CVE-2019-19648

2019-12-0901:15:10

Google

osv.dev

7.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.9%

JSON

In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, command_size may be inconsistent with the real size. A specially crafted MachO file can cause an out-of-bounds memory access, resulting in Denial of Service (application crash) or potential code execution.

CPENameOperatorVersion
yaraeq3.3.0
yaraeq3.0.0
yaraeq3.8.0
yaraeq3.10.0-rc1
yaraeq3.9.0
yaraeq3.2.0
yaraeq3.6.0
yaraeq2.1.0
yaraeq3.11.0
yaraeq3.4.0

Name	Operator	Version
yara	eq	3.3.0
yara	eq	3.0.0
yara	eq	3.8.0
yara	eq	3.10.0-rc1
yara	eq	3.9.0
yara	eq	3.2.0
yara	eq	3.6.0
yara	eq	2.1.0
yara	eq	3.11.0
yara	eq	3.4.0

Rows per page:

1-10 of 151

References

github.com/VirusTotal/yara/issues/1178

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKNXSH5ERG6NELTXCYVJLUPJJJ2TNEBD/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XXM224OLGI6KAOROLDPPGGCZ2OQVQ6HH/