meta PACKAGE NAME: cairo PACKAGE VERSION: 1.18.0 CVE: CVE-2017-9814 CVE STATUS: Patched CVE SUMMARY: cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9814 LAYER: meta PACKAGE NAME: cairo PACKAGE VERSION: 1.18.0 CVE: CVE-2018-18064 CVE STATUS: Patched CVE SUMMARY: cairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c (the generate and render_rows functions) and cairo-image-compositor.c (the _cairo_image_spans_and_zero function). CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18064 LAYER: meta PACKAGE NAME: cairo PACKAGE VERSION: 1.18.0 CVE: CVE-2018-19876 CVE STATUS: Patched CVE SUMMARY: cairo 1.16.0, in cairo_ft_apply_variations() in cairo-ft-font.c, would free memory using a free function incompatible with WebKit's fastMalloc, leading to an application crash with a "free(): invalid pointer" error. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19876 LAYER: meta PACKAGE NAME: cairo PACKAGE VERSION: 1.18.0 CVE: CVE-2019-6461 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in cairo 1.16.0. There is an assertion problem in the function _cairo_arc_in_direction in the file cairo-arc.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-6461 LAYER: meta PACKAGE NAME: cairo PACKAGE VERSION: 1.18.0 CVE: CVE-2019-6462 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in cairo 1.16.0. There is an infinite loop in the function _arc_error_normalized in the file cairo-arc.c, related to _arc_max_angle_for_tolerance_normalized. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-6462 LAYER: meta PACKAGE NAME: cairo PACKAGE VERSION: 1.18.0 CVE: CVE-2020-35492 CVE STATUS: Patched CVE SUMMARY: A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -> out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-35492 LAYER: meta-ros-common PACKAGE NAME: libyaml PACKAGE VERSION: 0.2.5 CVE: CVE-2013-6393 CVE STATUS: Patched CVE SUMMARY: The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-6393 LAYER: meta-ros-common PACKAGE NAME: libyaml PACKAGE VERSION: 0.2.5 CVE: CVE-2014-2525 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2525 LAYER: meta-ros-common PACKAGE NAME: libyaml PACKAGE VERSION: 0.2.5 CVE: CVE-2014-9130 CVE STATUS: Patched CVE SUMMARY: scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9130 LAYER: meta-networking PACKAGE NAME: lldpd PACKAGE VERSION: 1.0.18 CVE: CVE-2015-8011 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via vectors involving large management addresses and TLV boundaries. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8011 LAYER: meta-networking PACKAGE NAME: lldpd PACKAGE VERSION: 1.0.18 CVE: CVE-2015-8012 CVE STATUS: Patched CVE SUMMARY: lldpd before 0.8.0 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via a malformed packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8012 LAYER: meta-networking PACKAGE NAME: lldpd PACKAGE VERSION: 1.0.18 CVE: CVE-2020-27827 CVE STATUS: Patched CVE SUMMARY: A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-27827 LAYER: meta-networking PACKAGE NAME: lldpd PACKAGE VERSION: 1.0.18 CVE: CVE-2021-43612 CVE STATUS: Patched CVE SUMMARY: In lldpd before 1.0.13, when decoding SONMP packets in the sonmp_decode function, it's possible to trigger an out-of-bounds heap read via short SONMP packets. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-43612 LAYER: meta-networking PACKAGE NAME: lldpd PACKAGE VERSION: 1.0.18 CVE: CVE-2023-41910 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in lldpd before 1.0.17. By crafting a CDP PDU packet with specific CDP_TLV_ADDRESSES TLVs, a malicious actor can remotely force the lldpd daemon to perform an out-of-bounds read on heap memory. This occurs in cdp_decode in daemon/protocols/cdp.c. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-41910 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.39 CVE: CVE-2008-2935 CVE STATUS: Patched CVE SUMMARY: Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file containing a long string as "an argument in the XSL input." CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-2935 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.39 CVE: CVE-2011-1202 CVE STATUS: Patched CVE SUMMARY: The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1202 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.39 CVE: CVE-2011-3970 CVE STATUS: Patched CVE SUMMARY: libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3970 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.39 CVE: CVE-2012-2870 CVE STATUS: Patched CVE SUMMARY: libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function in libxslt/functions.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2870 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.39 CVE: CVE-2012-6139 CVE STATUS: Patched CVE SUMMARY: libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFunction function in functions.c. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6139 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.39 CVE: CVE-2013-4520 CVE STATUS: Patched CVE SUMMARY: xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service (crash) via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different type. NOTE: this issue is due to an incomplete fix for CVE-2012-2825. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4520 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.39 CVE: CVE-2015-7995 CVE STATUS: Patched CVE SUMMARY: The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7995 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.39 CVE: CVE-2015-9019 CVE STATUS: Patched CVE SUMMARY: In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-9019 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.39 CVE: CVE-2016-1683 CVE STATUS: Patched CVE SUMMARY: numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-1683 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.39 CVE: CVE-2016-1684 CVE STATUS: Patched CVE SUMMARY: numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i format token for xsl:number data, which allows remote attackers to cause a denial of service (integer overflow or resource consumption) or possibly have unspecified other impact via a crafted document. