CVE-2005-4676,Candidate,"Buffer overflow in Andreas Huggel Exiv2 before 0.9 does not null terminate strings before calling the sscanf function, which allows remote attackers to cause a denial of service (application crash) via images with crafted IPTC metadata.","BID:16400 | URL:http://www.securityfocus.com/bid/16400 | CONFIRM:http://home.arcor.de/ahuggel/exiv2/changelog.html | MISC:http://dev.robotbattle.com/mantis/bug_view_advanced_page.php?bug_id=447 | SECUNIA:18619 | URL:http://secunia.com/advisories/18619 | VUPEN:ADV-2006-0345 | URL:http://www.vupen.com/english/advisories/2006/0345 | XF:exiv2-iptc-metadata-dos(24349) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/24349",Assigned (20060131),"None (candidate not yet proposed)","" CVE-2007-6353,Candidate,"Integer overflow in exif.cpp in exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow.","BID:26918 | URL:http://www.securityfocus.com/bid/26918 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=425921 | DEBIAN:DSA-1474 | URL:http://www.debian.org/security/2008/dsa-1474 | FEDORA:FEDORA-2007-4551 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00674.html | FEDORA:FEDORA-2007-4591 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00652.html | GENTOO:GLSA-200712-16 | URL:http://security.gentoo.org/glsa/glsa-200712-16.xml | MANDRIVA:MDVSA-2008:006 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:006 | MISC:http://bugs.gentoo.org/show_bug.cgi?id=202351 | SECUNIA:28132 | URL:http://secunia.com/advisories/28132 | SECUNIA:28178 | URL:http://secunia.com/advisories/28178 | SECUNIA:28267 | URL:http://secunia.com/advisories/28267 | SECUNIA:28412 | URL:http://secunia.com/advisories/28412 | SECUNIA:28610 | URL:http://secunia.com/advisories/28610 | SECUNIA:32273 | URL:http://secunia.com/advisories/32273 | SUSE:SUSE-SR:2008:001 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html | UBUNTU:USN-655-1 | URL:http://www.ubuntu.com/usn/usn-655-1 | VUPEN:ADV-2007-4252 | URL:http://www.vupen.com/english/advisories/2007/4252 | XF:exiv2-setdataarea-bo(39118) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/39118",Assigned (20071214),"None (candidate not yet proposed)","" CVE-2008-2696,Candidate,"Exiv2 0.16 allows user-assisted remote attackers to cause a denial of service (divide-by-zero and application crash) via a zero value in Nikon lens information in the metadata of an image, related to ""pretty printing"" and the RationalValue::toLong function.","BID:29586 | URL:http://www.securityfocus.com/bid/29586 | CONFIRM:http://www.exiv2.org/changelog.html | MANDRIVA:MDVSA-2008:119 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:119 | MISC:http://bugzilla.gnome.org/show_bug.cgi?id=524715 | MISC:http://dev.robotbattle.com/bugs/view.php?id=0000546 | SECUNIA:30519 | URL:http://secunia.com/advisories/30519 | SECUNIA:32273 | URL:http://secunia.com/advisories/32273 | SUSE:SUSE-SR:2008:023 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00012.html | UBUNTU:USN-655-1 | URL:http://www.ubuntu.com/usn/usn-655-1 | VUPEN:ADV-2008-1766 | URL:http://www.vupen.com/english/advisories/2008/1766/references | XF:exiv2-printing-dos(42885) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/42885",Assigned (20080613),"None (candidate not yet proposed)","" CVE-2014-9449,Candidate,"Buffer overflow in the RiffVideo::infoTagsHandler function in riffvideo.cpp in Exiv2 0.24 allows remote attackers to cause a denial of service (crash) via a long IKEY INFO tag value in an AVI file.","BID:71912 | URL:http://www.securityfocus.com/bid/71912 | CONFIRM:http://dev.exiv2.org/issues/960 | CONFIRM:http://dev.exiv2.org/projects/exiv2/repository/diff?rev=3264&rev_to=3263 | FEDORA:FEDORA-2015-0301 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148382.html | GENTOO:GLSA-201507-03 | URL:https://security.gentoo.org/glsa/201507-03 | SECUNIA:61801 | URL:http://secunia.com/advisories/61801 | UBUNTU:USN-2454-1 | URL:http://www.ubuntu.com/usn/USN-2454-1",Assigned (20150102),"None (candidate not yet proposed)","" CVE-2017-1000126,Candidate,"exiv2 0.26 contains a Stack out of bounds read in webp parser","MLIST:[oss-security] 20170630 exiv2: multiple memory safety issues | URL:http://www.openwall.com/lists/oss-security/2017/06/30/1 | SUSE:openSUSE-SU-2020:0482 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html",Assigned (20171117),"None (candidate not yet proposed)","" CVE-2017-1000127,Candidate,"Exiv2 0.26 contains a heap buffer overflow in tiff parser","MLIST:[oss-security] 20170630 exiv2: multiple memory safety issues | URL:http://www.openwall.com/lists/oss-security/2017/06/30/1",Assigned (20171117),"None (candidate not yet proposed)","" CVE-2017-1000128,Candidate,"Exiv2 0.26 contains a stack out of bounds read in JPEG2000 parser","MLIST:[oss-security] 20170630 exiv2: multiple memory safety issues | URL:http://www.openwall.com/lists/oss-security/2017/06/30/1",Assigned (20171117),"None (candidate not yet proposed)","" CVE-2017-11336,Candidate,"There is a heap-based buffer over-read in the Image::printIFDStructure function in image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack.","MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1470729",Assigned (20170715),"None (candidate not yet proposed)","" CVE-2017-11337,Candidate,"There is an invalid free in the Action::TaskFactory::cleanup function of actions.cpp in Exiv2 0.26. A crafted input will lead to a remote denial of service attack.","MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1470737",Assigned (20170715),"None (candidate not yet proposed)","" CVE-2017-11338,Candidate,"There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.26. A crafted input will lead to a remote denial of service attack.","MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1470913",Assigned (20170715),"None (candidate not yet proposed)","" CVE-2017-11339,Candidate,"There is a heap-based buffer overflow in the Image::printIFDStructure function of image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack.","MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1470946",Assigned (20170715),"None (candidate not yet proposed)","" CVE-2017-11340,Candidate,"There is a Segmentation fault in the XmpParser::terminate() function in Exiv2 0.26, related to an exit call. A Crafted input will lead to a remote denial of service attack.","MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1470950",Assigned (20170715),"None (candidate not yet proposed)","" CVE-2017-11553,Candidate,"There is an illegal address access in the extend_alias_table function in localealias.c of Exiv2 0.26. A crafted input will lead to remote denial of service.","MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1471772",Assigned (20170722),"None (candidate not yet proposed)","" CVE-2017-11591,Candidate,"There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.","MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1473888 | UBUNTU:USN-3852-1 | URL:https://usn.ubuntu.com/3852-1/",Assigned (20170723),"None (candidate not yet proposed)","" CVE-2017-11592,Candidate,"There is a Mismatched Memory Management Routines vulnerability in the Exiv2::FileIo::seek function of Exiv2 0.26 that will lead to a remote denial of service attack (heap memory corruption) via crafted input.","MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1473889",Assigned (20170723),"None (candidate not yet proposed)","" CVE-2017-11683,Candidate,"There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.","BID:100030 | URL:http://www.securityfocus.com/bid/100030 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1475124 | UBUNTU:USN-3852-1 | URL:https://usn.ubuntu.com/3852-1/",Assigned (20170726),"None (candidate not yet proposed)","" CVE-2017-12955,Candidate,"There is a heap-based buffer overflow in basicio.cpp of Exiv2 0.26. The vulnerability causes an out-of-bounds write in Exiv2::Image::printIFDStructure(), which may lead to remote denial of service or possibly unspecified other impact.","MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1482295",Assigned (20170818),"None (candidate not yet proposed)","" CVE-2017-12956,Candidate,"There is an illegal address access in Exiv2::FileIo::path[abi:cxx11]() in basicio.cpp of libexiv2 in Exiv2 0.26 that will lead to remote denial of service.","MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1482296",Assigned (20170818),"None (candidate not yet proposed)","" CVE-2017-12957,Candidate,"There is a heap-based buffer over-read in libexiv2 in Exiv2 0.26 that is triggered in the Exiv2::Image::io function in image.cpp. It will lead to remote denial of service.","MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1482423",Assigned (20170818),"None (candidate not yet proposed)","" CVE-2017-14857,Candidate,"In Exiv2 0.26, there is an invalid free in the Image class in image.cpp that leads to a Segmentation fault. A crafted input will lead to a denial of service attack.","MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1495043",Assigned (20170928),"None (candidate not yet proposed)","" CVE-2017-14858,Candidate,"There is a heap-based buffer overflow in the Exiv2::l2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack.","MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1494782",Assigned (20170928),"None (candidate not yet proposed)","" CVE-2017-14859,Candidate,"An Invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.","MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1494780 | UBUNTU:USN-3852-1 | URL:https://usn.ubuntu.com/3852-1/",Assigned (20170928),"None (candidate not yet proposed)","" CVE-2017-14860,Candidate,"There is a heap-based buffer over-read in the Exiv2::Jp2Image::readMetadata function of jp2image.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack.","MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1494776",Assigned (20170928),"None (candidate not yet proposed)","" CVE-2017-14861,Candidate,"There is a stack consumption vulnerability in the Exiv2::Internal::stringFormat function of image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack.","MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1494787",Assigned (20170928),"None (candidate not yet proposed)","" CVE-2017-14862,Candidate,"An Invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.","MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1494786 | UBUNTU:USN-3852-1 | URL:https://usn.ubuntu.com/3852-1/",Assigned (20170928),"None (candidate not yet proposed)","" CVE-2017-14863,Candidate,"A NULL pointer dereference was discovered in Exiv2::Image::printIFDStructure in image.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.","MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1494443",Assigned (20170928),"None (candidate not yet proposed)","" CVE-2017-14864,Candidate,"An Invalid memory address dereference was discovered in Exiv2::getULong in types.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.","MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1494467 | UBUNTU:USN-3852-1 | URL:https://usn.ubuntu.com/3852-1/",Assigned (20170928),"None (candidate not yet proposed)","" CVE-2017-14865,Candidate,"There is a heap-based buffer overflow in the Exiv2::us2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack.","MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1494778",Assigned (20170928),"None (candidate not yet proposed)","" CVE-2017-14866,Candidate,"There is a heap-based buffer overflow in the Exiv2::s2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack.","MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1494781",Assigned (20170928),"None (candidate not yet proposed)","" CVE-2017-17669,Candidate,"There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp in Exiv2 0.26. A crafted PNG file will lead to a remote denial of service attack.","MISC:https://github.com/Exiv2/exiv2/issues/187 | UBUNTU:USN-3852-1 | URL:https://usn.ubuntu.com/3852-1/",Assigned (20171213),"None (candidate not yet proposed)","" CVE-2017-17722,Candidate,"In Exiv2 0.26, there is a reachable assertion in the readHeader function in bigtiffimage.cpp, which will lead to a remote denial of service attack via a crafted TIFF file.","MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1524116",Assigned (20171217),"None (candidate not yet proposed)","" CVE-2017-17723,Candidate,"In Exiv2 0.26, there is a heap-based buffer over-read in the Exiv2::Image::byteSwap4 function in image.cpp. Remote attackers can exploit this vulnerability to disclose memory data or cause a denial of service via a crafted TIFF file.","GENTOO:GLSA-201811-14 | URL:https://security.gentoo.org/glsa/201811-14 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1524104",Assigned (20171217),"None (candidate not yet proposed)","" CVE-2017-17724,Candidate,"In Exiv2 0.26, there is a heap-based buffer over-read in the Exiv2::IptcData::printStructure function in iptc.cpp, related to the ""!