CVE-2018-12504

CVE-2018-12504 affects tinyexr 0.9.5, with an assertion failure in ComputeChannelLayout in tinyexr.h. The issue is documented across multiple sources (NVD, Red Hat, CNVD, CNVD-like entries, OSV, etc.). The vulnerability centers on tinyexr 0.9.5 and its ComputeChannelLayout function; exploitation ...

CVE-2018-12504

tinyexr 0.9.5 has an assertion failure in ComputeChannelLayout in tinyexr.h...

CVE-2018-12504

tinyexr 0.9.5 has an assertion failure in ComputeChannelLayout in tinyexr.h...

Design/Logic Flaw

An inconsistent bits-per-sample value in the ffmpeg4decodepictureheader function in libavcodec/mpeg4videodec.c in FFmpeg 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service...

CVE-2018-12459

An inconsistent bits-per-sample value in the ffmpeg4decodepictureheader function in libavcodec/mpeg4videodec.c in FFmpeg 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service...

DEBIAN-CVE-2018-12459

An inconsistent bits-per-sample value in the ffmpeg4decodepictureheader function in libavcodec/mpeg4videodec.c in FFmpeg 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service...

CVE-2018-12458

An improper integer type in the mpeg4encodegopheader function in libavcodec/mpeg4videoenc.c in FFmpeg 2.8 and 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service...

CVE-2018-12459

An inconsistent bits-per-sample value in the ffmpeg4decodepictureheader function in libavcodec/mpeg4videodec.c in FFmpeg 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service...

MGASA-2018-0281 Updated jasper packages fix security vulnerabilities

Updated japser packages fix security vulnerabilities: An assertion failure was possible to trigger in JPCNOMINALGAIN CVE-2016-9396. Denial of service via a reachable assertion in the function jpcfirstone in libjasper/jpc/jpcmath.c could lead to denial of service CVE-2018-9055...

Updated jasper packages fix security vulnerabilities

Updated japser packages fix security vulnerabilities: An assertion failure was possible to trigger in JPCNOMINALGAIN CVE-2016-9396. Denial of service via a reachable assertion in the function jpcfirstone in libjasper/jpc/jpcmath.c could lead to denial of service CVE-2018-9055...

openSUSE Security Update : opencv (openSUSE-2018-534)

This update for opencv fixes the following issues : - CVE-2018-5268: Fixed a heap-based buffer overflow in incv::Jpeg2KDecoder::readComponent8u in modules/imgcodecs/src/grfmtjpeg2000.cppwhen parsing a crafted image file. boo1075017 - CVE-2017-17760: Fixed an buffer overflow in function...

Security update for opencv (important)

This update for opencv fixes the following issues: - CVE-2018-5268: Fixed a heap-based buffer overflow in incv::Jpeg2KDecoder::readComponent8u in modules/imgcodecs/src/grfmtjpeg2000.cppwhen parsing a crafted image file. boo1075017 - CVE-2017-17760: Fixed an buffer overflow in function...

MuPDF Denial of Service Vulnerability (CNVD-2018-10365)

Artifex MuPDF is the United States Artifex Software, Inc. of a free, lightweight PDF reader. PDF parser is one of the PDF parser. Artifex MuPDF 1.12.0 and previous versions of the PDF parser has a security vulnerability. An attacker can exploit this vulnerability to cause a denial of service...

GNU glibc < 2.27 - Local Buffer Overflow

GNU glibc Vendor Homepage: http://www.gnu.org/ CVE: CVE-2018-11237 POC: $ cat mempcpy.c define GNUSOURCE 1 include include define N 97699 char aN; char bN+128; int main void memset a, 'x', N; char c = mempcpy b, a, N; assert c == 0; $ gcc -g mempcpy.c -o mempcpy -fno-builtin-mempcpy $ ./mempcpy...

Bypassing Signature Validation

simplesamlphp is vulnerable to bypassing signature validation. There is a flaw in signature verification on SAML assertions which allows construction of a crafted SAML assertion on behalf of an Identity Provider. Consequently, an attacker can impersonate a user from that Identity Provider...

ISC BIND Multiple Denial of Service Vulnerabilities (May 2018)

ISC BIND is prone to multiple denial of service vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:isc:bind";...

GNU C Library Buffer Overflow Vulnerability (CNVD-2018-10058)

The GNU C Library a.k.a. glibc, libc6 is an open-source, free C language compiler released under the LGPL license. A buffer overflow vulnerability exists in mempcpyavx512novzeroupper in GNU C Library version 2.27 and earlier. An attacker can exploit this vulnerability to cause an assertion failur...

Denial Of Service (DoS)

libtiff.so is vulnerable to denial of service DoS attacks. The application does not properly assert that a value in the TIFFWriteDirectoryTagCheckedRational function of tifdirwrite.c is valid, leading to an assertion failure that can crash the application...

FreeBSD : BIND -- multiple vulnerabilities (94599fe0-5ca3-11e8-8be1-d05099c0ae8c)

ISC reports : An error in zone database reference counting can lead to an assertion failure if a server which is running an affected version of BIND attempts several transfers of a slave zone in quick succession. A problem with the implementation of the new serve-stale feature in BIND 9.12 can le...

BIND -- multiple vulnerabilities

ISC reports: An error in zone database reference counting can lead to an assertion failure if a server which is running an affected version of BIND attempts several transfers of a slave zone in quick succession. A problem with the implementation of the new serve-stale feature in BIND 9.12 can lea...