SUSE CVE-2018-9154

There is a reachable abort in the function jpcdecprocesssot in libjasper/jpc/jpcdec.c of JasPer 2.0.14 that will lead to a remote denial of service attack by triggering an unexpected jasalloc2 return value, a different vulnerability than CVE-2017-13745...

SUSE CVE-2018-11203

A division by zero was discovered in H5Dbtreedecodekey in H5Dbtree.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack...

SUSE CVE-2018-11206

An out of bounds read was discovered in H5Ofillnewdecode and H5Ofillolddecode in H5Ofill.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack...

SUSE CVE-2018-13301

In FFmpeg 4.0.1, due to a missing check of a profile value before setting it, the ffmpeg4decodepictureheader function in libavcodec/mpeg4videodec.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service...

SUSE CVE-2018-13348

The mpatchdecode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actually are not, aka OVE-20180430-0001...

SUSE CVE-2018-13866

An issue was discovered in the HDF HDF5 1.8.20 library. There is a stack-based buffer over-read in the function H5Faddrdecodelen in H5Fint.c...

SUSE CVE-2018-13869

An issue was discovered in the HDF HDF5 1.8.20 library. There is a memcpy parameter overlap in the function H5Olinkdecode in H5Olink.c...

SUSE CVE-2018-13870

An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5Olinkdecode in H5Olink.c...

SUSE CVE-2018-14033

An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5Olayoutdecode in H5Olayout.c, related to HDmemcpy...

SUSE CVE-2018-14046

Exiv2 0.26 has a heap-based buffer over-read in WebPImage::decodeChunks in webpimage.cpp...

SUSE CVE-2018-14435

ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c...

SUSE CVE-2018-14460

An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5Osdspacedecode in H5Osdspace.c...

SUSE CVE-2018-14524

dwgdecodeeed in decode.c in GNU LibreDWG before 0.6 leads to a double free in dwgfreeeed in free.c because it does not properly manage the obj-eed value after a free occurs...

SUSE CVE-2018-17206

An issue was discovered in Open vSwitch OvS 2.7.x through 2.7.6. The decodebundle function inside lib/ofp-actions.c is affected by a buffer over-read issue during BUNDLE action decoding...

SUSE CVE-2018-18826

There exists a heap-based buffer overflow in vc1decodepmbintfi in vc1block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file...

SUSE CVE-2018-18828

There exists a heap-based buffer overflow in vc1decodeiblockadv in vc1block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file...

SUSE CVE-2018-18956

The ProcessMimeEntity function in util-decode-mime.c in Suricata 4.x before 4.0.6 allows remote attackers to cause a denial of service segfault and daemon crash via crafted input to the SMTP parser, as exploited in the wild in November 2018...

SUSE CVE-2018-19130

In Libav 12.3, there is an invalid memory access in vc1decodeframe in libavcodec/vc1dec.c that allows attackers to cause a denial-of-service via a crafted aac file. NOTE: This may be a duplicate of CVE-2017-17127...

SUSE CVE-2018-19542

An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function jp2decode in libjasper/jp2/jp2dec.c, leading to a denial of service...

SUSE CVE-2018-20001

In Libav 12.3, there is a floating point exception in the rangedecodeculshift function called from rangedecodebits in libavcodec/apedec.c that will lead to remote denial of service via crafted input...