SUSE: Security Advisory (SUSE-SU-2021:14598-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2021:0153-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : libass (openSUSE-2021-472)

This update for libass fixes the following issues : - CVE-2020-26682: Fixed a signed integer overflow in the call to outlinestroke bsc1177862. This update was imported from the SUSE:SLE-15:Update update project. C Tenable Network Security, Inc. The descriptive text and package checks in this plug...

SUSE SLED15 / SLES15 Security Update : libass (SUSE-SU-2021:0936-1)

This update for libass fixes the following issues : CVE-2020-26682: Fixed a signed integer overflow in the call to outlinestroke bsc1177862. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to...

SUSE-SU-2021:0936-1 Security update for libass

This update for libass fixes the following issues: - CVE-2020-26682: Fixed a signed integer overflow in the call to outlinestroke bsc1177862...

MGASA-2021-0017 Updated libass packages fix security vulnerability

In libass 0.14.0, the assoutlineconstruct's call to outlinestroke causes a signed integer overflow. CVE-2020-26682...

Denial Of Service (DoS)

imagemagick is vulnerable to denial of service. A signed integer overflow in MagickCore/histogram.c allows an attacker to crash the application...

Denial Of Service (DoS)

imagemagick is vulnerable to denial of service. A division by zero can lead to outside the range of representable value in MagickCore/geometry.c and signed integer overflow in MagickCore/decorate.c...

[ASA-202011-19] libass: arbitrary code execution

Arch Linux Security Advisory ASA-202011-19 ========================================== Severity: Medium Date : 2020-11-19 CVE-ID : CVE-2020-26682 Package : libass Type : arbitrary code execution Remote : No Link : https://security.archlinux.org/AVG-1285 Summary ======= The package libass before...

CVE-2020-26682

In libass 0.14.0, the assoutlineconstruct's call to outlinestroke causes a signed integer overflow...

CVE-2020-26682

In libass 0.14.0, the assoutlineconstruct's call to outlinestroke causes a signed integer overflow...

Integer overflow

In libass 0.14.0, the assoutlineconstruct's call to outlinestroke causes a signed integer overflow...

CVE-2020-26682

CVE-2020-26682 affects libass 0.14.0, where the call to outline_stroke inside ass_outline_construct can trigger a signed integer overflow. This vulnerability may cause a crash or, per multiple advisories, could enable arbitrary code execution under certain conditions. Several connected sources no...

CVE-2020-26682

In libass 0.14.0, the assoutlineconstruct's call to outlinestroke causes a signed integer overflow...

Fix of 227 CVE

Fix bug 69720: Null pointer dereference in phargetfpoffset - Fix bug 70728: Type Confusion Vulnerability in PHPtoXMLRPCworker - Fix bug 70661: Use After Free Vulnerability in WDDX Packet Deserialization - Fix bug 70741: Session WDDX Packet Deserialization Type Confusion Vulnerability - Fix bug...

CVE-2020-10024 ARM Platform Uses Signed Integer Comparison When Validating Syscall Numbers

The arm platform-specific code uses a signed integer comparison when validating system call numbers. An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 a...

EulerOS Virtualization 3.0.2.2 : kernel (EulerOS-SA-2020-1269)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In the tun subsystem in the Linux kernel before 4.13.14, devgetvalidname is not called before registernetdevice. This allows loca...

MGASA-2020-0040 Updated libjpeg packages fix security vulnerabilities

The updated packages fix security vulnerabilities: A signed integer overflow and subsequent segfault that occurred when attempting to decompress images with more than 715827882 pixels using the 64-bit C version of TJBench. Out-of-bounds write in tjDecompressToYUV2 and tjDecompressToYUVPlanes...

CVE-2019-18805

An issue was discovered in net/ipv4/sysctlnetipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcpinput.c signed integer overflow in tcpackupdatertt when userspace writes a very large integer to /proc/sys/net/ipv4/tcpminrttwlen, leading to a denial of service or possibly unspecified...

FreeBSD : bro -- NULL pointer dereference and Signed integer overflow (f56669f5-d799-4ff5-9174-64a6d571c451)

Jon Siwek of Corelight reports : This is a security patch release to address potential Denial of Service vulnerabilities : - NULL pointer dereference in the RPC analysis code. RPC analyzers e.g. MOUNT or NFS are not enabled in the default configuration. - Signed integer overflow in BinPAC-generat...