SUSE SLED15 / SLES15 Security Update : tcpdump (SUSE-SU-2018:4131-1)

This update for tcpdump fixes the following issues : Security issues fixed : CVE-2018-19519: Fixed a stack-based buffer over-read in the printprefix function bsc1117267 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenab...

Updated tcpdump package fixes security vulnerability

Fixed a stack-based buffer over-read in the printprefix function CVE-2018-19519...

MGASA-2018-0492 Updated tcpdump package fixes security vulnerability

Fixed a stack-based buffer over-read in the printprefix function CVE-2018-19519...

CVE-2018-20456

In radare2 prior to 3.1.1, the parseOperand function inside libr/asm/p/asmx86nz.c may allow attackers to cause a denial of service application crash in libr/util/strbuf.c via a stack-based buffer over-read by crafting an input file, a related issue to CVE-2018-20455...

CVE-2018-20456

In radare2 prior to 3.1.1, the parseOperand function inside libr/asm/p/asmx86nz.c may allow attackers to cause a denial of service application crash in libr/util/strbuf.c via a stack-based buffer over-read by crafting an input file, a related issue to CVE-2018-20455...

CVE-2018-20201

CVE-2018-20201 affects Espruino 2V00 and points to a vulnerability in the jsfNameFromString function in jsflash.c, where a stack-based buffer over-read can be triggered by a crafted JS file. Documented impact includes denial of service or possibly other unspecified effects. Connected sources conf...

CVE-2018-19842

getToken in libr/asm/p/asmx86nz.c in radare2 before 3.1.0 allows attackers to cause a denial of service stack-based buffer over-read via crafted x86 assembly data, as demonstrated by rasm2...

CVE-2018-19842

getToken in libr/asm/p/asmx86nz.c in radare2 before 3.1.0 allows attackers to cause a denial of service stack-based buffer over-read via crafted x86 assembly data, as demonstrated by rasm2...

CVE-2018-19842

CVE-2018-19842 affects radare2, specifically the function getToken in the file libr/asm/p/asm_x86_nz.c . The issue is a stack-based buffer over-read triggered by crafted x86 assembly data, leading to a potential denial of service . Connected sources confirm the vulnerability exists in radare2 bef...

Stack overflow

In tcpdump 4.9.2, a stack-based buffer over-read exists in the printprefix function of print-hncp.c via crafted packet data because of missing initialization...

CVE-2018-19519

CVE-2018-19519 – tcpdump 4.9.2 contains a stack-based buffer over-read in the function print_prefix (print-hncp.c) triggered by specially crafted packets due to missing initialization. The issue allows reading memory beyond the buffer, potentially causing a crash or other instability. Documents c...

CVE-2018-19519

In tcpdump 4.9.2, a stack-based buffer over-read exists in the printprefix function of print-hncp.c via crafted packet data because of missing initialization...

CVE-2018-18456

The function Object::isName in Object.h called from Gfx::opSetFillColorN in Xpdf 4.00 allows remote attackers to cause a denial of service stack-based buffer over-read via a crafted pdf file, as demonstrated by pdftoppm...

CVE-2018-18456

The function Object::isName in Object.h called from Gfx::opSetFillColorN in Xpdf 4.00 allows remote attackers to cause a denial of service stack-based buffer over-read via a crafted pdf file, as demonstrated by pdftoppm...

Stack overflow

A stack-based buffer over-read exists in setbit at iptree.h of TCPFLOW 1.5.0, due to received incorrect values causing incorrect computation, leading to denial of service during an addresshistogram call or a gethistogram call...

CVE-2018-18409

CVE-2018-18409 affects tcpflow 1.5.0 (IPTRee.h setbit) with a stack-based buffer over-read, causing denial of service during address_histogram/get_histogram. Public docs confirm the vulnerability and that tcpflow 1.5.2 fixes it (updates referenced by Mageia/Fedora advisories). No exploitation det...

Updated mp3gain packages fix security vulnerabilities

A NULL pointer dereference was discovered in syncbuffer in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service CVE-2017-14406. A stack-based buffer over-read was discovered in...

CVE-2018-13866

An issue was discovered in the HDF HDF5 1.8.20 library. There is a stack-based buffer over-read in the function H5Faddrdecodelen in H5Fint.c...

CVE-2018-12983

CVE-2018-12983 affects PoDoFo: a stack-based buffer over-read in PdfEncryptMD5Base::ComputeEncryptionKey() (PdfEncrypt.cpp) in PoDoFo 0.9.6-rc1 can be exploited remotely via a crafted PDF to cause a denial of service. Multiple advisories confirm a PoDoFo memory-handling issue leading to DoS when ...

CVE-2018-12983

A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey function in PdfEncrypt.cpp in PoDoFo 0.9.6-rc1 could be leveraged by remote attackers to cause a denial-of-service via a crafted pdf file...