= 0x1c"" case. Remote attackers can exploit this vulnerability to cause a denial of service via a crafted TIFF file.","GENTOO:GLSA-201811-14 | URL:https://security.gentoo.org/glsa/201811-14 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1524107 | MISC:https://github.com/Exiv2/exiv2/issues/263 | MISC:https://github.com/xiaoqx/pocs/blob/master/exiv2/readme.md | REDHAT:RHSA-2019:2101 | URL:https://access.redhat.com/errata/RHSA-2019:2101",Assigned (20171217),"None (candidate not yet proposed)","" CVE-2017-17725,Candidate,"In Exiv2 0.26, there is an integer overflow leading to a heap-based buffer over-read in the Exiv2::getULong function in types.cpp. Remote attackers can exploit the vulnerability to cause a denial of service via a crafted image file. Note that this vulnerability is different from CVE-2017-14864, which is an invalid memory address dereference.","MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1525055 | MISC:https://github.com/Exiv2/exiv2/issues/188",Assigned (20171217),"None (candidate not yet proposed)","" CVE-2017-18005,Candidate,"Exiv2 0.26 has a Null Pointer Dereference in the Exiv2::DataValue::toLong function in value.cpp, related to crafted metadata in a TIFF file.","CONFIRM:https://github.com/Exiv2/exiv2/issues/168",Assigned (20171231),"None (candidate not yet proposed)","" CVE-2017-9239,Candidate,"An issue was discovered in Exiv2 0.26. When the data structure of the structure ifd is incorrect, the program assigns pValue_ to 0x0, and the value of pValue() is 0x0. TiffImageEntry::doWriteImage will use the value of pValue() to cause a segmentation fault. To exploit this vulnerability, someone must open a crafted tiff file.","BID:98720 | URL:http://www.securityfocus.com/bid/98720 | MISC:http://dev.exiv2.org/issues/1295 | MISC:https://github.com/lolo-pop/poc/tree/master/Segmentation%20fault%20in%20convert-test(exiv2) | SUSE:openSUSE-SU-2020:0482 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html | UBUNTU:USN-3852-1 | URL:https://usn.ubuntu.com/3852-1/",Assigned (20170526),"None (candidate not yet proposed)","" CVE-2017-9953,Candidate,"There is an invalid free in Image::printIFDStructure that leads to a Segmentation fault in Exiv2 0.26. A crafted input will lead to a remote denial of service attack.","MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1465061",Assigned (20170626),"None (candidate not yet proposed)","" CVE-2018-10772,Candidate,"The tEXtToDataBuf function in pngimage.cpp in Exiv2 through 0.26 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.","MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1566260 | REDHAT:RHSA-2019:2101 | URL:https://access.redhat.com/errata/RHSA-2019:2101",Assigned (20180506),"None (candidate not yet proposed)","" CVE-2018-10780,Candidate,"Exiv2::Image::byteSwap2 in image.cpp in Exiv2 0.26 has a heap-based buffer over-read.","GENTOO:GLSA-201811-14 | URL:https://security.gentoo.org/glsa/201811-14 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1575201",Assigned (20180507),"None (candidate not yet proposed)","" CVE-2018-10958,Candidate,"In types.cpp in Exiv2 0.26, a large size value may lead to a SIGABRT during an attempt at memory allocation for an Exiv2::Internal::PngChunk::zlibUncompress call.","DEBIAN:DSA-4238 | URL:https://www.debian.org/security/2018/dsa-4238 | GENTOO:GLSA-201811-14 | URL:https://security.gentoo.org/glsa/201811-14 | MISC:https://github.com/Exiv2/exiv2/issues/302 | MLIST:[debian-lts-announce] 20180628 [SECURITY] [DLA 1402-1] exiv2 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00010.html | MLIST:[debian-lts-announce] 20181021 [SECURITY] [DLA 1551-1] exiv2 security update | URL:https://lists.debian.org/debian-lts-announce/2018/10/msg00012.html | REDHAT:RHSA-2019:2101 | URL:https://access.redhat.com/errata/RHSA-2019:2101 | UBUNTU:USN-3700-1 | URL:https://usn.ubuntu.com/3700-1/",Assigned (20180509),"None (candidate not yet proposed)","" CVE-2018-10998,Candidate,"An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp allows remote attackers to cause a denial of service (SIGABRT) by triggering an incorrect Safe::add call.","DEBIAN:DSA-4238 | URL:https://www.debian.org/security/2018/dsa-4238 | GENTOO:GLSA-201811-14 | URL:https://security.gentoo.org/glsa/201811-14 | MISC:https://github.com/Exiv2/exiv2/issues/303 | MLIST:[debian-lts-announce] 20180628 [SECURITY] [DLA 1402-1] exiv2 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00010.html | REDHAT:RHSA-2019:2101 | URL:https://access.redhat.com/errata/RHSA-2019:2101 | UBUNTU:USN-3700-1 | URL:https://usn.ubuntu.com/3700-1/",Assigned (20180511),"None (candidate not yet proposed)","" CVE-2018-10999,Candidate,"An issue was discovered in Exiv2 0.26. The Exiv2::Internal::PngChunk::parseTXTChunk function has a heap-based buffer over-read.","DEBIAN:DSA-4238 | URL:https://www.debian.org/security/2018/dsa-4238 | GENTOO:GLSA-201811-14 | URL:https://security.gentoo.org/glsa/201811-14 | MISC:https://github.com/Exiv2/exiv2/issues/306 | MLIST:[debian-lts-announce] 20180628 [SECURITY] [DLA 1402-1] exiv2 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00010.html | MLIST:[debian-lts-announce] 20181021 [SECURITY] [DLA 1551-1] exiv2 security update | URL:https://lists.debian.org/debian-lts-announce/2018/10/msg00012.html | UBUNTU:USN-3700-1 | URL:https://usn.ubuntu.com/3700-1/",Assigned (20180511),"None (candidate not yet proposed)","" CVE-2018-11037,Candidate,"In Exiv2 0.26, the Exiv2::PngImage::printStructure function in pngimage.cpp allows remote attackers to cause an information leak via a crafted file.","GENTOO:GLSA-201811-14 | URL:https://security.gentoo.org/glsa/201811-14 | MISC:https://github.com/Exiv2/exiv2/issues/307 | REDHAT:RHSA-2019:2101 | URL:https://access.redhat.com/errata/RHSA-2019:2101",Assigned (20180513),"None (candidate not yet proposed)","" CVE-2018-11531,Candidate,"Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp.","CONFIRM:https://github.com/Exiv2/exiv2/issues/283 | DEBIAN:DSA-4238 | URL:https://www.debian.org/security/2018/dsa-4238 | GENTOO:GLSA-201811-14 | URL:https://security.gentoo.org/glsa/201811-14 | MLIST:[debian-lts-announce] 20180628 [SECURITY] [DLA 1402-1] exiv2 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00010.html | UBUNTU:USN-3700-1 | URL:https://usn.ubuntu.com/3700-1/",Assigned (20180529),"None (candidate not yet proposed)","" CVE-2018-12264,Candidate,"Exiv2 0.26 has integer overflows in LoaderTiff::getData() in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp.","CONFIRM:https://github.com/Exiv2/exiv2/issues/366 | CONFIRM:https://github.com/TeamSeri0us/pocs/blob/master/exiv2/2-out-of-read-Poc | DEBIAN:DSA-4238 | URL:https://www.debian.org/security/2018/dsa-4238 | GENTOO:GLSA-201811-14 | URL:https://security.gentoo.org/glsa/201811-14 | MLIST:[debian-lts-announce] 20180628 [SECURITY] [DLA 1402-1] exiv2 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00010.html | REDHAT:RHSA-2019:2101 | URL:https://access.redhat.com/errata/RHSA-2019:2101 | SUSE:openSUSE-SU-2020:0482 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html | UBUNTU:USN-3700-1 | URL:https://usn.ubuntu.com/3700-1/",Assigned (20180612),"None (candidate not yet proposed)","" CVE-2018-12265,Candidate,"Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in preview.cpp, leading to an out-of-bounds read in Exiv2::MemIo::read in basicio.cpp.","CONFIRM:https://github.com/Exiv2/exiv2/issues/365 | CONFIRM:https://github.com/TeamSeri0us/pocs/blob/master/exiv2/1-out-of-read-Poc | DEBIAN:DSA-4238 | URL:https://www.debian.org/security/2018/dsa-4238 | GENTOO:GLSA-201811-14 | URL:https://security.gentoo.org/glsa/201811-14 | MLIST:[debian-lts-announce] 20180628 [SECURITY] [DLA 1402-1] exiv2 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00010.html | REDHAT:RHSA-2019:2101 | URL:https://access.redhat.com/errata/RHSA-2019:2101 | SUSE:openSUSE-SU-2020:0482 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html | UBUNTU:USN-3700-1 | URL:https://usn.ubuntu.com/3700-1/",Assigned (20180612),"None (candidate not yet proposed)","" CVE-2018-14046,Candidate,"Exiv2 0.26 has a heap-based buffer over-read in WebPImage::decodeChunks in webpimage.cpp.","MISC:https://github.com/Exiv2/exiv2/issues/378 | REDHAT:RHSA-2019:2101 | URL:https://access.redhat.com/errata/RHSA-2019:2101",Assigned (20180713),"None (candidate not yet proposed)","" CVE-2018-14338,Candidate,"samples/geotag.cpp in the example code of Exiv2 0.26 misuses the realpath function on POSIX platforms (other than Apple platforms) where glibc is not used, possibly leading to a buffer overflow.","MISC:https://github.com/Exiv2/exiv2/issues/382",Assigned (20180717),"None (candidate not yet proposed)","" CVE-2018-16336,Candidate,"Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file, a different vulnerability than CVE-2018-10999.","MISC:https://github.com/Exiv2/exiv2/issues/400 | MLIST:[debian-lts-announce] 20181021 [SECURITY] [DLA 1551-1] exiv2 security update | URL:https://lists.debian.org/debian-lts-announce/2018/10/msg00012.html | UBUNTU:USN-3852-1 | URL:https://usn.ubuntu.com/3852-1/",Assigned (20180901),"None (candidate not yet proposed)","" CVE-2018-17229,Candidate,"Exiv2::d2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file.","MISC:https://github.com/Exiv2/exiv2/issues/453 | SUSE:openSUSE-SU-2020:0482 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html",Assigned (20180919),"None (candidate not yet proposed)","" CVE-2018-17230,Candidate,"Exiv2::ul2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file.","MISC:https://github.com/Exiv2/exiv2/issues/455 | SUSE:openSUSE-SU-2020:0482 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html",Assigned (20180919),"None (candidate not yet proposed)","" CVE-2018-17282,Candidate,"An issue was discovered in Exiv2 v0.26. The function Exiv2::DataValue::copy in value.cpp has a NULL pointer dereference.","MISC:https://github.com/Exiv2/exiv2/issues/457 | REDHAT:RHSA-2019:2101 | URL:https://access.redhat.com/errata/RHSA-2019:2101 | SUSE:openSUSE-SU-2020:0482 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html",Assigned (20180920),"None (candidate not yet proposed)","" CVE-2018-17581,Candidate,"CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service.","MISC:https://github.com/Exiv2/exiv2/issues/460 | MISC:https://github.com/SegfaultMasters/covering360/blob/master/Exiv2 | MLIST:[debian-lts-announce] 20190226 [SECURITY] [DLA 1691-1] exiv2 security update | URL:https://lists.debian.org/debian-lts-announce/2019/02/msg00038.html | REDHAT:RHSA-2019:2101 | URL:https://access.redhat.com/errata/RHSA-2019:2101 | UBUNTU:USN-3852-1 | URL:https://usn.ubuntu.com/3852-1/",Assigned (20180928),"None (candidate not yet proposed)","" CVE-2018-18915,Candidate,"There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.27-RC1. A crafted input will lead to a remote denial of service attack.","MISC:https://github.com/Exiv2/exiv2/issues/511 | REDHAT:RHSA-2019:2101 | URL:https://access.redhat.com/errata/RHSA-2019:2101",Assigned (20181102),"None (candidate not yet proposed)","" CVE-2018-19107,Candidate,"In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image reader) may suffer from a denial of service (heap-based buffer over-read) caused by an integer overflow via a crafted PSD image file.","MISC:https://github.com/Exiv2/exiv2/issues/427 | MISC:https://github.com/Exiv2/exiv2/pull/518 | MLIST:[debian-lts-announce] 20190226 [SECURITY] [DLA 1691-1] exiv2 security update | URL:https://lists.debian.org/debian-lts-announce/2019/02/msg00038.html | REDHAT:RHSA-2019:2101 | URL:https://access.redhat.com/errata/RHSA-2019:2101 | UBUNTU:USN-4056-1 | URL:https://usn.ubuntu.com/4056-1/",Assigned (20181108),"None (candidate not yet proposed)","" CVE-2018-19108,Candidate,"In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service (infinite loop) caused by an integer overflow via a crafted PSD image file.","MISC:https://github.com/Exiv2/exiv2/issues/426 | MISC:https://github.com/Exiv2/exiv2/pull/518 | MLIST:[debian-lts-announce] 20190226 [SECURITY] [DLA 1691-1] exiv2 security update | URL:https://lists.debian.org/debian-lts-announce/2019/02/msg00038.html | REDHAT:RHSA-2019:2101 | URL:https://access.redhat.com/errata/RHSA-2019:2101 | SUSE:openSUSE-SU-2020:0482 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html | UBUNTU:USN-4056-1 | URL:https://usn.ubuntu.com/4056-1/",Assigned (20181108),"None (candidate not yet proposed)","" CVE-2018-19535,Candidate,"In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunk_int.cpp may cause a denial of service (application crash due to a heap-based buffer over-read) via a crafted PNG file.","MISC:https://github.com/Exiv2/exiv2/issues/428 | MISC:https://github.com/Exiv2/exiv2/pull/430 | MLIST:[debian-lts-announce] 20190226 [SECURITY] [DLA 1691-1] exiv2 security update | URL:https://lists.debian.org/debian-lts-announce/2019/02/msg00038.html | REDHAT:RHSA-2019:2101 | URL:https://access.redhat.com/errata/RHSA-2019:2101 | UBUNTU:USN-4056-1 | URL:https://usn.ubuntu.com/4056-1/",Assigned (20181125),"None (candidate not yet proposed)","" CVE-2018-19607,Candidate,"Exiv2::isoSpeed in easyaccess.cpp in Exiv2 v0.27-RC2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.","MISC:https://github.com/Exiv2/exiv2/issues/561 | REDHAT:RHSA-2019:2101 | URL:https://access.redhat.com/errata/RHSA-2019:2101 | SUSE:openSUSE-SU-2020:0482 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html",Assigned (20181127),"None (candidate not yet proposed)","" CVE-2018-20096,Candidate,"There is a heap-based buffer over-read in the Exiv2::tEXtToDataBuf function of pngimage.