Lucene search
K
Mgetty ProjectMgetty

8 matches found

CVE
CVE
added 2019/07/24 12:11 p.m.193 views

CVE-2019-1010190

CVE-2019-1010190 affects mgetty prior to 1.2.1. The vulnerability is an out-of-bounds read in putwhitespan() (g3/pbm2g3.c) that can cause DoS and a potential crash if memory is not mapped. The attack is local and requires the victim to open a specially crafted file. The fixed version is 1.2.1. Th...

5.5CVSS5.3AI score0.00843EPSS
CVE
CVE
added 2019/07/24 1:16 p.m.121 views

CVE-2019-1010189

CVE-2019-1010189 affects mgetty prior to 1.2.1. The flaw causes an infinite loop leading to DoS (program may not terminate) in g3/g32pbm.c. Attack vector is Local via opening a specially crafted file. Fixed in version 1.2.1. Public references include Mageia MGASA-2020-0076 and Fedora’s 2019-732b5...

5.5CVSS5.4AI score0.00835EPSS
CVE
CVE
added 2018/09/13 4:0 p.m.82 views

CVE-2018-16741

The CVE-2018-16741 issue affects mgetty prior to 1.2.1, where do_activate() in fax/faxq-helper.c does not properly sanitize shell metacharacters, enabling local command injection via characters like ||, &&, or > in files created by faxq-helper activate . Reports from multiple Nessus/EulerOS ad...

7.8CVSS7.7AI score0.01323EPSS
CVE
CVE
added 2018/09/13 4:0 p.m.67 views

CVE-2018-16745

CVE-2018-16745 concerns mgetty before 1.2.1. In fax_notify_mail()’s faxrec.c, the mail_to parameter is not sanitized, which could allow a buffer overflow if long untrusted input reaches it. This is the root cause and potential impact described in the public CVE entry. The connected documents conf...

7.8CVSS7.6AI score0.00448EPSS
CVE
CVE
added 2018/09/13 4:0 p.m.60 views

CVE-2018-16742

CVE-2018-16742 affects mgetty prior to 1.2.1. In contrib/scrts.c, a stack-based buffer overflow can be triggered by a command-line parameter, enabling potential memory corruption. Affected versions are older than 1.2.1; mitigation is to upgrade to 1.2.1 or later (as reflected in vendor advisories...

7.8CVSS7.5AI score0.00448EPSS
CVE
CVE
added 2018/09/13 4:0 p.m.59 views

CVE-2018-16744

Summary: CVE-2018-16744 affects mgetty before 1.2.1. In fax_notify_mail() (faxrec.c), the mail_to parameter is not sanitized, and because popen is used, untrusted input could trigger a command injection. The issue is documented across multiple advisories (e.g., Red Hat open/unpatched statuses) an...

7.8CVSS7.7AI score0.01034EPSS
CVE
CVE
added 2018/09/13 4:0 p.m.58 views

CVE-2018-16743

CVE-2018-16743 affects mgetty prior to 1.2.1. In contrib/next-login/login.c, the username command-line parameter is passed unsanitized to strcpy(), causing a stack-based buffer overflow. This is a local vulnerability with potential partial confidentiality/integrity/availability impact. Mitigation...

7.8CVSS7.3AI score0.00448EPSS
CVE
CVE
added 2003/07/10 4:0 a.m.52 views

CVE-2003-0517

The vulnerability CVE-2003-0517 affects mgetty 1.1.28 and earlier, via the faxrunqd.in component. A symlink attack on JOB files allows local users to overwrite files, compromising file integrity. The issue stems from insufficient protections around JOB file handling, enabling local privilege-impa...

5.5CVSS5.3AI score0.00323EPSS