Amazon Linux 2 : libexif (ALAS-2020-1523)

The version of libexif installed on the remote host is prior to 0.6.22-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1523 advisory. In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of...

Oracle Linux 7 : libexif (ELSA-2020-4040)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4040 advisory. 0.6.22-1 - Upgrade to 0.6.22 - Resolves: 1841316 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory...

EulerOS 2.0 SP3 : libexif (EulerOS-SA-2020-2142)

According to the versions of the libexif package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - exifentrygetvalue in exif-entry.c in libexif 0.6.21 has a divide-by-zero error.CVE-2020-12767 - An issue was discovered in libexif before 0.6.22...

Arbitrary Code Execution

vlc is vulnerable to arbitrary code execution. A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c, resulting in a floating point exception via and allows an attacker to execute arbitrary code via a malicious WMV file...

EulerOS 2.0 SP8 : poppler (EulerOS-SA-2020-1875)

According to the versions of the poppler packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Splash::blitTransparent at...

PT-2020-5542 · Artifex +7 · Ghostscript +7

Name of the Vulnerable Software and Affected Versions: Ghostscript version 9.50 Description: The issue is related to a Division by Zero error in the bj10v print page function, located in contrib/japanese/gdev10v.c, which can be exploited by a remote attacker to cause a denial of service via a...

SUSE SLED15 / SLES15 Security Update : libexif (SUSE-SU-2020:1553-2)

This update for libexif to 0.6.22 fixes the following issues : Security issues fixed : CVE-2016-6328: Fixed an integer overflow in parsing MNOTE entry data of the input file bsc1055857. CVE-2017-7544: Fixed an out-of-bounds heap read vulnerability in exifdatasavedataentry function in...

Updated libexif packages fix security vulnerability

The updated packages fix a security vulnerability: In exifdatasavedataentry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for...

CVE-2020-12767

exifentrygetvalue in exif-entry.c in libexif 0.6.21 has a divide-by-zero error...

CVE-2020-12767

exifentrygetvalue in exif-entry.c in libexif 0.6.21 has a divide-by-zero error...

CVE-2020-12767

The CVE-2020-12767 issue affects libexif version 0.6.21, where exif_entry_get_value in exif-entry.c has a divide-by-zero condition. Multiple connected notices confirm this specific vulnerability in libexif 0.6.21 and reference fix/mitigation in subsequent releases (notably libexif 0.6.22). Practi...

EulerOS Virtualization 3.0.2.2 : libtiff (EulerOS-SA-2020-1447)

According to the versions of the libtiff package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service TIFFSetupStrips heap-based buffe...

EulerOS Virtualization for ARM 64 3.0.6.0 : qemu-kvm (EulerOS-SA-2020-1367)

According to the versions of the qemu-kvm packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - qemu-kvm is an open source virtualizer that provides hardware emulation for the KVM hypervisor. qemu-kvm acts as a...

Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2020-1235)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for poppler (EulerOS-SA-2020-1125)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for libsndfile (EulerOS-SA-2019-2513)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization for ARM 64 3.0.5.0 : libsndfile (EulerOS-SA-2020-1066)

According to the versions of the libsndfile package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - There is a heap-based buffer over-read at wav.c in wavwriteheader in libsndfile 1.0.28 that will cause a denial of...

NewStart CGSL CORE 5.05 / MAIN 5.05 : libjpeg-turbo Multiple Vulnerabilities (NS-SA-2019-0227)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has libjpeg-turbo packages installed that are affected by multiple vulnerabilities: - The cjpeg utility in libjpeg allows remote attackers to cause a denial of service NULL pointer dereference and application crash or execute...

CVE-2019-19888

CVE-2019-19888 affects the ffjpeg project (jfif_decode in jfif.c) with a divide-by-zero error present through 2019-08-21. Connected documents corroborate: FFjpeg jfif_decode divide-by-zero; recommendations for ffjpeg through 2019-08-21 include updating to a release after 2019-08-21 or temporarily...

openSUSE Security Update : opencv (openSUSE-2019-2671)

This update for opencv fixes the following issues : Security issues fixed : - CVE-2019-14491: Fixed an out of bounds read in the function cv:predictOrdered, leading to DOS bsc1144352. - CVE-2019-14492: Fixed an out of bounds read/write in the function HaarEvaluator:OptFeature:calc, which leads to...