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.","FEDORA:FEDORA-2019-c9cbbbb5c0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXCEKTYF7HLM6VH2WCWO2HXTJH37MBLA/ | MISC:https://github.com/Exiv2/exiv2/issues/590 | MISC:https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206 | REDHAT:RHSA-2019:2101 | URL:https://access.redhat.com/errata/RHSA-2019:2101",Assigned (20181212),"None (candidate not yet proposed)","" CVE-2018-20097,Candidate,"There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.","FEDORA:FEDORA-2019-c9cbbbb5c0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXCEKTYF7HLM6VH2WCWO2HXTJH37MBLA/ | MISC:https://github.com/Exiv2/exiv2/issues/590 | MISC:https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206 | MLIST:[debian-lts-announce] 20190226 [SECURITY] [DLA 1691-1] exiv2 security update | URL:https://lists.debian.org/debian-lts-announce/2019/02/msg00038.html | REDHAT:RHSA-2019:2101 | URL:https://access.redhat.com/errata/RHSA-2019:2101",Assigned (20181212),"None (candidate not yet proposed)","" CVE-2018-20098,Candidate,"There is a heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.","FEDORA:FEDORA-2019-c9cbbbb5c0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXCEKTYF7HLM6VH2WCWO2HXTJH37MBLA/ | MISC:https://github.com/Exiv2/exiv2/issues/590 | MISC:https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206 | REDHAT:RHSA-2019:2101 | URL:https://access.redhat.com/errata/RHSA-2019:2101",Assigned (20181212),"None (candidate not yet proposed)","" CVE-2018-20099,Candidate,"There is an infinite loop in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.","FEDORA:FEDORA-2019-c9cbbbb5c0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXCEKTYF7HLM6VH2WCWO2HXTJH37MBLA/ | MISC:https://github.com/Exiv2/exiv2/issues/590 | MISC:https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206 | REDHAT:RHSA-2019:2101 | URL:https://access.redhat.com/errata/RHSA-2019:2101",Assigned (20181212),"None (candidate not yet proposed)","" CVE-2018-4868,Candidate,"The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exiv2 0.26 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file.","BID:102477 | URL:http://www.securityfocus.com/bid/102477 | MISC:https://github.com/Exiv2/exiv2/issues/202",Assigned (20180103),"None (candidate not yet proposed)","" CVE-2018-5772,Candidate,"In Exiv2 0.26, there is a segmentation fault caused by uncontrolled recursion in the Exiv2::Image::printIFDStructure function in the image.cpp file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file.","BID:102789 | URL:http://www.securityfocus.com/bid/102789 | GENTOO:GLSA-201811-14 | URL:https://security.gentoo.org/glsa/201811-14 | MISC:https://github.com/Exiv2/exiv2/issues/216",Assigned (20180118),"None (candidate not yet proposed)","" CVE-2018-8976,Candidate,"In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial of service (image.cpp Exiv2::Internal::stringFormat out-of-bounds read) via a crafted file.","GENTOO:GLSA-201811-14 | URL:https://security.gentoo.org/glsa/201811-14 | MISC:https://github.com/Exiv2/exiv2/issues/246 | REDHAT:RHSA-2019:2101 | URL:https://access.redhat.com/errata/RHSA-2019:2101",Assigned (20180324),"None (candidate not yet proposed)","" CVE-2018-8977,Candidate,"In Exiv2 0.26, the Exiv2::Internal::printCsLensFFFF function in canonmn_int.cpp allows remote attackers to cause a denial of service (invalid memory access) via a crafted file.","GENTOO:GLSA-201811-14 | URL:https://security.gentoo.org/glsa/201811-14 | MISC:https://github.com/Exiv2/exiv2/issues/247 | REDHAT:RHSA-2019:2101 | URL:https://access.redhat.com/errata/RHSA-2019:2101",Assigned (20180324),"None (candidate not yet proposed)","" CVE-2018-9144,Candidate,"In Exiv2 0.26, there is an out-of-bounds read in Exiv2::Internal::binaryToString in image.cpp. It could result in denial of service or information disclosure.","GENTOO:GLSA-201811-14 | URL:https://security.gentoo.org/glsa/201811-14 | MISC:https://github.com/Exiv2/exiv2/issues/254 | MISC:https://github.com/xiaoqx/pocs/tree/master/exiv2",Assigned (20180330),"None (candidate not yet proposed)","" CVE-2018-9145,Candidate,"In the DataBuf class in include/exiv2/types.hpp in Exiv2 0.26, an issue exists in the constructor with an initial buffer size. A large size value may lead to a SIGABRT during an attempt at memory allocation. NOTE: some third parties have been unable to reproduce the SIGABRT when using the 4-DataBuf-abort-1 PoC file.","GENTOO:GLSA-201811-14 | URL:https://security.gentoo.org/glsa/201811-14 | MISC:https://bugzilla.novell.com/show_bug.cgi?id=1087879 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1564281 | MISC:https://github.com/xiaoqx/pocs/tree/master/exiv2",Assigned (20180330),"None (candidate not yet proposed)","" CVE-2018-9303,Candidate,"In Exiv2 0.26, an assertion failure in BigTiffImage::readData in bigtiffimage.cpp results in an abort.","GENTOO:GLSA-201811-14 | URL:https://security.gentoo.org/glsa/201811-14 | MISC:https://github.com/xiaoqx/pocs/blob/master/exiv2/readme.md",Assigned (20180404),"None (candidate not yet proposed)","" CVE-2018-9304,Candidate,"In Exiv2 0.26, a divide by zero in BigTiffImage::printIFD in bigtiffimage.cpp could result in denial of service.","GENTOO:GLSA-201811-14 | URL:https://security.gentoo.org/glsa/201811-14 | MISC:https://github.com/Exiv2/exiv2/issues/262 | MISC:https://github.com/xiaoqx/pocs/blob/master/exiv2/readme.md",Assigned (20180404),"None (candidate not yet proposed)","" CVE-2018-9305,Candidate,"In Exiv2 0.26, an out-of-bounds read in IptcData::printStructure in iptc.c could result in a crash or information leak, related to the ""== 0x1c"" case.","GENTOO:GLSA-201811-14 | URL:https://security.gentoo.org/glsa/201811-14 | MISC:https://github.com/Exiv2/exiv2/issues/263 | MISC:https://github.com/xiaoqx/pocs/blob/master/exiv2/readme.md | REDHAT:RHSA-2019:2101 | URL:https://access.redhat.com/errata/RHSA-2019:2101 | SUSE:openSUSE-SU-2020:0482 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html",Assigned (20180404),"None (candidate not yet proposed)","" CVE-2019-13108,Candidate,"An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file, because PngImage::readMetadata mishandles a zero value for iccOffset.","FEDORA:FEDORA-2019-60553d5a18 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGBT5OD2TF4AIXJUC56WOUJRHAZLZ4DC/ | MISC:https://github.com/Exiv2/exiv2/issues/789 | MISC:https://github.com/Exiv2/exiv2/pull/794",Assigned (20190630),"None (candidate not yet proposed)","" CVE-2019-13109,Candidate,"An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file, because PngImage::readMetadata mishandles a chunkLength - iccOffset subtraction.","FEDORA:FEDORA-2019-60553d5a18 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGBT5OD2TF4AIXJUC56WOUJRHAZLZ4DC/ | MISC:https://github.com/Exiv2/exiv2/issues/790 | MISC:https://github.com/Exiv2/exiv2/pull/795",Assigned (20190630),"None (candidate not yet proposed)","" CVE-2019-13110,Candidate,"A CiffDirectory::readDirectory integer overflow and out-of-bounds read in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted CRW image file.","FEDORA:FEDORA-2019-60553d5a18 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGBT5OD2TF4AIXJUC56WOUJRHAZLZ4DC/ | MISC:https://github.com/Exiv2/exiv2/issues/843 | MISC:https://github.com/Exiv2/exiv2/pull/844 | UBUNTU:USN-4056-1 | URL:https://usn.ubuntu.com/4056-1/",Assigned (20190630),"None (candidate not yet proposed)","" CVE-2019-13111,Candidate,"A WebPImage::decodeChunks integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (large heap allocation followed by a very long running loop) via a crafted WEBP image file.","FEDORA:FEDORA-2019-60553d5a18 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGBT5OD2TF4AIXJUC56WOUJRHAZLZ4DC/ | MISC:https://github.com/Exiv2/exiv2/issues/791 | MISC:https://github.com/Exiv2/exiv2/pull/797",Assigned (20190630),"None (candidate not yet proposed)","" CVE-2019-13112,Candidate,"A PngChunk::parseChunkContent uncontrolled memory allocation in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to an std::bad_alloc exception) via a crafted PNG image file.","FEDORA:FEDORA-2019-60553d5a18 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGBT5OD2TF4AIXJUC56WOUJRHAZLZ4DC/ | MISC:https://github.com/Exiv2/exiv2/issues/845 | MISC:https://github.com/Exiv2/exiv2/pull/846 | UBUNTU:USN-4056-1 | URL:https://usn.ubuntu.com/4056-1/",Assigned (20190630),"None (candidate not yet proposed)","" CVE-2019-13113,Candidate,"Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to assertion failure) via an invalid data location in a CRW image file.","FEDORA:FEDORA-2019-60553d5a18 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGBT5OD2TF4AIXJUC56WOUJRHAZLZ4DC/ | MISC:https://github.com/Exiv2/exiv2/issues/841 | MISC:https://github.com/Exiv2/exiv2/pull/842 | UBUNTU:USN-4056-1 | URL:https://usn.ubuntu.com/4056-1/",Assigned (20190630),"None (candidate not yet proposed)","" CVE-2019-13114,Candidate,"http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service (crash due to a NULL pointer dereference) by returning a crafted response that lacks a space character.","CONFIRM:https://support.f5.com/csp/article/K45429077?utm_source=f5support&utm_medium=RSS | FEDORA:FEDORA-2019-60553d5a18 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGBT5OD2TF4AIXJUC56WOUJRHAZLZ4DC/ | MISC:https://github.com/Exiv2/exiv2/issues/793 | MISC:https://github.com/Exiv2/exiv2/pull/815 | SUSE:openSUSE-SU-2020:0482 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html | UBUNTU:USN-4056-1 | URL:https://usn.ubuntu.com/4056-1/",Assigned (20190630),"None (candidate not yet proposed)","" CVE-2019-13504,Candidate,"There is an out-of-bounds read in Exiv2::MrwImage::readMetadata in mrwimage.cpp in Exiv2 through 0.27.2.","BID:109117 | URL:http://www.securityfocus.com/bid/109117 | MISC:https://fuzzit.dev/2019/07/11/discovering-cve-2019-13504-cve-2019-13503-and-the-importance-of-api-fuzzing/ | MISC:https://github.com/Exiv2/exiv2/pull/943 | MLIST:[debian-lts-announce] 20190719 [SECURITY] [DLA 1855-1] exiv2 security update | URL:https://lists.debian.org/debian-lts-announce/2019/07/msg00015.html",Assigned (20190710),"None (candidate not yet proposed)","" CVE-2019-14368,Candidate,"Exiv2 0.27.99.0 has a heap-based buffer over-read in Exiv2::RafImage::readMetadata() in rafimage.cpp.","MISC:https://github.com/Exiv2/exiv2/issues/952",Assigned (20190728),"None (candidate not yet proposed)","" CVE-2019-14369,Candidate,"Exiv2::PngImage::readMetadata() in pngimage.cpp in Exiv2 0.27.99.0 allows attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file.","MISC:https://github.com/Exiv2/exiv2/issues/953",Assigned (20190728),"None (candidate not yet proposed)","" CVE-2019-14370,Candidate,"In Exiv2 0.27.99.0, there is an out-of-bounds read in Exiv2::MrwImage::readMetadata() in mrwimage.cpp. It could result in denial of service.","MISC:https://github.com/Exiv2/exiv2/issues/954",Assigned (20190728),"None (candidate not yet proposed)","" CVE-2019-14982,Candidate,"In Exiv2 before v0.27.2, there is an integer overflow vulnerability in the WebPImage::getHeaderOffset function in webpimage.cpp. It can lead to a buffer overflow vulnerability and a crash.","MISC:https://github.com/Exiv2/exiv2/compare/v0.27.2-RC2...v0.27.2 | MISC:https://github.com/Exiv2/exiv2/issues/960 | MISC:https://github.com/Exiv2/exiv2/pull/962/commits/e925bc5addd881543fa503470c8a859e112cca62",Assigned (20190812),"None (candidate not yet proposed)","" CVE-2019-17402,Candidate,"Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimage_int.cpp, because there is no validation of the relationship of the total size to the offset and size.","MISC:https://github.com/Exiv2/exiv2/issues/1019 | MLIST:[debian-lts-announce] 20191202 [SECURITY] [DLA 2019-1] exiv2 security update | URL:https://lists.debian.org/debian-lts-announce/2019/12/msg00001.html | UBUNTU:USN-4159-1 | URL:https://usn.ubuntu.com/4159-1/",Assigned (20191009),"None (candidate not yet proposed)","" CVE-2019-20421,Candidate,"In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.","MISC:https://github.com/Exiv2/exiv2/commit/a82098f4f90cd86297131b5663c3dec6a34470e8 | MISC:https://github.com/Exiv2/exiv2/issues/1011 | UBUNTU:USN-4270-1 | URL:https://usn.ubuntu.com/4270-1/",Assigned (20200127),"None (candidate not yet proposed)","" CVE-2019-9143,Candidate,"An issue was discovered in Exiv2 0.27. There is infinite recursion at Exiv2::Image::printTiffStructure in the file image.cpp. This can be triggered by a crafted file. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.","BID:107161 | URL:http://www.securityfocus.com/bid/107161 | MISC:https://github.com/Exiv2/exiv2/issues/711 | MISC:https://research.loginsoft.com/bugs/uncontrolled-recursion-loop-in-exiv2imageprinttiffstructure-exiv2-0-27/",Assigned (20190225),"None (candidate not yet proposed)","" CVE-2019-9144,Candidate,"An issue was discovered in Exiv2 0.27. There is infinite recursion at BigTiffImage::printIFD in the file bigtiffimage.cpp. This can be triggered by a crafted file. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.","BID:107161 | URL:http://www.securityfocus.com/bid/107161 | MISC:https://github.com/Exiv2/exiv2/issues/712 | MISC:https://research.loginsoft.com/bugs/uncontrolled-recursion-loop-in-exiv2anonymous-namespacebigtiffimageprintifd-exiv2-0-27/",Assigned (20190225),"None (candidate not yet proposed)","" CVE-2004-0111,Entry,"gdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via a malformed bitmap (BMP) file.","BID:9842 | URL:http://www.securityfocus.com/bid/9842 | DEBIAN:DSA-464 | URL:http://www.debian.org/security/2004/dsa-464 | FEDORA:FLSA:2005 | URL:https://bugzilla.fedora.us/show_bug.cgi?id=2005 | MANDRAKE:MDKSA-2004:020 | URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:020 | OVAL:oval:org.mitre.oval:def:845 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A845 | OVAL:oval:org.mitre.oval:def:846 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A846 | REDHAT:RHSA-2004:102 | URL:http://www.redhat.com/support/errata/RHSA-2004-102.html | REDHAT:RHSA-2004:103 | URL:http://www.redhat.com/support/errata/RHSA-2004-103.html | XF:gdk-pixbuf-bitmap-dos(15426) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/15426",,"","" CVE-2004-0753,Candidate,"The BMP image processor for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted BMP file.","BID:11195 | URL:http://www.securityfocus.com/bid/11195 | CERT-VN:VU#825374 | URL:http://www.kb.cert.org/vuls/id/825374 | CONECTIVA:CLA-2004:875 | URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000875 | DEBIAN:DSA-546 | URL:http://www.debian.org/security/2004/dsa-546 | FEDORA:FLSA-2005:155510 | URL:http://www.securityfocus.com/archive/1/419771/100/0/threaded | FEDORA:FLSA:2005 | URL:https://bugzilla.fedora.us/show_bug.cgi?id=2005 | MANDRAKE:MDKSA-2004:095 | URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:095 | MANDRIVA:MDKSA-2005:214 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:214 | OVAL:oval:org.mitre.oval:def:10585 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10585 | REDHAT:RHSA-2004:447 | URL:http://www.redhat.com/support/errata/RHSA-2004-447.html | REDHAT:RHSA-2004:466 | URL:http://www.redhat.com/support/errata/RHSA-2004-466.html | SECUNIA:17657 | URL:http://secunia.com/advisories/17657 | XF:gtk-bmp-dos(17383) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/17383",Assigned (20040726),"None (candidate not yet proposed)","" CVE-2004-0782,Candidate,"Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, allows remote attackers to execute arbitrary code via certain n_col and cpp values that enable a heap-based buffer overflow. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0687).","BID:11195 | URL:http://www.securityfocus.com/bid/11195 | BUGTRAQ:20040915 CESA-2004-005: gtk+ XPM decoder | URL:http://marc.info/?l=bugtraq&m=109528994916275&w=2 | CERT-VN:VU#729894 | URL:http://www.kb.cert.org/vuls/id/729894 | CONECTIVA:CLA-2004:875 | URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000875 | DEBIAN:DSA-546 | URL:http://www.debian.org/security/2004/dsa-546 | FEDORA:FLSA-2005:155510 | URL:http://www.securityfocus.com/archive/1/419771/100/0/threaded | FEDORA:FLSA:2005 | URL:https://bugzilla.fedora.us/show_bug.cgi?id=2005 | MANDRAKE:MDKSA-2004:095 | URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:095 | MANDRIVA:MDKSA-2005:214 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:214 | MISC:http://scary.beasts.org/security/CESA-2004-005.txt | OVAL:oval:org.mitre.oval:def:11539 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11539 | OVAL:oval:org.mitre.oval:def:1617 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1617 | REDHAT:RHSA-2004:447 | URL:http://www.redhat.com/support/errata/RHSA-2004-447.html | REDHAT:RHSA-2004:466 | URL:http://www.redhat.com/support/errata/RHSA-2004-466.html | SECUNIA:17657 | URL:http://secunia.com/advisories/17657 | SUNALERT:101776 | URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-101776-1 | XF:gtk-xpm-pixbufcreatefromxpm-bo(17386) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/17386",Assigned (20040817),"None (candidate not yet proposed)","" CVE-2004-0783,Candidate,"Stack-based buffer overflow in xpm_extract_color (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, may allow remote attackers to execute arbitrary code via a certain color string. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0688).","BID:11195 | URL:http://www.securityfocus.com/bid/11195 | BUGTRAQ:20040915 CESA-2004-005: gtk+ XPM decoder | URL:http://marc.info/?l=bugtraq&m=109528994916275&w=2 | CERT-VN:VU#369358 | URL:http://www.kb.cert.org/vuls/id/369358 | CONECTIVA:CLA-2004:875 | URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000875 | FEDORA:FLSA-2005:155510 | URL:http://www.securityfocus.com/archive/1/419771/100/0/threaded | FEDORA:FLSA:2005 | URL:https://bugzilla.fedora.us/show_bug.cgi?id=2005 | MANDRAKE:MDKSA-2004:095 | URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:095 | MANDRAKE:MDKSA-2004:096 | URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:096 | MANDRIVA:MDKSA-2005:214 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:214 | MISC:http://scary.beasts.org/security/CESA-2004-005.txt | OVAL:oval:org.mitre.oval:def:1786 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1786 | OVAL:oval:org.mitre.oval:def:9348 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9348 | REDHAT:RHSA-2004:447 | URL:http://www.redhat.com/support/errata/RHSA-2004-447.html | REDHAT:RHSA-2004:466 | URL:http://www.redhat.com/support/errata/RHSA-2004-466.html | SECUNIA:17657 | URL:http://secunia.com/advisories/17657 | SUNALERT:101776 | URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-101776-1 | XF:gtk-xpm-xpmextractcolor-bo(17385) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/17385",Assigned (20040817),"None (candidate not yet proposed)","" CVE-2004-0788,Candidate,"Integer overflow in the ICO image decoder for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted ICO file.","BID:11195 | URL:http://www.securityfocus.com/bid/11195 | CERT-VN:VU#577654 | URL:http://www.kb.cert.org/vuls/id/577654 | CONECTIVA:CLA-2004:875 | URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000875 | DEBIAN:DSA-546 | URL:http://www.debian.org/security/2004/dsa-546 | FEDORA:FLSA-2005:155510 | URL:http://www.securityfocus.com/archive/1/419771/100/0/threaded | FEDORA:FLSA:2005 | URL:https://bugzilla.fedora.us/show_bug.cgi?id=2005 | MANDRAKE:MDKSA-2004:095 | URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:095 | MANDRIVA:MDKSA-2005:214 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:214 | OVAL:oval:org.mitre.oval:def:10506 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10506 | REDHAT:RHSA-2004:447 | URL:http://www.redhat.com/support/errata/RHSA-2004-447.html | REDHAT:RHSA-2004:466 | URL:http://www.redhat.com/support/errata/RHSA-2004-466.html | SECUNIA:17657 | URL:http://secunia.com/advisories/17657 | XF:gtk-ico-integer-bo(17387) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/17387",Assigned (20040817),"None (candidate not yet proposed)","" CVE-2005-0444,Candidate,"VMware before 4.5.2.8848-r5 searches for gdk-pixbuf shared libraries using a path that includes the rrdharan world-writable temporary directory, which allows local users to execute arbitrary code.","GENTOO:GLSA-200502-18 | URL:http://security.gentoo.org/glsa/glsa-200502-18.xml",Assigned (20050215),"None (candidate not yet proposed)","" CVE-2005-0686,Candidate,"Integer overflow in mlterm 2.5.0 through 2.9.1, with gdk-pixbuf support enabled, allows remote attackers to execute arbitrary code via a large image file that is used as a background.","CONFIRM:https://sourceforge.net/project/shownotes.php?release_id=310416 | GENTOO:GLSA-200503-13 | URL:http://www.gentoo.org/security/en/glsa/glsa-200503-13.xml",Assigned (20050309),"None (candidate not yet proposed)","" CVE-2005-2975,Candidate,"io-xpm.c in the gdk-pixbuf XPM image rendering library in GTK+ before 2.8.7 allows attackers to cause a denial of service (infinite loop) via a crafted XPM image with a large number of colors.","BID:15429 | URL:http://www.securityfocus.com/bid/15429 | CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2005-229.pdf | DEBIAN:DSA-911 | URL:http://www.debian.org/security/2005/dsa-911 | DEBIAN:DSA-913 | URL:http://www.debian.org/security/2005/dsa-913 | FEDORA:FLSA:173274 | URL:http://www.securityfocus.com/archive/1/428052/100/0/threaded | GENTOO:GLSA-200511-14 | URL:http://www.gentoo.org/security/en/glsa/glsa-200511-14.xml | MANDRIVA:MDKSA-2005:214 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:214 | OVAL:oval:org.mitre.oval:def:9697 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9697 | REDHAT:RHSA-2005:810 | URL:http://www.redhat.com/support/errata/RHSA-2005-810.html | REDHAT:RHSA-2005:811 | URL:http://www.redhat.com/support/errata/RHSA-2005-811.html | SECTRACK:1015216 | URL:http://securitytracker.com/id?1015216 | SECUNIA:17522 | URL:http://secunia.com/advisories/17522 | SECUNIA:17538 | URL:http://secunia.com/advisories/17538 | SECUNIA:17562 | URL:http://secunia.com/advisories/17562 | SECUNIA:17588 | URL:http://secunia.com/advisories/17588 | SECUNIA:17591 | URL:http://secunia.com/advisories/17591 | SECUNIA:17592 | URL:http://secunia.com/advisories/17592 | SECUNIA:17594 | URL:http://secunia.com/advisories/17594 | SECUNIA:17615 | URL:http://secunia.com/advisories/17615 | SECUNIA:17657 | URL:http://secunia.com/advisories/17657 | SECUNIA:17710 | URL:http://secunia.com/advisories/17710 | SECUNIA:17770 | URL:http://secunia.com/advisories/17770 | SECUNIA:17791 | URL:http://secunia.com/advisories/17791 | SUSE:SUSE-SA:2005:065 | URL:http://www.novell.com/linux/security/advisories/2005_65_gtk2.html | UBUNTU:USN-216-1 | URL:http://www.ubuntu.com/usn/usn-216-1 | VUPEN:ADV-2005-2433 | URL:http://www.vupen.com/english/advisories/2005/2433",Assigned (20050919),"None (candidate not yet proposed)","" CVE-2005-2976,Candidate,"Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 allows attackers to cause a denial of service (crash) or execute arbitrary code via an XPM file with large height, width, and colour values, a different vulnerability than CVE-2005-3186.","BID:15428 | URL:http://www.securityfocus.com/bid/15428 | CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2005-229.pdf | DEBIAN:DSA-911 | URL:http://www.debian.org/security/2005/dsa-911 | DEBIAN:DSA-913 | URL:http://www.debian.org/security/2005/dsa-913 | FEDORA:FLSA:173274 | URL:http://www.securityfocus.com/archive/1/428052/100/0/threaded | GENTOO:GLSA-200511-14 | URL:http://www.gentoo.org/security/en/glsa/glsa-200511-14.xml | MANDRIVA:MDKSA-2005:214 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:214 | OVAL:oval:org.mitre.oval:def:11370 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11370 | REDHAT:RHSA-2005:810 | URL:http://www.redhat.com/support/errata/RHSA-2005-810.html | SECTRACK:1015216 | URL:http://securitytracker.com/id?1015216 | SECUNIA:17522 | URL:http://secunia.com/advisories/17522 | SECUNIA:17538 | URL:http://secunia.com/advisories/17538 | SECUNIA:17562 | URL:http://secunia.com/advisories/17562 | SECUNIA:17592 | URL:http://secunia.com/advisories/17592 | SECUNIA:17594 | URL:http://secunia.com/advisories/17594 | SECUNIA:17615 | URL:http://secunia.com/advisories/17615 | SECUNIA:17657 | URL:http://secunia.com/advisories/17657 | SECUNIA:17710 | URL:http://secunia.com/advisories/17710 | SECUNIA:17770 | URL:http://secunia.com/advisories/17770 | SECUNIA:17791 | URL:http://secunia.com/advisories/17791 | SUSE:SUSE-SA:2005:065 | URL:http://www.novell.com/linux/security/advisories/2005_65_gtk2.html | UBUNTU:USN-216-1 | URL:http://www.ubuntu.com/usn/usn-216-1 | VUPEN:ADV-2005-2433 | URL:http://www.vupen.com/english/advisories/2005/2433",Assigned (20050919),"None (candidate not yet proposed)","" CVE-2005-3186,Candidate,"Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 2.4.0 allows attackers to execute arbitrary code via an XPM file with a number of colors that causes insufficient memory to be allocated, which leads to a heap-based buffer overflow.","BID:15435 | URL:http://www.securityfocus.com/bid/15435 | CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2005-229.pdf | DEBIAN:DSA-911 | URL:http://www.debian.org/security/2005/dsa-911 | DEBIAN:DSA-913 | URL:http://www.debian.org/security/2005/dsa-913 | FEDORA:FLSA:173274 | URL:http://www.securityfocus.com/archive/1/428052/100/0/threaded | GENTOO:GLSA-200511-14 | URL:http://www.gentoo.org/security/en/glsa/glsa-200511-14.xml | IDEFENSE:20051115 Multiple Vendor GTK+ gdk-pixbuf XPM Loader Heap Overflow Vulnerability | URL:http://www.idefense.com/application/poi/display?id=339&type=vulnerabilities | MANDRIVA:MDKSA-2005:214 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:214 | OVAL:oval:org.mitre.oval:def:9503 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9503 | REDHAT:RHSA-2005:810 | URL:http://www.redhat.com/support/errata/RHSA-2005-810.html | REDHAT:RHSA-2005:811 | URL:http://www.redhat.com/support/errata/RHSA-2005-811.html | SCO:SCOSA-2006.8 | URL:ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.8/SCOSA-2006.8.txt | SECTRACK:1015216 | URL:http://securitytracker.com/id?1015216 | SECUNIA:17522 | URL:http://secunia.com/advisories/17522 | SECUNIA:17538 | URL:http://secunia.com/advisories/17538 | SECUNIA:17562 | URL:http://secunia.com/advisories/17562 | SECUNIA:17588 | URL:http://secunia.com/advisories/17588 | SECUNIA:17591 | URL:http://secunia.com/advisories/17591 | SECUNIA:17592 | URL:http://secunia.com/advisories/17592 | SECUNIA:17594 | URL:http://secunia.com/advisories/17594 | SECUNIA:17615 | URL:http://secunia.com/advisories/17615 | SECUNIA:17657 | URL:http://secunia.com/advisories/17657 | SECUNIA:17710 | URL:http://secunia.com/advisories/17710 | SECUNIA:17770 | URL:http://secunia.com/advisories/17770 | SECUNIA:17791 | URL:http://secunia.com/advisories/17791 | SECUNIA:18509 | URL:http://secunia.com/advisories/18509 | SREASON:188 | URL:http://securityreason.com/securityalert/188 | SUSE:SUSE-SA:2005:065 | URL:http://www.novell.com/linux/security/advisories/2005_65_gtk2.html | UBUNTU:USN-216-1 | URL:http://www.ubuntu.com/usn/usn-216-1 | VUPEN:ADV-2005-2433 | URL:http://www.vupen.com/english/advisories/2005/2433",Assigned (20051012),"None (candidate not yet proposed)","" CVE-2011-2485,Candidate,"The gdk_pixbuf__gif_image_load function in gdk-pixbuf/io-gif.c in gdk-pixbuf before 2.23.5 does not properly handle certain return values, which allows remote attackers to cause a denial of service (memory consumption) via a crafted GIF image file.","CONFIRM:http://ftp.gnome.org/pub/GNOME/sources/gdk-pixbuf/2.23/gdk-pixbuf-2.23.5.news | CONFIRM:http://git.gnome.org/browse/gdk-pixbuf/commit/?id=f8569bb13e2aa1584dde61ca545144750f7a7c98 | GENTOO:GLSA-201206-20 | URL:http://security.gentoo.org/glsa/glsa-201206-20.xml | SECUNIA:45656 | URL:http://secunia.com/advisories/45656 | SECUNIA:49715 | URL:http://secunia.com/advisories/49715",Assigned (20110615),"None (candidate not yet proposed)","" CVE-2011-2897,Candidate,"gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw","MISC:https://access.redhat.com/security/cve/cve-2011-2897 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2897 | MISC:https://security-tracker.debian.org/tracker/CVE-2011-2897",Assigned (20110727),"None (candidate not yet proposed)","" CVE-2012-2370,Candidate,"Multiple integer overflows in the read_bitmap_file_data function in io-xbm.c in gdk-pixbuf before 2.26.1 allow remote attackers to cause a denial of service (application crash) via a negative (1) height or (2) width in an XBM file, which triggers a heap-based buffer overflow.","BID:53548 | URL:http://www.securityfocus.com/bid/53548 | CONFIRM:http://git.gnome.org/browse/gdk-pixbuf/commit/?id=4f0f465f991cd454d03189497f923eb40c170c22 | CONFIRM:http://git.gnome.org/browse/gdk-pixbuf/commit/?id=b1bb3053856aede37d473c92f0e5a10e29f10516 | GENTOO:GLSA-201206-20 | URL:http://www.gentoo.org/security/en/glsa/glsa-201206-20.xml | MISC:http://git.gnome.org/browse/gdk-pixbuf/ | MISC:https://bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/681150 | MLIST:[oss-security] 20120515 CVE Request: gdk-pixbuf Integer overflow in XBM file loader | URL:http://www.openwall.com/lists/oss-security/2012/05/15/8 | MLIST:[oss-security] 20120515 Re: CVE Request: gdk-pixbuf Integer overflow in XBM file loader | URL:http://www.openwall.com/lists/oss-security/2012/05/15/9 | REDHAT:RHSA-2013:0135 | URL:http://rhn.redhat.com/errata/RHSA-2013-0135.html | SECUNIA:49125 | URL:http://secunia.com/advisories/49125 | SECUNIA:49715 | URL:http://secunia.com/advisories/49715 | XF:gdkpixbuf-readbitmapfiledata-bo(75578) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/75578",Assigned (20120419),"None (candidate not yet proposed)","" CVE-2015-4491,Candidate,"Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling.","CONFIRM:http://www.mozilla.org/security/announce/2015/mfsa2015-88.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:https://bugzilla.gnome.org/show_bug.cgi?id=752297 | CONFIRM:https://bugzilla.mozilla.org/show_bug.cgi?id=1184009 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1252290 | CONFIRM:https://git.gnome.org/browse/gdk-pixbuf/commit/?id=ffec86ed5010c5a2be14f47b33bcf4ed3169a199 | DEBIAN:DSA-3337 | URL:http://www.debian.org/security/2015/dsa-3337 | FEDORA:FEDORA-2015-13925 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165703.html | FEDORA:FEDORA-2015-13926 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165732.html | FEDORA:FEDORA-2015-14010 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165730.html | FEDORA:FEDORA-2015-14011 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165701.html | GENTOO:GLSA-201512-05 | URL:https://security.gentoo.org/glsa/201512-05 | GENTOO:GLSA-201605-06 | URL:https://security.gentoo.org/glsa/201605-06 | REDHAT:RHSA-2015:1586 | URL:http://rhn.redhat.com/errata/RHSA-2015-1586.html | REDHAT:RHSA-2015:1682 | URL:http://rhn.redhat.com/errata/RHSA-2015-1682.html | REDHAT:RHSA-2015:1694 | URL:http://rhn.redhat.com/errata/RHSA-2015-1694.html | SECTRACK:1033247 | URL:http://www.securitytracker.com/id/1033247 | SECTRACK:1033372 | URL:http://www.securitytracker.com/id/1033372 | SUSE:SUSE-SU-2015:1449 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html | SUSE:SUSE-SU-2015:1528 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html | SUSE:SUSE-SU-2015:2081 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html | SUSE:openSUSE-SU-2015:1389 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html | SUSE:openSUSE-SU-2015:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html | SUSE:openSUSE-SU-2015:1453 | URL:http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html | SUSE:openSUSE-SU-2015:1454 | URL:http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html | SUSE:openSUSE-SU-2015:1500 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00002.html | UBUNTU:USN-2702-1 | URL:http://www.ubuntu.com/usn/USN-2702-1 | UBUNTU:USN-2702-2 | URL:http://www.ubuntu.com/usn/USN-2702-2 | UBUNTU:USN-2702-3 | URL:http://www.ubuntu.com/usn/USN-2702-3 | UBUNTU:USN-2712-1 | URL:http://www.ubuntu.com/usn/USN-2712-1 | UBUNTU:USN-2722-1 | URL:http://www.ubuntu.com/usn/USN-2722-1",Assigned (20150610),"None (candidate not yet proposed)","" CVE-2015-7216,Candidate,"The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the JasPer decoder, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JPEG 2000 image.","BID:79278 | URL:http://www.securityfocus.com/bid/79278 | CONFIRM:http://www.mozilla.org/security/announce/2015/mfsa2015-143.html | CONFIRM:https://bugzilla.mozilla.org/show_bug.cgi?id=1197059 | FEDORA:FEDORA-2015-51b1105902 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html | FEDORA:FEDORA-2015-7ab3d3afcf | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html | GENTOO:GLSA-201512-10 | URL:https://security.gentoo.org/glsa/201512-10 | SECTRACK:1034426 | URL:http://www.securitytracker.com/id/1034426 | SUSE:openSUSE-SU-2015:2353 | URL:http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html | SUSE:openSUSE-SU-2016:0307 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html | SUSE:openSUSE-SU-2016:0308 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html | UBUNTU:USN-2833-1 | URL:http://www.ubuntu.com/usn/USN-2833-1",Assigned (20150916),"None (candidate not yet proposed)","" CVE-2015-7217,Candidate,"The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the TGA decoder, which allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted Truevision TGA image.","BID:79278 | URL:http://www.securityfocus.com/bid/79278 | CONFIRM:http://www.mozilla.org/security/announce/2015/mfsa2015-143.html | CONFIRM:https://bugzilla.mozilla.org/show_bug.cgi?id=1203078 | FEDORA:FEDORA-2015-51b1105902 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html | FEDORA:FEDORA-2015-7ab3d3afcf | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html | GENTOO:GLSA-201512-10 | URL:https://security.gentoo.org/glsa/201512-10 | SECTRACK:1034426 | URL:http://www.securitytracker.com/id/1034426 | SUSE:openSUSE-SU-2015:2353 | URL:http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html | SUSE:openSUSE-SU-2016:0307 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html | SUSE:openSUSE-SU-2016:0308 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html | UBUNTU:USN-2833-1 | URL:http://www.ubuntu.com/usn/USN-2833-1",Assigned (20150916),"None (candidate not yet proposed)","" CVE-2015-7552,Candidate,"Heap-based buffer overflow in the gdk_pixbuf_flip function in gdk-pixbuf-scale.c in gdk-pixbuf 2.30.x allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted BMP file.","CONFIRM:https://bugzilla.suse.com/show_bug.cgi?id=958963 | DEBIAN:DSA-3589 | URL:http://www.debian.org/security/2016/dsa-3589 | FEDORA:FEDORA-2020-418ce730df | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJF5ARFOX4BFUK6YCBKGAKBQYECO3AI2/ | FEDORA:FEDORA-2020-a718b79006 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSAZ6UCKKXC5VOWXGWQHOX2ZBLLATIOT/ | SUSE:openSUSE-SU-2016:0897 | URL:http://lists.opensuse.org/opensuse-updates/2016-03/msg00124.html | SUSE:openSUSE-SU-2016:1467 | URL:http://lists.opensuse.org/opensuse-updates/2016-06/msg00006.html | UBUNTU:USN-3085-1 | URL:http://www.ubuntu.com/usn/USN-3085-1",Assigned (20150929),"None (candidate not yet proposed)","" CVE-2015-7673,Candidate,"io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation failed, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) and possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file.","BID:76953 | URL:http://www.securityfocus.com/bid/76953 | CONFIRM:http://ftp.gnome.org/pub/gnome/sources/gdk-pixbuf/2.32/gdk-pixbuf-2.32.0.news | CONFIRM:https://git.gnome.org/browse/gdk-pixbuf/commit/?id=19f9685dbff7d1f929c61cf99188df917a18811d | CONFIRM:https://git.gnome.org/browse/gdk-pixbuf/commit/?id=6ddca835100107e6b5841ce9d56074f6d98c387e | CONFIRM:https://git.gnome.org/browse/gdk-pixbuf/commit/?id=edf6fb8d856574bc3bb3a703037f56533229267c | DEBIAN:DSA-3378 | URL:http://www.debian.org/security/2015/dsa-3378 | GENTOO:GLSA-201512-05 | URL:https://security.gentoo.org/glsa/201512-05 | MLIST:[oss-security] 20151001 CVE request: Heap overflow and DoS with a tga file in gdk-pixbuf < 2.32.1 | URL:http://www.openwall.com/lists/oss-security/2015/10/01/3 | MLIST:[oss-security] 20151002 Re: CVE request: Heap overflow and DoS with a tga file in gdk-pixbuf < 2.32.1 | URL:http://www.openwall.com/lists/oss-security/2015/10/02/9 | SUSE:openSUSE-SU-2016:0897 | URL:http://lists.opensuse.org/opensuse-updates/2016-03/msg00124.html | SUSE:openSUSE-SU-2016:1467 | URL:http://lists.opensuse.org/opensuse-updates/2016-06/msg00006.html | UBUNTU:USN-2767-1 | URL:http://www.ubuntu.com/usn/USN-2767-1",Assigned (20151002),"None (candidate not yet proposed)","" CVE-2015-7674,Candidate,"Integer overflow in the pixops_scale_nearest function in pixops/pixops.c in gdk-pixbuf before 2.32.