SUSE-SU-2018:1221-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-1087: And an unprivileged KVM guest user could use this flaw to potentially escalate their privileges inside a guest. bsc1087088 - CVE-2018-8897: An...

CVE-2018-6246

In Android before the 2018-05-05 security patch level, NVIDIA Widevine Trustlet contains a vulnerability in Widevine TA where the software reads data past the end, or before the beginning, of the intended buffer, which may lead to Information Disclosure. This issue is rated as moderate. Android:...

PYSEC-2018-125

Exiv2::Image::byteSwap2 in image.cpp in Exiv2 0.26 has a heap-based buffer over-read...

ALPINE-CVE-2018-10779

TIFFWriteScanline in tifwrite.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff...

DEBIAN-CVE-2018-10779

TIFFWriteScanline in tifwrite.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff...

UBUNTU-CVE-2018-10767

There is a stack-based buffer over-read in calling GLib in the function gxpsimagesguesscontenttype of gxps-images.c in libgxps through 0.3.0 because it does not reject negative return values from a ginputstreamread call. A crafted input will lead to a remote denial of service attack...

UBUNTU-CVE-2018-10733

There is a heap-based buffer over-read in the function ftfontfacehash of gxps-fonts.c in libgxps through 0.3.0. A crafted input will lead to a remote denial of service attack...

php: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function

A data leak was found in gdImageCreateFromGifCtx in GD Graphics Library used in PHP before 5.6.31 and 7.1.7. An attacker could craft a malicious GIF image and read up to 762 bytes from stack...

php: buffer over-read in finish_nested_data function

The finishnesteddata function in ext/standard/varunserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an unspecified impact on the integrity of PHP...

Buffer Overread

libvorbis.so is vulnerable to buffer overreads. The application lacks an array length check in the barknoisehybridmp method in psy.c, leading to a buffer overread that can lead to sensitive information being disclosed or the application crashing...

The vulnerability of the `wma_unified_bcntx_status_event_handler` function in the Android WLAN operating system component from the CAF repository allows a perpetrator to execute arbitrary code.

The vulnerability of the wmaunifiedbcntxstatuseventhandler function in the Android WLAN operating system from the CAF repository involves reading data beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code within a privileged proces...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read barknoisehybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read. Remediation There is no fixed version for vorbis. References - Gitlab.xiph.org...

ALPINE-CVE-2018-10393

barknoisehybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read...

DEBIAN-CVE-2018-10393

barknoisehybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read...

UBUNTU-CVE-2018-10393

barknoisehybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read...

AZL-7277 CVE-2018-10393 affecting package libvorbis for versions less than 1.3.7-1

barknoisehybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read...

Xiph.Org libvorbis 'bark_noise_hybridmp' function stack buffer out-of-bounds read vulnerability

Xiph.Org libvorbis is an open source library of audio encoding and decoding functions for medium to high quality audio at fixed or variable bit rates. A stack buffer out-of-bounds read vulnerability exists in the 'barknoisehybridmp' function of the psy.c file in Xiph.Org libvorbis version 1.3.6. ...

DEBIAN-CVE-2018-10372

processcutuindex in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via a crafted binary file, as demonstrated by readelf...

Ubuntu: Security Advisory (USN-3631-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-3631-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...