Debian: Security Advisory (DLA-1668-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-1000019

CVE-2019-1000019 concerns libarchive’s 7z decompression path. Affected versions (from release v3.0.2 onward) contain a CWE-125 Out-of-bounds Read in archive_read_support_format_7zip.c header_bytes(), exploitable by opening a specially crafted 7zip file and causing a crash/DoS. Public reports conf...

UBUNTU-CVE-2019-1000019

libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards release v3.0.2 onwards contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archivereadsupportformat7zip.c, headerbytes that can result in a crash denial of service. This attack appears to be...

UBUNTU-CVE-2019-6988

An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a denial of service attempted excessive memory allocation in opjcalloc in openjp2/opjmalloc.c, when called from opjtcdinittile in openjp2/tcd.c, as demonstrated by the 64-bit opjdecompress...

Arbitrary File Write

bower is vulnerable to arbitrary file write attacks. The vulnerability exists as it fails to restrict extracting files that are referencing symbolic links, allowing arbitrary files to be written during decompression...

The vulnerability of the lz4::decompress function in the Graphite library used by Mozilla Firefox and Mozilla Firefox ESR browsers allows a hacker to cause a service failure or execute arbitrary code.

The vulnerability of the lz4::decompress function in the Graphite library used by Mozilla Firefox and Mozilla Firefox ESR browsers is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause a service...

Wireshark 2.6.x < 2.6.2 Multiple Vulnerabilities (macOS)

The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 2.6.2. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-2.6.2 advisory. - In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the HTTP2 dissector could crash. This...

Directory Traversal

rdf4j-util is vulnerable to directory traversal. An attacker is able to overwrite arbitrary files using the characters ../ as an entry in a ZIP archive. The overwrite occurs during decompressing of the ZIP file...

FreeRDP Buffer Overflow Vulnerability (CNVD-2019-00653)

FreeRDP is a free, open source implementation of the Remote Desktop Protocol RDP developed by the FreeRDP team. A heap buffer overflow vulnerability exists in the 'zgfxdecompress' function in versions of FreeRDP prior to 2.0.0-rc4, which can be exploited by a remote attacker to cause a denial of...

CVE-2018-8784

FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfxdecompresssegment that results in a memory corruption and probably even a remote code execution...

[SECURITY] Fedora 29 Update: suricata-4.0.6-1.fc29

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

[SECURITY] Fedora 27 Update: suricata-4.0.6-1.fc27

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

[SECURITY] Fedora 27 Update: libmspack-0.9.1-0.1.alpha.fc27

The purpose of libmspack is to provide both compression and decompression of some loosely related file formats used by Microsoft...

[SECURITY] Fedora 28 Update: libmspack-0.9.1-0.1.alpha.fc28

The purpose of libmspack is to provide both compression and decompression of some loosely related file formats used by Microsoft...

[SECURITY] Fedora 29 Update: libmspack-0.9.1-0.1.alpha.fc29

The purpose of libmspack is to provide both compression and decompression of some loosely related file formats used by Microsoft...

libmspack: off-by-one error in the TOLOWER() macro for CHM decompression

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER macro for CHM decompression...

[SECURITY] Fedora 28 Update: apache-commons-compress-1.16.1-2.fc28

The Apache Commons Compress library defines an API for working with ar, cpio, Unix dump, tar, zip, gzip, XZ, Pack200 and bzip2 files. In version 1.14 read-only support for Brotli decompression has been added, but it has been removed form this package...

CVE-2018-8413

A remote code execution vulnerability exists when "Windows Theme API" does not properly decompress files, aka "Windows Theme API Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows...

CVE-2018-8413

A remote code execution vulnerability exists when "Windows Theme API" does not properly decompress files, aka "Windows Theme API Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows...

ALPINE-CVE-2018-16402

libelf/elfend.c in elfutils 0.173 allows remote attackers to cause a denial of service double free and application crash or possibly have unspecified other impact because it tries to decompress twice...