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted GIF image file, which triggers a heap-based buffer overflow.","BID:76955 | URL:http://www.securityfocus.com/bid/76955 | CONFIRM:http://ftp.gnome.org/pub/gnome/sources/gdk-pixbuf/2.32/gdk-pixbuf-2.32.1.news | CONFIRM:https://git.gnome.org/browse/gdk-pixbuf/commit/?id=e9a5704edaa9aee9498f1fbf6e1b70fcce2e55aa | DEBIAN:DSA-3378 | URL:http://www.debian.org/security/2015/dsa-3378 | GENTOO:GLSA-201512-05 | URL:https://security.gentoo.org/glsa/201512-05 | MLIST:[oss-security] 20151001 CVE request: Heap overflow with a gif file in gdk-pixbuf < 2.32.1 | URL:http://www.openwall.com/lists/oss-security/2015/10/01/4 | MLIST:[oss-security] 20151001 Re: CVE request: Heap overflow with a gif file in gdk-pixbuf < 2.32.1 | URL:http://www.openwall.com/lists/oss-security/2015/10/01/7 | MLIST:[oss-security] 20151002 Re: CVE request: Heap overflow with a gif file in gdk-pixbuf < 2.32.1 | URL:http://www.openwall.com/lists/oss-security/2015/10/02/10 | MLIST:[oss-security] 20151005 Re: CVE request: Heap overflow with a gif file in gdk-pixbuf < 2.32.1 | URL:http://www.openwall.com/lists/oss-security/2015/10/05/7 | SUSE:openSUSE-SU-2016:0897 | URL:http://lists.opensuse.org/opensuse-updates/2016-03/msg00124.html | SUSE:openSUSE-SU-2016:1467 | URL:http://lists.opensuse.org/opensuse-updates/2016-06/msg00006.html | UBUNTU:USN-2767-1 | URL:http://www.ubuntu.com/usn/USN-2767-1",Assigned (20151002),"None (candidate not yet proposed)","" CVE-2015-8875,Candidate,"Multiple integer overflows in the (1) pixops_composite_nearest, (2) pixops_composite_color_nearest, and (3) pixops_process functions in pixops/pixops.c in gdk-pixbuf before 2.33.1 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image, which triggers a heap-based buffer overflow.","CONFIRM:https://git.gnome.org/browse/gdk-pixbuf/commit/?id=dbfe8f70471864818bf458a39c8a99640895bd22 | DEBIAN:DSA-3589 | URL:http://www.debian.org/security/2016/dsa-3589 | MLIST:[oss-security] 20160512 Possible CVE request: gdk-pixbuf: Additional fixes to protect against overlows in pixops_* functions (similar to CVE-2015-7674) | URL:http://www.openwall.com/lists/oss-security/2016/05/12/3 | MLIST:[oss-security] 20160516 Re: CVE Request: gdk-pixbuf: Additional fixes to protect against overlows in pixops_* functions (similar to CVE-2015-7674) | URL:http://www.openwall.com/lists/oss-security/2016/05/16/1 | MLIST:[oss-security] 20160517 Re: CVE Request: gdk-pixbuf: Additional fixes to protect against overlows in pixops_* functions (similar to CVE-2015-7674) | URL:http://www.openwall.com/lists/oss-security/2016/05/17/7 | UBUNTU:USN-3085-1 | URL:http://www.ubuntu.com/usn/USN-3085-1",Assigned (20160517),"None (candidate not yet proposed)","" CVE-2016-6352,Candidate,"The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file.","CONFIRM:https://bugzilla.gnome.org/show_bug.cgi?id=769170 | CONFIRM:https://git.gnome.org/browse/gdk-pixbuf/commit/?id=88af50a864195da1a4f7bda5f02539704fbda599 | CONFIRM:https://git.gnome.org/browse/gdk-pixbuf/tree/NEWS?id=640134c46221689d263369872937192e4484c83b | MLIST:[debian-lts-announce] 20191219 [SECURITY] [DLA 2043-1] gdk-pixbuf security update | URL:https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html | MLIST:[oss-security] 20160713 CVE Request: Write out-of-bounds in gdk-pixbuf 2.30.7 | URL:http://www.openwall.com/lists/oss-security/2016/07/13/11 | MLIST:[oss-security] 20160726 Re: CVE Request: Write out-of-bounds in gdk-pixbuf 2.30.7 | URL:http://www.openwall.com/lists/oss-security/2016/07/26/11 | SUSE:openSUSE-SU-2016:2276 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00040.html | UBUNTU:USN-3085-1 | URL:http://www.ubuntu.com/usn/USN-3085-1",Assigned (20160726),"None (candidate not yet proposed)","" CVE-2017-1000422,Candidate,"Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution","CONFIRM:https://bugzilla.gnome.org/show_bug.cgi?id=785973 | DEBIAN:DSA-4088 | URL:https://www.debian.org/security/2018/dsa-4088 | GENTOO:GLSA-201804-14 | URL:https://security.gentoo.org/glsa/201804-14 | MLIST:[debian-lts-announce] 20180108 [SECURITY] [DLA 1234-1] gdk-pixbuf security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00007.html | UBUNTU:USN-3532-1 | URL:https://usn.ubuntu.com/3532-1/",Assigned (20180102),"None (candidate not yet proposed)","" CVE-2017-12447,Candidate,"GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial of service (stack corruption) or possibly have unspecified other impact via a crafted file folder.","MISC:https://bugzilla.gnome.org/show_bug.cgi?id=785979 | MISC:https://github.com/hackerlib/hackerlib-vul/tree/master/gnome | UBUNTU:USN-3912-1 | URL:https://usn.ubuntu.com/3912-1/",Assigned (20170804),"None (candidate not yet proposed)","" CVE-2017-2862,Candidate,"An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability.","BID:100541 | URL:http://www.securityfocus.com/bid/100541 | DEBIAN:DSA-3978 | URL:http://www.debian.org/security/2017/dsa-3978 | MISC:https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0366",Assigned (20161201),"None (candidate not yet proposed)","" CVE-2017-2870,Candidate,"An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger this vulnerability.","BID:100541 | URL:http://www.securityfocus.com/bid/100541 | MISC:https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0377 | MLIST:[debian-lts-announce] 20191219 [SECURITY] [DLA 2043-1] gdk-pixbuf security update | URL:https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html",Assigned (20161201),"None (candidate not yet proposed)","" CVE-2017-6311,Candidate,"gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to printing an error message.","BID:96779 | URL:http://www.securityfocus.com/bid/96779 | FEDORA:FEDORA-2020-418ce730df | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJF5ARFOX4BFUK6YCBKGAKBQYECO3AI2/ | FEDORA:FEDORA-2020-a718b79006 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSAZ6UCKKXC5VOWXGWQHOX2ZBLLATIOT/ | GENTOO:GLSA-201709-08 | URL:https://security.gentoo.org/glsa/201709-08 | MISC:http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html | MISC:https://bugzilla.gnome.org/show_bug.cgi?id=778204 | MLIST:[oss-security] 20170221 CVE Request - Multiple vulnerabilities in gdk-pixbuf | URL:http://www.openwall.com/lists/oss-security/2017/02/21/4 | MLIST:[oss-security] 20170226 Re: CVE Request - Multiple vulnerabilities in gdk-pixbuf | URL:http://www.openwall.com/lists/oss-security/2017/02/26/1",Assigned (20170223),"None (candidate not yet proposed)","" CVE-2017-6312,Candidate,"Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations.","BID:96779 | URL:http://www.securityfocus.com/bid/96779 | FEDORA:FEDORA-2020-418ce730df | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJF5ARFOX4BFUK6YCBKGAKBQYECO3AI2/ | FEDORA:FEDORA-2020-a718b79006 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSAZ6UCKKXC5VOWXGWQHOX2ZBLLATIOT/ | GENTOO:GLSA-201709-08 | URL:https://security.gentoo.org/glsa/201709-08 | MISC:http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html | MISC:https://bugzilla.gnome.org/show_bug.cgi?id=779012 | MLIST:[debian-lts-announce] 20191219 [SECURITY] [DLA 2043-1] gdk-pixbuf security update | URL:https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html | MLIST:[oss-security] 20170221 CVE Request - Multiple vulnerabilities in gdk-pixbuf | URL:http://www.openwall.com/lists/oss-security/2017/02/21/4 | MLIST:[oss-security] 20170226 Re: CVE Request - Multiple vulnerabilities in gdk-pixbuf | URL:http://www.openwall.com/lists/oss-security/2017/02/26/1",Assigned (20170223),"None (candidate not yet proposed)","" CVE-2017-6313,Candidate,"Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file.","BID:96779 | URL:http://www.securityfocus.com/bid/96779 | FEDORA:FEDORA-2020-418ce730df | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJF5ARFOX4BFUK6YCBKGAKBQYECO3AI2/ | FEDORA:FEDORA-2020-a718b79006 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSAZ6UCKKXC5VOWXGWQHOX2ZBLLATIOT/ | GENTOO:GLSA-201709-08 | URL:https://security.gentoo.org/glsa/201709-08 | MISC:http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html | MISC:https://bugzilla.gnome.org/show_bug.cgi?id=779016 | MLIST:[debian-lts-announce] 20191219 [SECURITY] [DLA 2043-1] gdk-pixbuf security update | URL:https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html | MLIST:[oss-security] 20170221 CVE Request - Multiple vulnerabilities in gdk-pixbuf | URL:http://www.openwall.com/lists/oss-security/2017/02/21/4 | MLIST:[oss-security] 20170226 Re: CVE Request - Multiple vulnerabilities in gdk-pixbuf | URL:http://www.openwall.com/lists/oss-security/2017/02/26/1",Assigned (20170223),"None (candidate not yet proposed)","" CVE-2017-6314,Candidate,"The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file.","BID:96779 | URL:http://www.securityfocus.com/bid/96779 | FEDORA:FEDORA-2020-418ce730df | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJF5ARFOX4BFUK6YCBKGAKBQYECO3AI2/ | FEDORA:FEDORA-2020-a718b79006 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSAZ6UCKKXC5VOWXGWQHOX2ZBLLATIOT/ | GENTOO:GLSA-201709-08 | URL:https://security.gentoo.org/glsa/201709-08 | MISC:http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html | MISC:https://bugzilla.gnome.org/show_bug.cgi?id=779020 | MLIST:[debian-lts-announce] 20191219 [SECURITY] [DLA 2043-1] gdk-pixbuf security update | URL:https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html | MLIST:[oss-security] 20170221 CVE Request - Multiple vulnerabilities in gdk-pixbuf | URL:http://www.openwall.com/lists/oss-security/2017/02/21/4 | MLIST:[oss-security] 20170226 Re: CVE Request - Multiple vulnerabilities in gdk-pixbuf | URL:http://www.openwall.com/lists/oss-security/2017/02/26/1",Assigned (20170223),"None (candidate not yet proposed)","" CVE-2020-29385,Candidate,"GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. if c->self_code equals 10, self->code_table[10].extends will assign the value 11 to c. The next execution in the loop will assign self->code_table[11].extends to c, which will give the value of 10. This will make the loop run infinitely. This bug can, for example, be triggered by calling this function with a GIF image with LZW compression that is crafted in a special way.","CONFIRM:https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977166 | CONFIRM:https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/164 | CONFIRM:https://ubuntu.com/security/CVE-2020-29385 | FEDORA:FEDORA-2021-2e59756cbe | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EANWYODLOJDFLMBH6WEKJJMQ5PKLEWML/ | FEDORA:FEDORA-2021-755ba8968a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5H3GNVWMZTYZR3JBYCK57PF7PFMQBNP/ | FEDORA:FEDORA-2021-c918632e13 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BGZVCTH5O7WBJLYXZ2UOKLYNIFPVR55D/ | MISC:https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/blob/master/NEWS | MISC:https://security.gentoo.org/glsa/202012-15",Assigned (20201130),"None (candidate not yet proposed)","" CVE-2007-2721,Candidate,"The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG-2000 library (libjasper) before 1.900 allows remote user-assisted attackers to cause a denial of service (crash) and possibly corrupt the heap via malformed image files, as originally demonstrated using imagemagick convert.","BID:24052 | URL:http://www.securityfocus.com/bid/24052 | CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=413033 | CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=413041 | CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=413041;msg=88 | DEBIAN:DSA-2036 | URL:http://www.debian.org/security/2010/dsa-2036 | MANDRIVA:MDKSA-2007:129 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:129 | MANDRIVA:MDKSA-2007:208 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:208 | MANDRIVA:MDKSA-2007:209 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:209 | MANDRIVA:MDVSA-2009:142 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:142 | MANDRIVA:MDVSA-2009:164 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:164 | OSVDB:36137 | URL:http://osvdb.org/36137 | OVAL:oval:org.mitre.oval:def:9397 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9397 | REDHAT:RHSA-2009:0012 | URL:http://www.redhat.com/support/errata/RHSA-2009-0012.html | SECUNIA:25287 | URL:http://secunia.com/advisories/25287 | SECUNIA:25703 | URL:http://secunia.com/advisories/25703 | SECUNIA:26516 | URL:http://secunia.com/advisories/26516 | SECUNIA:27319 | URL:http://secunia.com/advisories/27319 | SECUNIA:27489 | URL:http://secunia.com/advisories/27489 | SECUNIA:39505 | URL:http://secunia.com/advisories/39505 | UBUNTU:USN-501-1 | URL:http://www.ubuntu.com/usn/usn-501-1 | UBUNTU:USN-501-2 | URL:http://www.ubuntu.com/usn/usn-501-2 | VUPEN:ADV-2010-0912 | URL:http://www.vupen.com/english/advisories/2010/0912",Assigned (20070516),"None (candidate not yet proposed)","" CVE-2008-3520,Candidate,"Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation.","BID:31470 | URL:http://www.securityfocus.com/bid/31470 | GENTOO:GLSA-200812-18 | URL:http://security.gentoo.org/glsa/glsa-200812-18.xml | MANDRIVA:MDVSA-2009:142 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:142 | MANDRIVA:MDVSA-2009:144 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:144 | MANDRIVA:MDVSA-2009:164 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:164 | MISC:http://bugs.gentoo.org/show_bug.cgi?id=222819 | OVAL:oval:org.mitre.oval:def:10141 