PT-2019-12144 · Libsixel +1 · Libsixel +1

Name of the Vulnerable Software and Affected Versions: libsixel version 1.8.2 Description: The issue is related to the load pnm function in frompnm.c in libsixel.a, which has infinite recursion. Recommendations: For libsixel version 1.8.2, at the moment, there is no information about a newer...

PT-2019-12146 · Poppler · Poppler

Name of the Vulnerable Software and Affected Versions: Poppler version 0.75.0 Description: The issue is related to infinite recursion in the FontInfoScanner::scanFonts function in FontInfo.cc, which leads to a call to the error function in Error.cc. Recommendations: For Poppler version 0.75.0, at...

Sandbox Bypass

Overview vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Sandbox Bypass. It is possible to trigger a RangeError exception from the host rather than the "sandboxed" context by reaching the stack call limit...

SUSE-SU-2019:0776-1 Security update for w3m

This update for w3m fixes several issues. These security issues were fixed: - CVE-2018-6196: Prevent infinite recursion in HTMLlineproc0 caused by the feedtableblocktag function which did not prevent a negative indent value bsc1077559 - CVE-2018-6197: Prevent NULL pointer dereference in...

openSUSE Security Update : libgit2 (openSUSE-2019-986)

This update for libgit2 fixes the following issues : Security issue fixed : - CVE-2018-17456: Submodule URLs and paths with a leading '-' are now ignored to avoid injecting options into library consumers that perform recursive clones bsc1110949. Non-security issues fixed : - Version update to...

UBUNTU-CVE-2019-9904

An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphviz 2.40.1. Stack consumption occurs because of recursive agclose calls in lib\cgraph\graph.c in libcgraph.a, related to agfstsubg in lib\cgraph\subg.c...

CUJO Smart Firewall mdnscap mDNS label compression denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the mdnscap binary of the CUJO Smart Firewall running firmware 7003. When parsing labels in mDNS packets, the firewall unsafely handles label compression pointers, leading to an uncontrolled recursion that eventually exhausts the...

Stack Overflow in Apache Mesos

When parsing a JSON payload with deeply nested JSON structures, the parser in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.1, 1.6.0 to 1.6.1, and 1.7.0 might overflow the stack due to unbounded recursion. A malicious actor can therefore cause a denial of service of Mesos masters...

CVE-2019-9143

An issue was discovered in Exiv2 0.27. There is infinite recursion at Exiv2::Image::printTiffStructure in the file image.cpp. This can be triggered by a crafted file. It allows an attacker to cause Denial of Service Segmentation fault or possibly have unspecified other impact...

CVE-2019-9192

In the GNU C Library aka glibc or libc6 through 2.29, checkdstlimitscalcpos1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '|\\1\\1' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs...

The vulnerability of the Samba networking software’s LDAP server arises from an error in processing requests containing cyclic CNAME records. This error allows a hacker to trigger a service failure.

The vulnerability of the Samba networking software’s LDAP server is related to an error in processing requests that contain cyclic CNAME records. Exploiting this vulnerability can allow a malicious actor to trigger an infinite recursion on the server, resulting in service failure...

Design/Logic Flaw

DISPUTED In the GNU C Library aka glibc or libc6 through 2.29, checkdstlimitscalcpos1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '|\1\1' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior...

CVE-2019-9192

In the GNU C Library aka glibc or libc6 through 2.29, checkdstlimitscalcpos1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '|\1\1' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs...

DEBIAN-CVE-2019-9192

In the GNU C Library aka glibc or libc6 through 2.29, checkdstlimitscalcpos1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '|\1\1' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs...

CVE-2019-9192

In the GNU C Library aka glibc or libc6 through 2.29, checkdstlimitscalcpos1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '|\1\1' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs...

CVE-2019-9192

In the GNU C Library aka glibc or libc6 through 2.29, checkdstlimitscalcpos1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '|\1\1' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs...

CVE-2019-9192

In the GNU C Library aka glibc or libc6 through 2.29, checkdstlimitscalcpos1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '|\1\1' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs...

CVE-2019-9192

CVE-2019-9192: In glibc up to 2.29, check_dst_limits_calc_pos_1 (posix/regexec.c) can cause uncontrolled recursion demonstrated by crafted patterns in grep; vendor notes this behavior occurs only with crafted patterns. Affected: GNU C Library (glibc/libc6) prior to 2.30; root cause is uncontrolle...

CVE-2019-9192

In the GNU C Library aka glibc or libc6 through 2.29, checkdstlimitscalcpos1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '|\1\1' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs...

CVE-2019-9144

An issue was discovered in Exiv2 0.27. There is infinite recursion at BigTiffImage::printIFD in the file bigtiffimage.cpp. This can be triggered by a crafted file. It allows an attacker to cause Denial of Service Segmentation fault or possibly have unspecified other impact...