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-1684 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.39 CVE: CVE-2016-4607 CVE STATUS: Patched CVE SUMMARY: libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4607 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.39 CVE: CVE-2016-4608 CVE STATUS: Patched CVE SUMMARY: libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4608 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.39 CVE: CVE-2016-4609 CVE STATUS: Patched CVE SUMMARY: libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4610, and CVE-2016-4612. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4609 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.39 CVE: CVE-2016-4610 CVE STATUS: Patched CVE SUMMARY: libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, and CVE-2016-4612. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4610 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.39 CVE: CVE-2017-5029 CVE STATUS: Patched CVE SUMMARY: The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5029 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.39 CVE: CVE-2019-11068 CVE STATUS: Patched CVE SUMMARY: libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-11068 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.39 CVE: CVE-2019-13117 CVE STATUS: Patched CVE SUMMARY: In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-13117 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.39 CVE: CVE-2019-13118 CVE STATUS: Patched CVE SUMMARY: In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-13118 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.39 CVE: CVE-2019-18197 CVE STATUS: Patched CVE SUMMARY: In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-18197 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.39 CVE: CVE-2019-5815 CVE STATUS: Patched CVE SUMMARY: Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-5815 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.39 CVE: CVE-2021-30560 CVE STATUS: Patched CVE SUMMARY: Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-30560 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.39 CVE: CVE-2022-29824 CVE STATUS: Ignored CVE DETAIL: not-applicable-config CVE DESCRIPTION: Static linking to libxml2 is not enabled. CVE SUMMARY: In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-29824 LAYER: meta PACKAGE NAME: xinit PACKAGE VERSION: 1_1.4.2 CVE: CVE-2006-4447 CVE STATUS: Patched CVE SUMMARY: X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-4447 LAYER: meta-tpm PACKAGE NAME: tpm2-tools PACKAGE VERSION: 5.7 CVE: CVE-2021-3565 CVE STATUS: Patched CVE SUMMARY: A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. tpm2_import used a fixed AES key for the inner wrapper, potentially allowing a MITM attacker to unwrap the inner portion and reveal the key being imported. The highest threat from this vulnerability is to data confidentiality. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3565 LAYER: meta PACKAGE NAME: p11-kit PACKAGE VERSION: 0.25.3 CVE: CVE-2020-29361 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple integer overflows have been discovered in the array allocations in the p11-kit library and the p11-kit list command, where overflow checks are missing before calling realloc or calloc. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-29361 LAYER: meta PACKAGE NAME: p11-kit PACKAGE VERSION: 0.25.3 CVE: CVE-2020-29362 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in p11-kit 0.21.1 through 0.23.21. A heap-based buffer over-read has been discovered in the RPC protocol used by thep11-kit server/remote commands and the client library. When the remote entity supplies a byte array through a serialized PKCS#11 function call, the receiving entity may allow the reading of up to 4 bytes of memory past the heap allocation. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-29362 LAYER: meta PACKAGE NAME: p11-kit PACKAGE VERSION: 0.25.3 CVE: CVE-2020-29363 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in p11-kit 0.23.6 through 0.23.21. A heap-based buffer overflow has been discovered in the RPC protocol used by p11-kit server/remote commands and the client library. When the remote entity supplies a serialized byte array in a CK_ATTRIBUTE, the receiving entity may not allocate sufficient length for the buffer to store the deserialized value. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-29363 LAYER: meta PACKAGE NAME: mdadm PACKAGE VERSION: 4.2 CVE: CVE-2014-5220 CVE STATUS: Patched CVE SUMMARY: The mdcheck script of the mdadm package for openSUSE 13.2 prior to version 3.3.1-5.14.1 does not properly sanitize device names, which allows local attackers to execute arbitrary commands as root. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-5220 LAYER: meta PACKAGE NAME: mdadm PACKAGE VERSION: 4.2 CVE: CVE-2023-28736 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a privileged user to potentially enable escalation of privilege via local access. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.7 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-28736 LAYER: meta PACKAGE NAME: mdadm PACKAGE VERSION: 4.2 CVE: CVE-2023-28938 CVE STATUS: Patched CVE SUMMARY: Uncontrolled resource consumption in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a priviledged user to potentially enable denial of service via local access. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 3.4 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-28938 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2012-2666 CVE STATUS: Patched CVE SUMMARY: golang/go in 1.0.2 fixes all.bash on shared machines. dotest() in src/pkg/debug/gosym/pclntab_test.go creates a temporary file with predicable name and executes it as shell script. