Advisory ROSA-SA-2021-1883

Software: libplist 1.12 OS: Cobalt 7.9 CVE-ID: CVE-2017-6435 CVE-Crit: MEDIUM CVE-DESC: The parsestringnode function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service memory corruption via a created plist file. CVE-STATUS: default CVE-REV: default CVE-I...

Advisory ROSA-SA-2021-1865

Software: libcroco 0.6.12 OS: Cobalt 7.9 CVE-ID: CVE-2017-7960 CVE-Crit: MEDIUM CVE-DESC: The crinputnewfromuri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service heap-based buffer re-read via a crafted CSS file. CVE-STATUS: default CVE-REV:...

EulerOS 2.0 SP3 : soundtouch (EulerOS-SA-2021-1849)

According to the versions of the soundtouch package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - soundtouch version up to and including 2.0.0 contains a Buffer Overflow vulnerability in SoundStretch/WavFile.cpp:WavInFile::readHeaderBlock...

EulerOS 2.0 SP3 : libplist (EulerOS-SA-2021-1812)

According to the versions of the libplist package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The base64decode function in base64.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process...

MediaTek LinkIt SDK 输入验证错误漏洞

MediaTek LinkIt SDK is a MediaTek LinkIt open source application. An input validation error vulnerability exists in MediaTek LinkIt SDK versions prior to 4.6.1, which stems from an incorrect memory allocation can lead to arbitrary memory allocation, which can result in unexpected behavior such as...

EulerOS 2.0 SP5 : soundtouch (EulerOS-SA-2021-1705)

According to the versions of the soundtouch package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - soundtouch version up to and including 2.0.0 contains a Buffer Overflow vulnerability in SoundStretch/WavFile.cpp:WavInFile::readHeaderBlock...

PT-2021-4249 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 5.11.3 Description: The issue is related to the netback driver in the Linux kernel, which lacks proper error handling for certain conditions such as failed memory allocations. This can lead to a denial of service...

libuv: buffer overflow in realpath

A flaw has been found in libuv. The realpath implementation performs an incorrect calculation when allocating a buffer, leading to a potential buffer overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

DEBIAN-CVE-2020-25665

The PALM image coder at coders/palm.c makes an improper call to AcquireQuantumMemory in routine WritePALMImage because it needs to be offset by 256. This can cause a out-of-bounds read later on in the routine. The patch adds 256 to bytesperrow in the call to AcquireQuantumMemory. This could cause...

libuv: buffer overflow in realpath

A flaw has been found in libuv. The realpath implementation performs an incorrect calculation when allocating a buffer, leading to a potential buffer overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

EulerOS 2.0 SP3 : libplist (EulerOS-SA-2020-2125)

According to the versions of the libplist package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The parsestringnode function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service memory allocation...

SUSE SLED15 / SLES15 Security Update : libcroco (SUSE-SU-2020:1535-1)

This update for libcroco fixes the following issues : Security issues fixed : CVE-2017-8834: Fixed denial of service memory allocation error via a crafted CSS file bsc1043898. CVE-2017-8871: Fixed denial of service infinite loop and CPU consumption via a crafted CSS file bsc1043899. Note that...

openSUSE Security Update : libcroco (openSUSE-2020-780)

This update for libcroco fixes the following issues : Security issues fixed : - CVE-2017-8834: Fixed denial of service memory allocation error via a crafted CSS file bsc1043898. - CVE-2017-8871: Fixed denial of service infinite loop and CPU consumption via a crafted CSS file bsc1043899. This upda...

EulerOS Virtualization for ARM 64 3.0.2.0 : libcroco (EulerOS-SA-2020-1559)

According to the versions of the libcroco package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - The crparserparseselectorcore function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of...

Huawei EulerOS: Security Advisory for libcroco (EulerOS-SA-2020-1475)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.2.2 : python-pillow (EulerOS-SA-2020-1473)

According to the versions of the python-pillow package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the 'crafted image file'...

[SECURITY] [DLA 2168-1] libplist security update

Package : libplist Version : 1.11-3+deb8u1 CVE ID : CVE-2017-5209 CVE-2017-5545 CVE-2017-5834 CVE-2017-5835 CVE-2017-6435 CVE-2017-6436 CVE-2017-6439 CVE-2017-7982 Debian Bug : 851196 852385 854000 860945 libplist is a library for reading and writing the Apple binary and XML property lists format...

Huawei EulerOS: Security Advisory for libcroco (EulerOS-SA-2019-2694)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for libcroco (EulerOS-SA-2019-2605)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ALPINE-CVE-2019-19344

There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc while other local variables still point at the original buffer...