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10141 | REDHAT:RHSA-2009:0012 | URL:http://www.redhat.com/support/errata/RHSA-2009-0012.html | REDHAT:RHSA-2015:0698 | URL:http://rhn.redhat.com/errata/RHSA-2015-0698.html | SECUNIA:33173 | URL:http://secunia.com/advisories/33173 | SECUNIA:34391 | URL:http://secunia.com/advisories/34391 | SLACKWARE:SSA:2015-302-02 | URL:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606 | UBUNTU:USN-742-1 | URL:http://www.ubuntu.com/usn/USN-742-1 | XF:jasper-image-file-bo(45621) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/45621",Assigned (20080807),"None (candidate not yet proposed)","" CVE-2008-3521,Candidate,"Race condition in the jas_stream_tmpfile function in libjasper/base/jas_stream.c in JasPer 1.900.1 allows local users to cause a denial of service (program exit) by creating the appropriate tmp.XXXXXXXXXX temporary file, which causes Jasper to exit. NOTE: this was originally reported as a symlink issue, but this was incorrect. NOTE: some vendors dispute the severity of this issue, but it satisfies CVE's requirements for inclusion.","BID:31470 | URL:http://www.securityfocus.com/bid/31470 | CONFIRM:http://bugs.gentoo.org/attachment.cgi?id=163282&action=view | CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=222819 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3521 | MANDRIVA:MDVSA-2009:142 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:142 | MANDRIVA:MDVSA-2009:164 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:164 | SECUNIA:34391 | URL:http://secunia.com/advisories/34391 | UBUNTU:USN-742-1 | URL:http://www.ubuntu.com/usn/USN-742-1 | XF:jasper-jasstreamtmpfile-symlink(45622) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/45622",Assigned (20080807),"None (candidate not yet proposed)","" CVE-2008-3522,Candidate,"Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf.","BID:31470 | URL:http://www.securityfocus.com/bid/31470 | GENTOO:GLSA-200812-18 | URL:http://security.gentoo.org/glsa/glsa-200812-18.xml | MANDRIVA:MDVSA-2009:142 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:142 | MANDRIVA:MDVSA-2009:144 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:144 | MANDRIVA:MDVSA-2009:164 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:164 | MISC:http://bugs.gentoo.org/attachment.cgi?id=163282&action=view | MISC:http://bugs.gentoo.org/show_bug.cgi?id=222819 | REDHAT:RHSA-2015:0698 | URL:http://rhn.redhat.com/errata/RHSA-2015-0698.html | SECUNIA:33173 | URL:http://secunia.com/advisories/33173 | SECUNIA:34391 | URL:http://secunia.com/advisories/34391 | SLACKWARE:SSA:2015-302-02 | URL:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606 | UBUNTU:USN-742-1 | URL:http://www.ubuntu.com/usn/USN-742-1 | XF:jasper-jasstreamprintf-bo(45623) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/45623",Assigned (20080807),"None (candidate not yet proposed)","" CVE-2011-1318,Candidate,"Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.","AIXAPAR:PM23029 | URL:http://www-01.ibm.com/support/docview.wss?uid=swg1PM23029 | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg27014463",Assigned (20110308),"None (candidate not yet proposed)","" CVE-2011-1911,Candidate,"JasperServer in JasperReports Server Community Project 3.7.0 and 3.7.1 uses a predictable _flowExecutionKey parameter, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a brute-force approach.","BID:49649 | URL:http://www.securityfocus.com/bid/49649 | CERT-VN:VU#519588 | URL:http://www.kb.cert.org/vuls/id/519588 | CONFIRM:http://www.kb.cert.org/vuls/id/MAPG-8ELLJC | MISC:http://www.csirtcv.gva.es/es/alertas/vulnerabilidad-en-jasperserver.html | MISC:http://www.csirtcv.gva.es/sites/all/files/images/content/%5BCSIRT-cv%5D%20JasperServer%203.7.0%20CE%20CSRF%20Advisory.pdf | XF:jasperreports-flowexecutionkey-csrf(69849) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/69849",Assigned (20110509),"None (candidate not yet proposed)","" CVE-2011-4516,Candidate,"Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls value in a coding style default (COD) marker segment in a JPEG2000 file.","BID:50992 | URL:http://www.securityfocus.com/bid/50992 | CERT-VN:VU#887409 | URL:http://www.kb.cert.org/vuls/id/887409 | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21660640 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=747726 | DEBIAN:DSA-2371 | URL:http://www.debian.org/security/2011/dsa-2371 | FEDORA:FEDORA-2011-16955 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071561.html | FEDORA:FEDORA-2011-16966 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071458.html | OSVDB:77595 | URL:http://osvdb.org/77595 | REDHAT:RHSA-2011:1807 | URL:http://www.redhat.com/support/errata/RHSA-2011-1807.html | REDHAT:RHSA-2011:1811 | URL:http://www.redhat.com/support/errata/RHSA-2011-1811.html | REDHAT:RHSA-2015:0698 | URL:http://rhn.redhat.com/errata/RHSA-2015-0698.html | SECUNIA:47193 | URL:http://secunia.com/advisories/47193 | SECUNIA:47306 | URL:http://secunia.com/advisories/47306 | SECUNIA:47353 | URL:http://secunia.com/advisories/47353 | SLACKWARE:SSA:2015-302-02 | URL:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606 | SUSE:openSUSE-SU-2011:1317 | URL:http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00010.html | UBUNTU:USN-1315-1 | URL:http://www.ubuntu.com/usn/USN-1315-1",Assigned (20111122),"None (candidate not yet proposed)","" CVE-2011-4517,Candidate,"The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a crafted component registration (CRG) marker segment in a JPEG2000 file.","BID:50992 | URL:http://www.securityfocus.com/bid/50992 | CERT-VN:VU#887409 | URL:http://www.kb.cert.org/vuls/id/887409 | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21660640 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=747726 | DEBIAN:DSA-2371 | URL:http://www.debian.org/security/2011/dsa-2371 | FEDORA:FEDORA-2011-16955 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071561.html | FEDORA:FEDORA-2011-16966 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071458.html | OSVDB:77596 | URL:http://osvdb.org/77596 | REDHAT:RHSA-2011:1807 | URL:http://www.redhat.com/support/errata/RHSA-2011-1807.html | REDHAT:RHSA-2011:1811 | URL:http://www.redhat.com/support/errata/RHSA-2011-1811.html | REDHAT:RHSA-2015:0698 | URL:http://rhn.redhat.com/errata/RHSA-2015-0698.html | SECUNIA:47193 | URL:http://secunia.com/advisories/47193 | SECUNIA:47306 | URL:http://secunia.com/advisories/47306 | SECUNIA:47353 | URL:http://secunia.com/advisories/47353 | SLACKWARE:SSA:2015-302-02 | URL:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606 | SUSE:openSUSE-SU-2011:1317 | URL:http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00010.html | UBUNTU:USN-1315-1 | URL:http://www.ubuntu.com/usn/USN-1315-1 | XF:jasper-jpccrggetparms-bo(71701) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/71701",Assigned (20111122),"None (candidate not yet proposed)","" CVE-2014-8137,Candidate,"Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file.","BID:71742 | URL:http://www.securityfocus.com/bid/71742 | CONFIRM:http://advisories.mageia.org/MGASA-2014-0539.html | DEBIAN:DSA-3106 | URL:http://www.debian.org/security/2014/dsa-3106 | MANDRIVA:MDVSA-2015:012 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:012 | MANDRIVA:MDVSA-2015:159 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:159 | MISC:http://packetstormsecurity.com/files/129660/JasPer-1.900.1-Double-Free-Heap-Overflow.html | MISC:https://www.ocert.org/advisories/ocert-2014-012.html | REDHAT:RHSA-2014:2021 | URL:http://rhn.redhat.com/errata/RHSA-2014-2021.html | REDHAT:RHSA-2015:0698 | URL:http://rhn.redhat.com/errata/RHSA-2015-0698.html | REDHAT:RHSA-2015:1713 | URL:http://rhn.redhat.com/errata/RHSA-2015-1713.html | SECTRACK:1033459 | URL:http://www.securitytracker.com/id/1033459 | SECUNIA:61747 | URL:http://secunia.com/advisories/61747 | SECUNIA:62311 | URL:http://secunia.com/advisories/62311 | SECUNIA:62615 | URL:http://secunia.com/advisories/62615 | SECUNIA:62619 | URL:http://secunia.com/advisories/62619 | SLACKWARE:SSA:2015-302-02 | URL:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606 | SUSE:openSUSE-SU-2015:0038 | URL:http://lists.opensuse.org/opensuse-updates/2015-01/msg00013.html | SUSE:openSUSE-SU-2015:0039 | URL:http://lists.opensuse.org/opensuse-updates/2015-01/msg00014.html | SUSE:openSUSE-SU-2015:0042 | URL:http://lists.opensuse.org/opensuse-updates/2015-01/msg00017.html | UBUNTU:USN-2483-1 | URL:http://www.ubuntu.com/usn/USN-2483-1 | UBUNTU:USN-2483-2 | URL:http://www.ubuntu.com/usn/USN-2483-2",Assigned (20141010),"None (candidate not yet proposed)","" CVE-2014-8138,Candidate,"Heap-based buffer overflow in the jp2_decode function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 file.","BID:71746 | URL:http://www.securityfocus.com/bid/71746 | CONFIRM:http://advisories.mageia.org/MGASA-2014-0539.html | DEBIAN:DSA-3106 | URL:http://www.debian.org/security/2014/dsa-3106 | MANDRIVA:MDVSA-2015:012 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:012 | MANDRIVA:MDVSA-2015:159 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:159 | MISC:http://packetstormsecurity.com/files/129660/JasPer-1.900.1-Double-Free-Heap-Overflow.html | MISC:https://www.ocert.org/advisories/ocert-2014-012.html | REDHAT:RHSA-2014:2021 | URL:http://rhn.redhat.com/errata/RHSA-2014-2021.html | REDHAT:RHSA-2015:0698 | URL:http://rhn.redhat.com/errata/RHSA-2015-0698.html | REDHAT:RHSA-2015:1713 | URL:http://rhn.redhat.com/errata/RHSA-2015-1713.html | SECTRACK:1033459 | URL:http://www.securitytracker.com/id/1033459 | SECUNIA:61747 | URL:http://secunia.com/advisories/61747 | SECUNIA:62311 | URL:http://secunia.com/advisories/62311 | SECUNIA:62615 | URL:http://secunia.com/advisories/62615 | SECUNIA:62619 | URL:http://secunia.com/advisories/62619 | SLACKWARE:SSA:2015-302-02 | URL:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606 | SUSE:openSUSE-SU-2015:0038 | URL:http://lists.opensuse.org/opensuse-updates/2015-01/msg00013.html | SUSE:openSUSE-SU-2015:0039 | URL:http://lists.opensuse.org/opensuse-updates/2015-01/msg00014.html | SUSE:openSUSE-SU-2015:0042 | URL:http://lists.opensuse.org/opensuse-updates/2015-01/msg00017.html | UBUNTU:USN-2483-1 | URL:http://www.ubuntu.com/usn/USN-2483-1 | UBUNTU:USN-2483-2 | URL:http://www.ubuntu.com/usn/USN-2483-2",Assigned (20141010),"None (candidate not yet proposed)","" CVE-2014-8157,Candidate,"Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow.","BID:72296 | URL:http://www.securityfocus.com/bid/72296 | CONFIRM:http://advisories.mageia.org/MGASA-2015-0038.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1179282 | DEBIAN:DSA-3138 | URL:http://www.debian.org/security/2015/dsa-3138 | MANDRIVA:MDVSA-2015:034 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:034 | MANDRIVA:MDVSA-2015:159 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:159 | MISC:http://www.ocert.org/advisories/ocert-2015-001.html | REDHAT:RHSA-2015:0074 | URL:http://rhn.redhat.com/errata/RHSA-2015-0074.html | REDHAT:RHSA-2015:0698 | URL:http://rhn.redhat.com/errata/RHSA-2015-0698.html | SECUNIA:62583 | URL:http://secunia.com/advisories/62583 | SECUNIA:62615 | URL:http://secunia.com/advisories/62615 | SECUNIA:62619 | URL:http://secunia.com/advisories/62619 | SECUNIA:62765 | URL:http://secunia.com/advisories/62765 | SLACKWARE:SSA:2015-302-02 | URL:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606 | SUSE:openSUSE-SU-2015:0200 | URL:http://lists.opensuse.org/opensuse-updates/2015-02/msg00014.html | UBUNTU:USN-2483-1 | URL:http://www.ubuntu.com/usn/USN-2483-1 | UBUNTU:USN-2483-2 | URL:http://www.ubuntu.com/usn/USN-2483-2",Assigned (20141010),"None (candidate not yet proposed)","" CVE-2014-8158,Candidate,"Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image.","BID:72293 | URL:http://www.securityfocus.com/bid/72293 | CONFIRM:http://advisories.mageia.org/MGASA-2015-0038.html | DEBIAN:DSA-3138 | URL:http://www.debian.org/security/2015/dsa-3138 | MANDRIVA:MDVSA-2015:034 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:034 | MANDRIVA:MDVSA-2015:159 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:159 | MISC:http://www.ocert.org/advisories/ocert-2015-001.html | REDHAT:RHSA-2015:0074 | URL:http://rhn.redhat.com/errata/RHSA-2015-0074.html | REDHAT:RHSA-2015:0698 | URL:http://rhn.redhat.com/errata/RHSA-2015-0698.html | SECUNIA:62583 | URL:http://secunia.com/advisories/62583 | SECUNIA:62615 | URL:http://secunia.com/advisories/62615 | SECUNIA:62619 | URL:http://secunia.com/advisories/62619 | SECUNIA:62765 | URL:http://secunia.com/advisories/62765 | SLACKWARE:SSA:2015-302-02 | URL:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606 | SUSE:openSUSE-SU-2015:0200 | URL:http://lists.opensuse.org/opensuse-updates/2015-02/msg00014.html | UBUNTU:USN-2483-1 | URL:http://www.ubuntu.com/usn/USN-2483-1 | UBUNTU:USN-2483-2 | URL:http://www.ubuntu.com/usn/USN-2483-2",Assigned (20141010),"None (candidate not yet proposed)","" CVE-2014-9029,Candidate,"Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and earlier allow remote attackers to execute arbitrary code via a crafted jp2 file, which triggers a heap-based buffer overflow.","BID:71476 | URL:http://www.securityfocus.com/bid/71476 | BUGTRAQ:20141204 [oCERT-2014-009] JasPer input sanitization errors | URL:http://www.securityfocus.com/archive/1/534153/100/0/threaded | CONFIRM:http://advisories.mageia.org/MGASA-2014-0514.