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2666 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2014-7189 CVE STATUS: Patched CVE SUMMARY: crpyto/tls in Go 1.1 before 1.3.2, when SessionTicketsDisabled is enabled, allows man-in-the-middle attackers to spoof clients via unspecified vectors. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-7189 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2015-5739 CVE STATUS: Patched CVE SUMMARY: The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space instead of a hyphen, as demonstrated by "Content Length" instead of "Content-Length." CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5739 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2015-5740 CVE STATUS: Patched CVE SUMMARY: The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5740 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2015-5741 CVE STATUS: Patched CVE SUMMARY: The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request that contains Content-Length and Transfer-Encoding header fields. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5741 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2015-8618 CVE STATUS: Patched CVE SUMMARY: The Int.Exp Montgomery code in the math/big library in Go 1.5.x before 1.5.3 mishandles carry propagation and produces incorrect output, which makes it easier for attackers to obtain private RSA keys via unspecified vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8618 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2016-3958 CVE STATUS: Patched CVE SUMMARY: Untrusted search path vulnerability in Go before 1.5.4 and 1.6.x before 1.6.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, related to use of the LoadLibrary function. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3958 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2016-3959 CVE STATUS: Patched CVE SUMMARY: The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted public key to a program that uses HTTPS client certificates or SSH server libraries. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3959 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2016-5386 CVE STATUS: Patched CVE SUMMARY: The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5386 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2017-1000097 CVE STATUS: Patched CVE SUMMARY: On Darwin, user's trust preferences for root certificates were not honored. If the user had a root certificate loaded in their Keychain that was explicitly not trusted, a Go program would still verify a connection using that root certificate. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-1000097 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2017-1000098 CVE STATUS: Patched CVE SUMMARY: The net/http package's Request.ParseMultipartForm method starts writing to temporary files once the request body size surpasses the given "maxMemory" limit. It was possible for an attacker to generate a multipart request crafted such that the server ran out of file descriptors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-1000098 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2017-15041 CVE STATUS: Patched CVE SUMMARY: Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points to a Git repository. If the Subversion repository includes a Git checkout in its pkg2 directory and some other work is done to ensure the proper ordering of operations, "go get" can be tricked into reusing this Git checkout for the fetch of code from pkg2. If the Subversion repository's Git checkout has malicious commands in .git/hooks/, they will execute on the system running "go get." CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15041 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2017-15042 CVE STATUS: Patched CVE SUMMARY: An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x before 1.9.1. RFC 4954 requires that, during SMTP, the PLAIN auth scheme must only be used on network connections secured with TLS. The original implementation of smtp.PlainAuth in Go 1.0 enforced this requirement, and it was documented to do so. In 2013, upstream issue #5184, this was changed so that the server may decide whether PLAIN is acceptable. The result is that if you set up a man-in-the-middle SMTP server that doesn't advertise STARTTLS and does advertise that PLAIN auth is OK, the smtp.PlainAuth implementation sends the username and password. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15042 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2017-8932 CVE STATUS: Patched CVE SUMMARY: A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input to ScalarMult by submitting crafted points and observing failures to the derive correct output. This leads to a full key recovery attack against static ECDH, as used in popular JWT libraries. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8932 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2018-16873 CVE STATUS: Patched CVE SUMMARY: In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). Using custom domains, it's possible to arrange things so that a Git repository is cloned to a folder named ".git" by using a vanity import path that ends with "/.git". If the Git repository root contains a "HEAD" file, a "config" file, an "objects" directory, a "refs" directory, with some work to ensure the proper ordering of operations, "go get -u" can be tricked into considering the parent directory as a repository root, and running Git commands on it. That will use the "config" file in the original Git repository root for its configuration, and if that config file contains malicious commands, they will execute on the system running "go get -u". CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16873 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2018-16874 CVE STATUS: Patched CVE SUMMARY: In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary filesystem write, which can lead to code execution. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 6.