RSS   Vulnerabilities for 'Linux enterprise server'   RSS

2019-03-21
 
CVE-2017-16232

CWE-399
 

 
** DISPUTED ** LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue.

 
2018-11-25
 
CVE-2018-19543

CWE-119
 

 
An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jp2_decode in libjasper/jp2/jp2_dec.c.

 
 
CVE-2018-19542

CWE-476
 

 
An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function jp2_decode in libjasper/jp2/jp2_dec.c, leading to a denial of service.

 
 
CVE-2018-19541

CWE-125
 

 
An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jas_image_depalettize in libjasper/base/jas_image.c.

 
 
CVE-2018-19540

CWE-119
 

 
An issue was discovered in JasPer 2.0.14. There is a heap-based buffer overflow of size 1 in the function jas_icctxtdesc_input in libjasper/base/jas_icc.c.

 
 
CVE-2018-19539

CWE-284
 

 
An issue was discovered in JasPer 2.0.14. There is an access violation in the function jas_image_readcmpt in libjasper/base/jas_image.c, leading to a denial of service.

 
2018-10-31
 
CVE-2018-18873

CWE-476
 

 
An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c.

 
2018-10-22
 
CVE-2018-18585

CWE-476
 

 
chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name).

 
 
CVE-2018-18584

CWE-787
 

 
In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.

 
2018-10-09
 
CVE-2018-17962

CWE-119
 

 
Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used.

 


Copyright 2019, cxsecurity.com

 

Back to Top