CVE-2020-36773

An out-of-bounds write, and a use-after-free flaw was found in Ghostscript. The flaw is present in devices/vector/gdevtxtw.c, for txtwrite, due to a single character code in a PDF document that can map to more than one Unicode code point for example, a ligature. Mitigation Mitigation for this iss...

Design/Logic Flaw

Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c for txtwrite because a single character code in a PDF document can map to more than one Unicode code point e.g., for a ligature...

CVE-2020-36773

Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c for txtwrite because a single character code in a PDF document can map to more than one Unicode code point e.g., for a ligature...

CVE-2020-36773

Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c for txtwrite because a single character code in a PDF document can map to more than one Unicode code point e.g., for a ligature...

CVE-2020-36773

Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c for txtwrite because a single character code in a PDF document can map to more than one Unicode code point e.g., for a ligature...

CVE-2022-31100 Reachable Assertion in rulex

rulex is a new, portable, regular expression language. When parsing untrusted rulex expressions, rulex may crash, possibly enabling a Denial of Service attack. This happens when the expression contains a multi-byte UTF-8 code point in a string literal or after a backslash, because rulex tries to...

Reachable Assertion in rulex

Impact When parsing untrusted rulex expressions, rulex may crash, possibly enabling a Denial of Service attack. This happens when the expression contains a multi-byte UTF-8 code point in a string literal or after a backslash, because rulex tries to slice into the code point and panics as a result...

RUSTSEC-2022-0031 Panic due to improper UTF-8 indexing

When parsing untrusted rulex expressions, rulex may panic, possibly enabling a Denial of Service attack. This happens when the expression contains a multi- byte UTF-8 code point in a string literal or after a backslash, because rulex tries to slice into the code point and panics as a result. The...

Panic due to improper UTF-8 indexing

When parsing untrusted rulex expressions, rulex may panic, possibly enabling a Denial of Service attack. This happens when the expression contains a multi- byte UTF-8 code point in a string literal or after a backslash, because rulex tries to slice into the code point and panics as a result. The...

Security update for chrony (moderate)

openSUSE Security Update: Security update for chrony Announcement ID: openSUSE-SU-2022:0845-1 Rating: moderate References: 1099272 1115529 1128846 1162964 1172113 1173277 1174075 1174911 1180689 1181826 1187906 1190926 1194229 SLE-17334 Cross-References: CVE-2020-14367 CVSS scores: CVE-2020-14367...

CVE-2017-13692

In Tidy 5.5.31, the IsURLCodePoint function in attrs.c allows attackers to cause a denial of service Segmentation Fault, as demonstrated by an invalid ISALNUM argument...

ALPINE-CVE-2017-9226

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in nextstateval during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetchtoken and...

CVE-2017-9225

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigencunicodegetcasefoldcodesbystr occurs during regular expression compilation. Code point 0xFFFFFFFF is not properly handled in...

Fedora 25 : pcre2 (2017-9c6430c2e2)

This release fixes a crash when finding a Unicode property for a character with a code point greater than 0x10ffff in UTF-32 library while UTF mode is disabled and JIT mode is enabled. It also fixes an incortect cast in UTF validation routine. Note that Tenable Network Security has extracted the...

ntp security and bug fix update

4.2.6p5-10 - don't accept server/peer packets with zero origin timestamp CVE-2015-8138 - fix crash with reslist command CVE-2015-7977, CVE-2015-7978 4.2.6p5-9 - fix crash with invalid logconfig command CVE-2015-5194 - fix crash when referencing disabled statistic type CVE-2015-5195 - don't hang i...

ntp security, bug fix, and enhancement update

4.2.6p5-22 - check origin timestamp before accepting KoD RATE packet CVE-2015-7704 - allow only one step larger than panic threshold with -g CVE-2015-5300 4.2.6p5-20 - validate lengths of values in extension fields CVE-2014-9297 - drop packets with spoofed source address ::1 CVE-2014-9298 - rejec...

Oracle Linux 5 : kernel (ELSA-2012-1323-1)

From Red Hat Security Advisory 2012:1323 : Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System...

kernel security update

CentOS Errata and Security Advisory CESA-2012:1323 Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scorin...