SUSE CVE-2019-6457

An issue was discovered in GNU Recutils 1.8. There is a memory leak in recaggregateregnew in rec-aggregate.c in librec.a...

SUSE CVE-2019-6456

An issue was discovered in GNU Recutils 1.8. There is a NULL pointer dereference in the function recfexsize in the file rec-fex.c of librec.a...

SUSE CVE-2019-6458

An issue was discovered in GNU Recutils 1.8. There is a memory leak in recbufnew in rec-buf.c when called from recparserset in rec-parser.c in librec.a...

SUSE CVE-2019-6459

An issue was discovered in GNU Recutils 1.8. There is a memory leak in recextracttype in rec-utils.c in librec.a...

SUSE CVE-2019-6460

An issue was discovered in GNU Recutils 1.8. There is a NULL pointer dereference in the function recfieldsetname in the file rec-field.c in librec.a...

SUSE CVE-2019-6488

The string component in the GNU C Library aka glibc or libc6 through 2.28, when running on the x32 architecture, incorrectly attempts to use a 64-bit register for sizet in assembly codes, which can lead to a segmentation fault or possibly unspecified other impact, as demonstrated by a crash in...

SUSE CVE-2019-7309

In the GNU C Library aka glibc or libc6 through 2.29, the memcmp function for the x32 architecture can incorrectly return zero indicating that the inputs are equal because the RDX most significant bit is mishandled...

SUSE CVE-2019-9070

An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in dexpression1 in cp-demangle.c after many recursive calls...

SUSE CVE-2019-9072

An issue was discovered in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in setupgroup in elf.c...

SUSE CVE-2019-9071

An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a stack consumption issue in dcounttemplatesscopes in cp-demangle.c after many recursive calls...

SUSE CVE-2019-9075

An issue was discovered in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in bfdarchive64bitslurparmap in archive64.c...

SUSE CVE-2019-9169

In the GNU C Library aka glibc or libc6 through 2.29, proceednextnode in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match...

SUSE CVE-2019-9192

In the GNU C Library aka glibc or libc6 through 2.29, checkdstlimitscalcpos1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '|\1\1' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs...

SUSE CVE-2019-9779

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwgdxfLTYPE at dwg.spec earlier than CVE-2019-9776...

SUSE CVE-2019-9923

paxdecodeheader in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers...

SUSE CVE-2019-11637

An issue was discovered in GNU recutils 1.8. There is a NULL pointer dereference in the function recrsetgetprops at rec-rset.c in librec.a, leading to a crash...

SUSE CVE-2019-11638

An issue was discovered in GNU recutils 1.8. There is a NULL pointer dereference in the function recfieldnameequalp at rec-field-name.c in librec.a, leading to a crash...

SUSE CVE-2019-12290

GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the...

SUSE CVE-2019-13050

Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service...

SUSE CVE-2019-13636

In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c...