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16874 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2018-16875 CVE STATUS: Patched CVE SUMMARY: The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16875 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2018-6574 CVE STATUS: Patched CVE SUMMARY: Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-6574 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2018-7187 CVE STATUS: Patched CVE SUMMARY: The "go get" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path (get/vcs.go only checks for "://" anywhere in the string), which allows remote attackers to execute arbitrary OS commands via a crafted web site. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7187 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2019-11888 CVE STATUS: Patched CVE SUMMARY: Go through 1.12.5 on Windows mishandles process creation with a nil environment in conjunction with a non-nil token, which allows attackers to obtain sensitive information or gain privileges. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-11888 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2019-14809 CVE STATUS: Patched CVE SUMMARY: net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname() nor Port(), and is related to a non-numeric port number. For example, an attacker can compose a crafted javascript:// URL that results in a hostname of google.com. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-14809 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2019-16276 CVE STATUS: Patched CVE SUMMARY: Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-16276 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2019-17596 CVE STATUS: Patched CVE SUMMARY: Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-17596 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2019-6486 CVE STATUS: Patched CVE SUMMARY: Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 8.2 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-6486 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2019-9634 CVE STATUS: Patched CVE SUMMARY: Go through 1.12 on Windows misuses certain LoadLibrary functionality, leading to DLL injection. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9634 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2019-9741 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the second argument to http.NewRequest with \r\n followed by an HTTP header or a Redis command. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9741 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2020-0601 CVE STATUS: Patched CVE SUMMARY: A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 8.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-0601 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2020-14039 CVE STATUS: Patched CVE SUMMARY: In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a check on the VerifyOptions.KeyUsages EKU requirements (if VerifyOptions.Roots equals nil and the installation is on Windows). Thus, X.509 certificate verification is incomplete. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-14039 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2020-15586 CVE STATUS: Patched CVE SUMMARY: Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-15586 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2020-16845 CVE STATUS: Patched CVE SUMMARY: Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-16845 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2020-24553 CVE STATUS: Patched CVE SUMMARY: Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-24553 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2020-28362 CVE STATUS: Patched CVE SUMMARY: Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-28362 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2020-28366 CVE STATUS: Patched CVE SUMMARY: Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-28366 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2020-28367 CVE STATUS: Patched CVE SUMMARY: Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-28367 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2020-28851 CVE STATUS: Patched CVE SUMMARY: In x/text in Go 1.15.4, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.) CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-28851 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2020-29509 CVE STATUS: Ignored CVE DETAIL: not-applicable-config CVE DESCRIPTION: The encoding/xml package in go can potentially be used for security exploits if not used correctly CVE applies to a netapp product as well as flagging a general issue. We don't ship anything exposing this interface in an exploitable way CVE SUMMARY: The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-29509 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2020-29510 CVE STATUS: Patched CVE SUMMARY: The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-29510 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2020-29511 CVE STATUS: Ignored CVE DETAIL: not-applicable-config CVE DESCRIPTION: The encoding/xml package in go can potentially be used for security exploits if not used correctly CVE applies to a netapp product as well as flagging a general issue. We don't ship anything exposing this interface in an exploitable way CVE SUMMARY: The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-29511 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2020-7919 CVE STATUS: Patched CVE SUMMARY: Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509 certificate. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-7919 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2021-27918 CVE STATUS: Patched CVE SUMMARY: encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-27918 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2021-27919 CVE STATUS: Patched CVE SUMMARY: archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-27919 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2021-29923 CVE STATUS: Patched CVE SUMMARY: Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.ParseIP and net.ParseCIDR. