Uncontrolled recursion leads to abort in deserialization

Affected versions of this crate did not prevent deep recursion while deserializing data structures. This allows an attacker to make a YAML file with deeply nested structures that causes an abort while deserializing it. The flaw was corrected by checking the recursion depth. Note: clap 2.33 is not...

RUSTSEC-2018-0006 Uncontrolled recursion leads to abort in deserialization

Affected versions of this crate did not prevent deep recursion while deserializing data structures. This allows an attacker to make a YAML file with deeply nested structures that causes an abort while deserializing it. The flaw was corrected by checking the recursion depth. Note: clap 2.33 is not...

RUSTSEC-2018-0005 Uncontrolled recursion leads to abort in deserialization

Affected versions of this crate did not properly check for recursion while deserializing aliases. This allows an attacker to make a YAML file with an alias referring to itself causing an abort. The flaw was corrected by checking the recursion depth...

Uncontrolled recursion leads to abort in deserialization

Affected versions of this crate did not properly check for recursion while deserializing aliases. This allows an attacker to make a YAML file with an alias referring to itself causing an abort. The flaw was corrected by checking the recursion depth...

CVE-2017-1082

In FreeBSD 11.x before 11.1-RELEASE and 10.x before 10.4-RELEASE, the qsort algorithm has a deterministic recursion pattern. Feeding a pathological input to the algorithm can lead to excessive stack usage and potential overflow. Applications that use qsort to handle large data set may crash if th...

CVE-2018-16426

Endless recursion when handling responses from an IAS-ECC card in iaseccselectfile in libopensc/card-iasecc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to hang or crash the opensc library using programs...

CVE-2018-16646

In Poppler 0.68.0, the Parser::getObj function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack...

Updated sleuthkit packages fix security vulnerabilities

Updated sleuthkit packages fix security vulnerabilities: In The Sleuth Kit TSK 4.4.2, opening a crafted ISO 9660 image triggers an out-of-bounds read in iso9660procdir in tsk/fs/iso9660dent.c in libtskfs.a, as demonstrated by fls CVE-2017-13755. In The Sleuth Kit TSK 4.4.2, opening a crafted disk...

Updated libxkbcommon packages fix security vulnerabilities

Updated libxkbcommon packages fix security vulnerabilities: Endless recursion exists in xkbcomp/expr.c in xkbcommon and libxkbcommon before 0.8.1, which could be used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers boolean negation CVE-2018-15853...

Poppler Infinite Recursion Vulnerability

Poppler is based on xpdf-3.0 code base PDF rendering library. An infinite recursion vulnerability exists in the Parser::getObj function in Parser.cc in Poppler 0.68.0, which can be exploited by a remote attacker via a specially crafted file to cause a denial of service...

CVE-2018-16646

In Poppler 0.68.0, the Parser::getObj function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack...

DEBIAN-CVE-2018-16646

In Poppler 0.68.0, the Parser::getObj function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS. In Poppler 0.68.0, the Parser::getObj function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. Details Denial of Service DoS describes a family o...

CVE-2018-16646

In Poppler 0.68.0, the Parser::getObj function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack...

CVE-2018-16646

CVE-2018-16646 affects Poppler, where in version 0.68.0 the Parser::getObj() function in Parser.cc may trigger infinite recursion via a crafted file, enabling remote DoS. Public disclosures in connected advisories confirm the issue and link it to Poppler-based components. Remediation actions acro...

CVE-2018-16646

In Poppler 0.68.0, the Parser::getObj function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack...

UBUNTU-CVE-2018-16646

In Poppler 0.68.0, the Parser::getObj function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack...

PT-2018-3607 · Poppler +4 · Poppler +4

Name of the Vulnerable Software and Affected Versions: Poppler version 0.68.0 Description: The issue is related to the Parser::getObj function in the Poppler library for rendering PDF files, which can cause infinite recursion when processing a crafted file. This can be exploited by a remote...

DEBIAN-CVE-2018-16426

Endless recursion when handling responses from an IAS-ECC card in iaseccselectfile in libopensc/card-iasecc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to hang or crash the opensc library using programs...

CVE-2018-16426

Endless recursion when handling responses from an IAS-ECC card in iaseccselectfile in libopensc/card-iasecc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to hang or crash the opensc library using programs...