SUSE CVE-2017-11624

A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after two consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite...

SUSE CVE-2017-11627

A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the PointerHolder function in PointerHolder.hh, aka an "infinite loop."...

SUSE CVE-2018-17281

There is a stack consumption vulnerability in the reshttpwebsocket.so module of Asterisk through 13.23.0, 14.7.x through 14.7.7, and 15.x through 15.6.0 and Certified Asterisk through 13.21-cert2. It allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connecti...

SUSE CVE-2018-17985

An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption problem caused by the cplusdemangletype function making recursive calls to itself in certain scenarios involving many 'P' characters...

SUSE CVE-2018-19837

In LibSass prior to 3.5.5, Sass::Eval::operatorSass::BinaryExpression inside eval.cpp allows attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, because of certain incorrect parsing of '%' as a modulo operator in parser.cpp...

SUSE CVE-2018-20573

The Scanner::EnsureTokensInQueue function in yaml-cpp aka LibYaml-C++ 0.6.2 allows remote attackers to cause a denial of service stack consumption and application crash via a crafted YAML file...

SUSE CVE-2018-21232

re2c before 2.0 has uncontrolled recursion that causes stack consumption in findfixedtags...

SUSE CVE-2019-9071

An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a stack consumption issue in dcounttemplatesscopes in cp-demangle.c after many recursive calls...

SUSE CVE-2019-9903

PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find located at Dict.cc, which can for example be triggered by passing a crafted pdf file to the pdfunite binary...

SUSE CVE-2019-20334

In Netwide Assembler NASM 2.14.02, stack consumption occurs in expr functions in asm/eval.c. This potentially affects the relationships among expr0, expr1, expr2, expr3, expr4, expr5, and expr6 and stdscan in asm/stdscan.c. This is similar to CVE-2019-6290 and CVE-2019-6291...

SUSE CVE-2019-20395

A stack consumption issue is present in libyang before v1.0-r1 due to the self-referential union type containing leafrefs. Applications that use libyang to parse untrusted input yang files may crash...

SUSE CVE-2020-12825

libcroco through 0.6.13 has excessive recursion in crparserparseanycore in cr-parser.c, leading to stack consumption...

SUSE CVE-2020-28019

Exim 4 before 4.94.2 has Improper Initialization that can lead to recursion-based stack consumption or other consequences. This occurs because use of certain getc functions is mishandled when a client uses BDAT instead of DATA...

SUSE CVE-2022-30974

compile in regexp.c in Artifex MuJS through 1.2.0 results in stack consumption because of unlimited recursion, a different issue than CVE-2019-11413...

VulnCheck KEV: CVE-2009-2521

Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services IIS 5.0 through 7.0 allows remote authenticated users to cause a denial of service daemon crash via a list ls -R command containing a wildcard that references a subdirectory, followed by a...

Fedora 36 : mingw-gcc (2022-c9a1fd5370)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-c9a1fd5370 advisory. Backport fixes for CVE-2021-3826 and CVE-2022-27943. Tenable has extracted the preceding description block directly from the Fedora security advisor...

SUSE: Security Advisory (SUSE-SU-2022:4276-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2022:4276-1 Security update for exiv2

This update for exiv2 fixes the following issues: - CVE-2019-13110: Fixed an integer-overflow and out-of-bounds read in CiffDirectory:readDirectory leads to denail of service bsc1142678. - CVE-2019-13109: Fixed a denial of service in PngImage:readMetadata bsc1142677. - CVE-2018-17581: Fixed an...

Debian DSA-5291-1 : mujs - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5291 advisory. Multiple security issues were discovered in MuJS, a lightweight JavaScript interpreter, which could result in denial of service and potentially the execution of...

Debian dla-3120 : gir1.2-poppler-0.18 - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3120 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3120-1 [email protected]...