PT-2019-6214 · Osgeo +3 · Gdal +3

Name of the Vulnerable Software and Affected Versions: GDAL versions 3.0.1 and earlier Description: The issue is related to a double free in the OGRExpatRealloc function in the ogr/ogr expat.cpp file of the GDAL library, which occurs when the 10MB threshold is exceeded. This can allow a remote...

CVE-2019-17178

HuffmanTreemakeFromFrequencies in lodepng.c in LodePNG through 2019-09-28, as used in WinPR in FreeRDP and other products, has a memory leak because a supplied realloc pointer i.e., the first argument to realloc is also used for a realloc return value...

CVE-2019-17177

libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x through 2.0.0-rc4 has memory leaks because a supplied realloc pointer i.e., the first argument to realloc is also used for a realloc return value...

DEBIAN-CVE-2019-17178

HuffmanTreemakeFromFrequencies in lodepng.c in LodePNG through 2019-09-28, as used in WinPR in FreeRDP and other products, has a memory leak because a supplied realloc pointer i.e., the first argument to realloc is also used for a realloc return value...

CVE-2019-17178

HuffmanTreemakeFromFrequencies in lodepng.c in LodePNG through 2019-09-28, as used in WinPR in FreeRDP and other products, has a memory leak because a supplied realloc pointer i.e., the first argument to realloc is also used for a realloc return value...

DEBIAN-CVE-2019-17177

libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x through 2.0.0-rc4 has memory leaks because a supplied realloc pointer i.e., the first argument to realloc is also used for a realloc return value...

UBUNTU-CVE-2019-17178

HuffmanTreemakeFromFrequencies in lodepng.c in LodePNG through 2019-09-28, as used in WinPR in FreeRDP and other products, has a memory leak because a supplied realloc pointer i.e., the first argument to realloc is also used for a realloc return value...

Memory corruption

HuffmanTreemakeFromFrequencies in lodepng.c in LodePNG through 2019-09-28, as used in WinPR in FreeRDP and other products, has a memory leak because a supplied realloc pointer i.e., the first argument to realloc is also used for a realloc return value...

UBUNTU-CVE-2019-17177

libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x through 2.0.0-rc4 has memory leaks because a supplied realloc pointer i.e., the first argument to realloc is also used for a realloc return value...

CVE-2019-17177

CVE-2019-17177 refers to a memory leak in FreeRDP: in libfreerdp/codec/region.c, a supplied realloc pointer (first argument) is also used for a realloc return value, leading to memory leaks in FreeRDP versions through 1.1.x and 2.x through 2.0.0-rc4. The connected documents confirm the vulnerable...

CVE-2019-17177

libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x through 2.0.0-rc4 has memory leaks because a supplied realloc pointer i.e., the first argument to realloc is also used for a realloc return value...

CVE-2019-17178

HuffmanTreemakeFromFrequencies in lodepng.c in LodePNG through 2019-09-28, as used in WinPR in FreeRDP and other products, has a memory leak because a supplied realloc pointer i.e., the first argument to realloc is also used for a realloc return value...

curl -- multiple vulnerabilities

curl security problems: CVE-2019-5481: FTP-KRB double-free libcurl can be told to use kerberos over FTP to a server, as set with the CURLOPTKRBLEVEL option. During such kerberos FTP data transfer, the server sends data to curl in blocks with the 32 bit size of each block first and then that amoun...

curl: krb5: double-free in read_data() after realloc() fail

Summary: In 'lib/security.c', there is a double-free of the reference 'buf-data' on the teardown path if 'Curlsaferealloc' fails. Also, since we read 'len' from the 'fd', the sender might be able to remotely trigger a realloc failure, and then the double-free, by sending the value 0x7fffffff...

Silicon Graphics LibTIFF Integer Overflow Vulnerability

Silicon Graphics LibTIFF is a library for reading and writing TIFF Tagged Image File Format files from Silicon Graphics, USA. The library contains a number of command-line tools for processing TIFF files. An integer overflow vulnerability exists in the 'TIFFCheckMalloc' and 'TIFFCheckRealloc'...

EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1539)

According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution ...

libcdio: NULL pointer dereference in realloc_symlink in rock.c

A NULL pointer dereference flaw was found in the way libcdio handled processing of ISO files. An attacker could potentially use this flaw to crash applications using libcdio by tricking them into processing crafted ISO files...

Debian DLA-1531-1 : linux-4.9 security update

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2018-6554 A memory leak in the irdabind function in the irda subsystem was discovered. A local user can take advantage of this flaw to cause a deni...

[SECURITY] [DLA 1531-1] linux-4.9 security update

Package : linux-4.9 Version : 4.9.110-3+deb9u5deb8u1 CVE ID : CVE-2018-6554 CVE-2018-6555 CVE-2018-7755 CVE-2018-9363 CVE-2018-9516 CVE-2018-10902 CVE-2018-10938 CVE-2018-13099 CVE-2018-14609 CVE-2018-14617 CVE-2018-14633 CVE-2018-14678 CVE-2018-14734 CVE-2018-15572 CVE-2018-15594 CVE-2018-16276...

SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2018:2776-1)

The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.155 to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-13093: Prevent NULL pointer dereference and panic in lookupslow on a NULL inode-iops pointer when doing pathwalks on a corrupted xfs image. Th...