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-29923 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2021-3114 CVE STATUS: Patched CVE SUMMARY: In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3114 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2021-3115 CVE STATUS: Patched CVE SUMMARY: Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download). CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3115 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2021-31525 CVE STATUS: Patched CVE SUMMARY: net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-31525 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2021-33194 CVE STATUS: Patched CVE SUMMARY: golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-33194 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2021-33195 CVE STATUS: Patched CVE SUMMARY: Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 7.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-33195 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2021-33196 CVE STATUS: Patched CVE SUMMARY: In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-33196 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2021-33197 CVE STATUS: Patched CVE SUMMARY: In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-33197 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2021-33198 CVE STATUS: Patched CVE SUMMARY: In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-33198 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2021-34558 CVE STATUS: Patched CVE SUMMARY: The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-34558 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2021-36221 CVE STATUS: Patched CVE SUMMARY: Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-36221 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2021-38297 CVE STATUS: Patched CVE SUMMARY: Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-38297 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2021-39293 CVE STATUS: Patched CVE SUMMARY: In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-39293 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2021-41771 CVE STATUS: Patched CVE SUMMARY: ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-41771 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2021-41772 CVE STATUS: Patched CVE SUMMARY: Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-41772 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2021-44716 CVE STATUS: Patched CVE SUMMARY: net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-44716 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2021-44717 CVE STATUS: Patched CVE SUMMARY: Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 4.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-44717 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2022-1705 CVE STATUS: Patched CVE SUMMARY: Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1705 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2022-1962 CVE STATUS: Patched CVE SUMMARY: Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1962 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2022-23772 CVE STATUS: Patched CVE SUMMARY: Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-23772 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2022-23773 CVE STATUS: Patched CVE SUMMARY: cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-23773 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2022-23806 CVE STATUS: Patched CVE SUMMARY: Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-23806 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2022-24675 CVE STATUS: Patched CVE SUMMARY: encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-24675 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2022-24921 CVE STATUS: Patched CVE SUMMARY: regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-24921 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2022-27536 CVE STATUS: Patched CVE SUMMARY: Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when presented with certain malformed certificates. This allows a remote TLS server to cause a TLS client to panic. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-27536 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2022-27664 CVE STATUS: Patched CVE SUMMARY: In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-27664 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2022-28131 CVE STATUS: Patched CVE SUMMARY: Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-28131 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2022-28327 CVE STATUS: Patched CVE SUMMARY: The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-28327 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2022-2879 CVE STATUS: Patched CVE SUMMARY: Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2879 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2022-2880 CVE STATUS: Patched CVE SUMMARY: Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparsable value. After fix, ReverseProxy sanitizes the query parameters in the forwarded query when the outbound request's Form field is set after the ReverseProxy. Director function returns, indicating that the proxy has parsed the query parameters. Proxies which do not parse query parameters continue to forward the original query parameters unchanged. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2880 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2022-29526 CVE STATUS: Patched CVE SUMMARY: Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-29526 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2022-29804 CVE STATUS: Patched CVE SUMMARY: Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential directory traversal attack. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-29804 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2022-30580 CVE STATUS: Patched CVE SUMMARY: Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-30580 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2022-30629 CVE STATUS: Patched CVE SUMMARY: Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 3.