2 matches found
USN-8080-1: YARA vulnerabilities
Kamil Frankowicz discovered that a number of YARA's functions generated memory exceptions when processing specially crafted rules or files. A remote attacker could possibly use these issues to cause YARA to crash, resulting in a denial of service. These issues only affected Ubuntu 16.04 LTS...
CVE-2019-19648
CVE-2019-19648 affects YARA 3.11.0 in macho_parse_file (macho/macho.c) where command_size may not match the actual size, enabling an out-of-bounds memory access that can cause DoS (crash) or potential code execution via a crafted Mach-O file. Connected sources confirm the vulnerability in YARA an...