Wireshark Security Update (wnpa-sec-2020-10) - Mac OS X

Wireshark is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-17498

In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression...

DEBIAN-CVE-2020-17498

In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression...

CVE-2020-17498

In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression...

CVE-2020-17498

In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression...

Double free

In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression...

CVE-2020-17498

In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression...

UBUNTU-CVE-2020-17498

In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression...

CVE-2020-17498

In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression...

CVE-2020-17498

In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression...

PT-2020-6481 · Openexr +5 · Openexr +5

Name of the Vulnerable Software and Affected Versions: OpenEXR versions prior to 3.0.0-beta Description: A flaw in the Dwa decompression functionality of OpenEXR's IlmImf library can cause a NULL pointer dereference when processing a crafted input file supplied by an attacker. This could lead to ...

Denial Of Service (DoS)

itextsharp is vulnerable to denial of service. An attacker is able to crash the application via decompression bombs from passed pdf streams...

File Upload Vulnerability in MetInfo 7.1.0 Backend of Changsha Mito Information Technology Co.

MetInfo is an open source free CMS building system suitable for enterprise building. Changsha Mito Information Technology Co., Ltd MetInfo 7.1.0 file upload vulnerability exists in the background, attackers can exploit the vulnerability to upload malicious compressed packages and then decompress...

netty: compression/decompression codecs don't enforce limits on buffer allocation sizes

A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error OOME or exhaustion of the memory pool...

SUSE-SU-2020:2057-1 Security update for python-Pillow

This update for python-Pillow fixes the following issues: - Add 0019-FLI-overflow-error-fix-and-testcase.patch Fixes CVE-2016-0775, bsc965582 - Add 0020-Fix-OOB-reads-in-FLI-decoding.patch Fixes CVE-2020-10177, bsc1173413 - Add 0021-Fix-bounds-overflow-in-JPEG-2000-decoding.patch Fixes...

netty: compression/decompression codecs don't enforce limits on buffer allocation sizes

A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error OOME or exhaustion of the memory pool...

OSV-2020-1016 UNKNOWN READ in blosc_run_decompression_with_context

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23717 Crash type: UNKNOWN READ Crash state: bloscrundecompressionwithcontext bloscdecompress fuzzdecompress.c...

AZL-44193 CVE-2020-15389 affecting package openjpeg2 2.3.1-12

jp2/opjdecompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opjimagedestroy twice...

PT-2020-4486 · Openjpeg +9 · Openjpeg +9

Name of the Vulnerable Software and Affected Versions: OpenJPEG versions through 2.3.1 Description: The issue is related to a use-after-free in the jp2/opj decompress.c component of the OpenJPEG library, which can be triggered by a mix of valid and invalid files in a directory operated on by the...

[SECURITY] Fedora 31 Update: suricata-4.1.8-1.fc31

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...