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-30629 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2022-30630 CVE STATUS: Patched CVE SUMMARY: Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-30630 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2022-30631 CVE STATUS: Patched CVE SUMMARY: Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-30631 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2022-30632 CVE STATUS: Patched CVE SUMMARY: Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-30632 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2022-30633 CVE STATUS: Patched CVE SUMMARY: Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-30633 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2022-30634 CVE STATUS: Patched CVE SUMMARY: Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-30634 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2022-30635 CVE STATUS: Patched CVE SUMMARY: Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-30635 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2022-32148 CVE STATUS: Patched CVE SUMMARY: Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the X-Forwarded-For header. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-32148 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2022-32189 CVE STATUS: Patched CVE SUMMARY: A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-32189 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2022-32190 CVE STATUS: Patched CVE SUMMARY: JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path. For example, JoinPath("https://go.dev", "../go") returns the URL "https://go.dev/../go", despite the JoinPath documentation stating that ../ path elements are removed from the result. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-32190 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2022-41715 CVE STATUS: Patched CVE SUMMARY: Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively small regexps consume much larger amounts of memory. After fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Normal use of regular expressions is unaffected. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-41715 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2022-41716 CVE STATUS: Patched CVE SUMMARY: Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavior to set a value for a different environment variable. For example, the environment variable string "A=B\x00C=D" sets the variables "A=B" and "C=D". CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-41716 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2022-41717 CVE STATUS: Patched CVE SUMMARY: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-41717 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2022-41720 CVE STATUS: Patched CVE SUMMARY: On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For example, os.DirFS("C:/tmp").Open("COM1") opens the COM1 device. Both os.DirFS and http.Dir only provide read-only filesystem access. In addition, on Windows, an os.DirFS for the directory (the root of the current drive) can permit a maliciously crafted path to escape from the drive and access any path on the system. With fix applied, the behavior of os.DirFS("") has changed. Previously, an empty root was treated equivalently to "/", so os.DirFS("").Open("tmp") would open the path "/tmp". This now returns an error. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-41720 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2022-41722 CVE STATUS: Patched CVE SUMMARY: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b". CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-41722 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2022-41723 CVE STATUS: Patched CVE SUMMARY: A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-41723 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2022-41724 CVE STATUS: Patched CVE SUMMARY: Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth >= RequestClientCert). CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-41724 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2022-41725 CVE STATUS: Patched CVE SUMMARY: A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. ReadForm takes a maxMemory parameter, and is documented as storing "up to maxMemory bytes +10MB (reserved for non-file parts) in memory". File parts which cannot be stored in memory are stored on disk in temporary files. The unconfigurable 10MB reserved for non-file parts is excessively large and can potentially open a denial of service vector on its own. However, ReadForm did not properly account for all memory consumed by a parsed form, such as map entry overhead, part names, and MIME headers, permitting a maliciously crafted form to consume well over 10MB. In addition, ReadForm contained no limit on the number of disk files created, permitting a relatively small request body to create a large number of disk temporary files. With fix, ReadForm now properly accounts for various forms of memory overhead, and should now stay within its documented limit of 10MB + maxMemory bytes of memory consumption. Users should still be aware that this limit is high and may still be hazardous. In addition, ReadForm now creates at most one on-disk temporary file, combining multiple form parts into a single temporary file. The mime/multipart.File interface type's documentation states, "If stored on disk, the File's underlying concrete type will be an *os.File.". This is no longer the case when a form contains more than one file part, due to this coalescing of parts into a single file. The previous behavior of using distinct files for each form part may be reenabled with the environment variable GODEBUG=multipartfiles=distinct. Users should be aware that multipart.ReadForm and the http.Request methods that call it do not limit the amount of disk consumed by temporary files. Callers can limit the size of form data with http.MaxBytesReader. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-41725 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2023-24532 CVE STATUS: Patched CVE SUMMARY: The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars (a scalar larger than the order of the curve). This does not impact usages of crypto/ecdsa or crypto/ecdh. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-24532 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2023-24534 CVE STATUS: Patched CVE SUMMARY: HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially more memory than required to hold the parsed headers. An attacker can exploit this behavior to cause an HTTP server to allocate large amounts of memory from a small request, potentially leading to memory exhaustion and a denial of service. With fix, header parsing now correctly allocates only the memory required to hold parsed headers. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-24534 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2023-24536 CVE STATUS: Patched CVE SUMMARY: Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount of memory consumed, leading it to accept larger inputs than intended. 2. Limiting total memory does not account for increased pressure on the garbage collector from large numbers of small allocations in forms with many parts. 3. ReadForm can allocate a large number of short-lived buffers, further increasing pressure on the garbage collector. The combination of these factors can permit an attacker to cause an program that parses multipart forms to consume large amounts of CPU and memory, potentially resulting in a denial of service. This affects programs that use mime/multipart.Reader.ReadForm, as well as form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. With fix, ReadForm now does a better job of estimating the memory consumption of parsed forms, and performs many fewer short-lived allocations. In addition, the fixed mime/multipart.Reader imposes the following limits on the size of parsed forms: 1. Forms parsed with ReadForm may contain no more than 1000 parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxparts=. 2. Form parts parsed with NextPart and NextRawPart may contain no more than 10,000 header fields. In addition, forms parsed with ReadForm may contain no more than 10,000 header fields across all parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxheaders=. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-24536 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2023-24537 CVE STATUS: Patched CVE SUMMARY: Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-24537 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2023-24538 CVE STATUS: Patched CVE SUMMARY: Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to terminate the literal, injecting arbitrary Javascript code into the Go template. As ES6 template literals are rather complex, and themselves can do string interpolation, the decision was made to simply disallow Go template actions from being used inside of them (e.g. "var a = {{.}}"), since there is no obviously safe way to allow this behavior. This takes the same approach as github.com/google/safehtml. With fix, Template.Parse returns an Error when it encounters templates like this, with an ErrorCode of value 12. This ErrorCode is currently unexported, but will be exported in the release of Go 1.21. Users who rely on the previous behavior can re-enable it using the GODEBUG flag jstmpllitinterp=1, with the caveat that backticks will now be escaped. This should be used with caution. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-24538 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2023-24539 CVE STATUS: Patched CVE SUMMARY: Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-24539 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2023-24540 CVE STATUS: Patched CVE SUMMARY: Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-24540 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2023-29400 CVE STATUS: Patched CVE SUMMARY: Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-29400 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2023-29402 CVE STATUS: Patched CVE SUMMARY: The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved using the go command, i.e. via "go get", are not affected (modules retrieved using GOPATH-mode, i.e. GO111MODULE=off, may be affected). CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-29402 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2023-29403 CVE STATUS: Patched CVE SUMMARY: On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-29403 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2023-29404 CVE STATUS: Patched CVE SUMMARY: The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#cgo LDFLAGS" directive. The arguments for a number of flags which are non-optional are incorrectly considered optional, allowing disallowed flags to be smuggled through the LDFLAGS sanitization. This affects usage of both the gc and gccgo compilers. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-29404 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2023-29405 CVE STATUS: Patched CVE SUMMARY: The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#cgo LDFLAGS" directive. Flags containing embedded spaces are mishandled, allowing disallowed flags to be smuggled through the LDFLAGS sanitization by including them in the argument of another flag. This only affects usage of the gccgo compiler. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-29405 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2023-29406 CVE STATUS: Patched CVE SUMMARY: The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-29406 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2023-29409 CVE STATUS: Patched CVE SUMMARY: Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-29409 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.12 CVE: CVE-2023-39318 CVE STATUS: Patched CVE SUMMARY: The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "#!" comment tokens, in