CVE-2019-1010182

yaml-rust 0.4.0 and earlier is affected by: Uncontrolled Recursion. The impact is: Denial of service by impossible to catch abort. The component is: YamlLoader::loadfromstr function. The attack vector is: Parsing of a malicious YAML document. The fixed version is: 0.4.1 and later...

CVE-2019-1010182

yaml-rust 0.4.0 and earlier is affected by: Uncontrolled Recursion. The impact is: Denial of service by impossible to catch abort. The component is: YamlLoader::loadfromstr function. The attack vector is: Parsing of a malicious YAML document. The fixed version is: 0.4.1 and later...

CVE-2019-1010183

The CVE-2019-1010183 entry concerns the Rust serde_yaml library (versions 0.6.0–0.8.3). The root cause is Uncontrolled Recursion in the from_* deserialization functions, enabling a Denial of Service when parsing a malicious YAML file. The impact is described as availability impact (Partial in CVS...

CVE-2019-1010183

serde serdeyaml 0.6.0 to 0.8.3 is affected by: Uncontrolled Recursion. The impact is: Denial of service by aborting. The component is: from functions all deserialization functions. The attack vector is: Parsing a malicious YAML file. The fixed version is: 0.8.4 and later...

Security update for libsass (moderate)

openSUSE Security Update: Security update for libsass Announcement ID: openSUSE-SU-2019:1800-1 Rating: moderate References: 1096894 1118301 1118346 1118348 1118349 1118351 1119789 1121943 1121944 1121945 1133200 1133201 Cross-References: CVE-2018-11499 CVE-2018-19797 CVE-2018-19827 CVE-2018-19837...

OPENSUSE-SU-2019:1791-1 Security update for libsass

This update for libsass to version 3.6.1 fixes the following issues: Security issues fixed: - CVE-2019-6283: Fixed heap-buffer-overflow in Sass::Prelexer::parenthesescopechar const boo1121943. - CVE-2019-6284: Fixed heap-based buffer over-read exists in Sass:Prelexer:alternatives boo1121944. -...

openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service

Constructed ASN.1 types with a recursive definition such as can be found in PKCS7 could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so...

CVE-2019-13288

In Xpdf 4.01.01, the Parser::getObj function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. This is similar to CVE-2018-16646...

CVE-2019-13288

In Xpdf 4.01.01, the Parser::getObj function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. This is similar to CVE-2018-16646...

Design/Logic Flaw

In Xpdf 4.01.01, the Parser::getObj function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. This is similar to CVE-2018-16646...

CVE-2019-13288

In Xpdf 4.01.01, the Parser::getObj function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. This is similar to CVE-2018-16646...

UBUNTU-CVE-2019-13288

In Xpdf 4.01.01, the Parser::getObj function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. This is similar to CVE-2018-16646...

CVE-2019-13288

In Xpdf 4.01.01, the Parser::getObj function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. This is similar to CVE-2018-16646...

EUVD-2019-4794

In Xpdf 4.01.01, the Parser::getObj function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. This is similar to CVE-2018-16646...

CVE-2019-13288

In Xpdf 4.01.01, the Parser::getObj function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. This is similar to CVE-2018-16646...

CVE-2019-13288

CVE-2019-13288 affects Xpdf 4.01.01: the Parser::getObj() function in Parser.cc may recurse infinitely when processing a crafted file, enabling a remote DoS. Connected Debian tracker confirms the same description. No explicit remediation or affected versions beyond the cited release are provided ...

PT-2019-13240 · Xpdf · Xpdf

Name of the Vulnerable Software and Affected Versions: Xpdf version 4.01.01 Description: The issue allows a remote attacker to cause a denial-of-service DoS attack via a crafted file, leveraging infinite recursion in the Parser::getObj function. Recommendations: For Xpdf version 4.01.01, as a...

CVE-2019-13129

On the Motorola router CX2L MWR04L 1.01, there is a stack consumption infinite recursion issue in scopd via TCP port 8010 and UDP port 8080. It is caused by snprintf and inappropriate length handling...

haproxy: Infinite recursion via crafted packet allows stack exhaustion and denial of service

An issue was discovered in dns.c in HAProxy through 1.8.14. In the case of a compressed pointer, a crafted packet can trigger infinite recursion by making the pointer point to itself, or create a long chain of valid pointers resulting in stack exhaustion...

Amazon Linux 2 : poppler (ALAS-2019-1217)

There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h. A crafted input will lead to a remote denial of service attack. Poppler versions later than 0.41.0 are not affected.CVE-2018-10768 The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler allows...