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1167537 | DEBIAN:DSA-3089 | URL:http://www.debian.org/security/2014/dsa-3089 | MANDRIVA:MDVSA-2014:247 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2014:247 | MANDRIVA:MDVSA-2015:159 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:159 | MISC:http://packetstormsecurity.com/files/129393/JasPer-1.900.1-Buffer-Overflow.html | MISC:http://www.ocert.org/advisories/ocert-2014-009.html | MLIST:[oss-security] 20141204 [oCERT-2014-009] JasPer input sanitization errors | URL:http://www.openwall.com/lists/oss-security/2014/12/04/9 | REDHAT:RHSA-2014:2021 | URL:http://rhn.redhat.com/errata/RHSA-2014-2021.html | REDHAT:RHSA-2015:0698 | URL:http://rhn.redhat.com/errata/RHSA-2015-0698.html | SECUNIA:61747 | URL:http://secunia.com/advisories/61747 | SECUNIA:62828 | URL:http://secunia.com/advisories/62828 | SLACKWARE:SSA:2015-302-02 | URL:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606 | UBUNTU:USN-2434-1 | URL:http://www.ubuntu.com/usn/USN-2434-1 | UBUNTU:USN-2434-2 | URL:http://www.ubuntu.com/usn/USN-2434-2 | XF:jasper-cve20149029-bo(99125) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/99125",Assigned (20141120),"None (candidate not yet proposed)","" CVE-2015-5203,Candidate,"Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.","CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1254242 | FEDORA:FEDORA-2016-7776983633 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UNLVBZWDEXZCFWOBZ3YVEQINMRBRX5QV/ | FEDORA:FEDORA-2016-9b17661de5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3QIZNTZDXOJR5BTRZKCS3GVHVZV2PWHH/ | FEDORA:FEDORA-2016-bbecf64af4 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AXWV22WGSQFDRPE7G6ECGP3QXS2V2A2M/ | GENTOO:GLSA-201707-07 | URL:https://security.gentoo.org/glsa/201707-07 | MLIST:[debian-lts-announce] 20181121 [SECURITY] [DLA 1583-1] jasper security update | URL:https://lists.debian.org/debian-lts-announce/2018/11/msg00023.html | MLIST:[oss-security] 20150816 Double free corruption in JasPer JPEG-2000 implementation (CVE-2015-5203) | URL:http://www.openwall.com/lists/oss-security/2015/08/16/2 | REDHAT:RHSA-2017:1208 | URL:https://access.redhat.com/errata/RHSA-2017:1208 | SUSE:openSUSE-SU-2016:2722 | URL:http://lists.opensuse.org/opensuse-updates/2016-11/msg00010.html | SUSE:openSUSE-SU-2016:2737 | URL:http://lists.opensuse.org/opensuse-updates/2016-11/msg00018.html | SUSE:openSUSE-SU-2016:2833 | URL:http://lists.opensuse.org/opensuse-updates/2016-11/msg00064.html | UBUNTU:USN-3693-1 | URL:https://usn.ubuntu.com/3693-1/",Assigned (20150701),"None (candidate not yet proposed)","" CVE-2015-5221,Candidate,"Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.","CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1255710 | CONFIRM:https://github.com/mdadams/jasper/commit/df5d2867e8004e51e18b89865bc4aa69229227b3 | FEDORA:FEDORA-2016-7776983633 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UNLVBZWDEXZCFWOBZ3YVEQINMRBRX5QV/ | FEDORA:FEDORA-2016-9b17661de5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3QIZNTZDXOJR5BTRZKCS3GVHVZV2PWHH/ | FEDORA:FEDORA-2016-bbecf64af4 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AXWV22WGSQFDRPE7G6ECGP3QXS2V2A2M/ | MLIST:[debian-lts-announce] 20181121 [SECURITY] [DLA 1583-1] jasper security update | URL:https://lists.debian.org/debian-lts-announce/2018/11/msg00023.html | MLIST:[oss-security] 20150820 Use-after-free (and double-free) in Jasper JPEG-200 (CVE-2015-5221) | URL:http://www.openwall.com/lists/oss-security/2015/08/20/4 | REDHAT:RHSA-2017:1208 | URL:https://access.redhat.com/errata/RHSA-2017:1208 | SUSE:openSUSE-SU-2016:2722 | URL:http://lists.opensuse.org/opensuse-updates/2016-11/msg00010.html | SUSE:openSUSE-SU-2016:2737 | URL:http://lists.opensuse.org/opensuse-updates/2016-11/msg00018.html | SUSE:openSUSE-SU-2016:2833 | URL:http://lists.opensuse.org/opensuse-updates/2016-11/msg00064.html | UBUNTU:USN-3693-1 | URL:https://usn.ubuntu.com/3693-1/",Assigned (20150701),"None (candidate not yet proposed)","" CVE-2015-7216,Candidate,"The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the JasPer decoder, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JPEG 2000 image.","BID:79278 | URL:http://www.securityfocus.com/bid/79278 | CONFIRM:http://www.mozilla.org/security/announce/2015/mfsa2015-143.html | CONFIRM:https://bugzilla.mozilla.org/show_bug.cgi?id=1197059 | FEDORA:FEDORA-2015-51b1105902 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html | FEDORA:FEDORA-2015-7ab3d3afcf | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html | GENTOO:GLSA-201512-10 | URL:https://security.gentoo.org/glsa/201512-10 | SECTRACK:1034426 | URL:http://www.securitytracker.com/id/1034426 | SUSE:openSUSE-SU-2015:2353 | URL:http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html | SUSE:openSUSE-SU-2016:0307 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html | SUSE:openSUSE-SU-2016:0308 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html | UBUNTU:USN-2833-1 | URL:http://www.ubuntu.com/usn/USN-2833-1",Assigned (20150916),"None (candidate not yet proposed)","" CVE-2015-8751,Candidate,"Integer overflow in the jas_matrix_create function in JasPer allows context-dependent attackers to have unspecified impact via a crafted JPEG 2000 image, related to integer multiplication for memory allocation.","BID:80035 | URL:http://www.securityfocus.com/bid/80035 | MISC:http://www.openwall.com/lists/oss-security/2016/01/07/10 | MISC:http://www.openwall.com/lists/oss-security/2016/01/08/2 | MISC:http://www.openwall.com/lists/oss-security/2016/01/11/3 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1294039",Assigned (20160107),"None (candidate not yet proposed)","" CVE-2016-10248,Candidate,"The jpc_tsfb_synthesize function in jpc_tsfb.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) via vectors involving an empty sequence.","BID:93797 | URL:http://www.securityfocus.com/bid/93797 | CONFIRM:https://github.com/mdadams/jasper/commit/2e82fa00466ae525339754bb3ab0a0474a31d4bd | MISC:https://blogs.gentoo.org/ago/2016/10/20/jasper-null-pointer-dereference-in-jpc_tsfb_synthesize-jpc_tsfb-c/ | REDHAT:RHSA-2017:1208 | URL:https://access.redhat.com/errata/RHSA-2017:1208 | UBUNTU:USN-3693-1 | URL:https://usn.ubuntu.com/3693-1/",Assigned (20170312),"None (candidate not yet proposed)","" CVE-2016-10249,Candidate,"Integer overflow in the jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.12 allows remote attackers to have unspecified impact via a crafted image file, which triggers a heap-based buffer overflow.","BID:93838 | URL:http://www.securityfocus.com/bid/93838 | CONFIRM:https://github.com/mdadams/jasper/commit/988f8365f7d8ad8073b6786e433d34c553ecf568 | DEBIAN:DSA-3827 | URL:http://www.debian.org/security/2017/dsa-3827 | MISC:https://blogs.gentoo.org/ago/2016/10/23/jasper-heap-based-buffer-overflow-in-jpc_dec_tiledecode-jpc_dec-c/ | REDHAT:RHSA-2017:1208 | URL:https://access.redhat.com/errata/RHSA-2017:1208",Assigned (20170312),"None (candidate not yet proposed)","" CVE-2016-10250,Candidate,"The jp2_colr_destroy function in jp2_cod.c in JasPer before 1.900.13 allows remote attackers to cause a denial of service (NULL pointer dereference) by leveraging incorrect cleanup of JP2 box data on error. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8887.","CONFIRM:https://github.com/mdadams/jasper/commit/bdfe95a6e81ffb4b2fad31a76b57943695beed20 | MISC:https://blogs.gentoo.org/ago/2016/10/23/jasper-null-pointer-dereference-in-jp2_colr_destroy-jp2_cod-c-incomplete-fix-for-cve-2016-8887/ | UBUNTU:USN-3693-1 | URL:https://usn.ubuntu.com/3693-1/",Assigned (20170312),"None (candidate not yet proposed)","" CVE-2016-10251,Candidate,"Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in JasPer before 1.900.20 allows remote attackers to have unspecified impact via a crafted file, which triggers use of an uninitialized value.","BID:97584 | URL:http://www.securityfocus.com/bid/97584 | CONFIRM:https://github.com/mdadams/jasper/commit/1f0dfe5a42911b6880a1445f13f6d615ddb55387 | DEBIAN:DSA-3827 | URL:http://www.debian.org/security/2017/dsa-3827 | MISC:https://blogs.gentoo.org/ago/2016/11/04/jasper-use-of-uninitialized-value-in-jpc_pi_nextcprl-jpc_t2cod-c/ | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | REDHAT:RHSA-2017:1208 | URL:https://access.redhat.com/errata/RHSA-2017:1208",Assigned (20170312),"None (candidate not yet proposed)","" CVE-2016-1577,Candidate,"Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file, a different vulnerability than CVE-2014-8137.","BID:84133 | URL:http://www.securityfocus.com/bid/84133 | CONFIRM:https://bugs.launchpad.net/ubuntu/+source/jasper/+bug/1547865 | DEBIAN:DSA-3508 | URL:http://www.debian.org/security/2016/dsa-3508 | MLIST:[oss-security] 20160303 Security issues in JasPer (CVE-2016-1577 and CVE-2016-2116) | URL:http://www.openwall.com/lists/oss-security/2016/03/03/12 | REDHAT:RHSA-2017:1208 | URL:https://access.redhat.com/errata/RHSA-2017:1208 | UBUNTU:USN-2919-1 | URL:http://www.ubuntu.com/usn/USN-2919-1",Assigned (20160112),"None (candidate not yet proposed)","" CVE-2016-1867,Candidate,"The jpc_pi_nextcprl function in JasPer 1.900.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image.","BID:81488 | URL:http://www.securityfocus.com/bid/81488 | DEBIAN:DSA-3785 | URL:http://www.debian.org/security/2017/dsa-3785 | MLIST:[oss-security] 20160113 Out-of-bounds Read in the JasPer's jpc_pi_nextcprl() function | URL:http://www.openwall.com/lists/oss-security/2016/01/13/2 | MLIST:[oss-security] 20160113 Re: Out-of-bounds Read in the JasPer's jpc_pi_nextcprl() function | URL:http://www.openwall.com/lists/oss-security/2016/01/13/6 | REDHAT:RHSA-2017:1208 | URL:https://access.redhat.com/errata/RHSA-2017:1208",Assigned (20160113),"None (candidate not yet proposed)","" CVE-2016-2089,Candidate,"The jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted JPEG 2000 image.","BID:83108 | URL:http://www.securityfocus.com/bid/83108 | DEBIAN:DSA-3508 | URL:http://www.debian.org/security/2016/dsa-3508 | MLIST:[oss-security] 20160128 Re: invalid Read in the JasPer's jas_matrix_clip() function | URL:http://www.openwall.com/lists/oss-security/2016/01/28/6 | MLIST:[oss-security] 20160128 invalid Read in the JasPer's jas_matrix_clip() function | URL:http://www.openwall.com/lists/oss-security/2016/01/28/4 | REDHAT:RHSA-2017:1208 | URL:https://access.redhat.com/errata/RHSA-2017:1208 | SUSE:openSUSE-SU-2016:0408 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00060.html | SUSE:openSUSE-SU-2016:0413 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00063.html",Assigned (20160128),"None (candidate not yet proposed)","" CVE-2016-2116,Candidate,"Memory leak in the jas_iccprof_createfrombuf function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG 2000 image file.","BID:84133 | URL:http://www.securityfocus.com/bid/84133 | CONFIRM:https://bugs.launchpad.net/ubuntu/+source/jasper/+bug/1547865 | DEBIAN:DSA-3508 | URL:http://www.debian.org/security/2016/dsa-3508 | MLIST:[oss-security] 20160303 Security issues in JasPer (CVE-2016-1577 and CVE-2016-2116) | URL:http://www.openwall.com/lists/oss-security/2016/03/03/12 | REDHAT:RHSA-2017:1208 | URL:https://access.redhat.com/errata/RHSA-2017:1208 | UBUNTU:USN-2919-1 | URL:http://www.ubuntu.com/usn/USN-2919-1",Assigned (20160129),"None (candidate not yet proposed)","" CVE-2016-8654,Candidate,"A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jasper versions before 2.0.0 are affected.","BID:94583 | URL:http://www.securityfocus.com/bid/94583 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8654 | CONFIRM:https://github.com/mdadams/jasper/commit/4a59cfaf9ab3d48fca4a15c0d2674bf7138e3d1a | CONFIRM:https://github.com/mdadams/jasper/issues/93 | CONFIRM:https://github.com/mdadams/jasper/issues/94 | DEBIAN:DSA-3785 | URL:https://www.debian.org/security/2017/dsa-3785 | REDHAT:RHSA-2017:1208 | URL:https://access.redhat.com/errata/RHSA-2017:1208",Assigned (20161012),"None (candidate not yet proposed)","" CVE-2016-8690,Candidate,"The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted BMP image in an imginfo command.","BID:93590 | URL:http://www.securityfocus.com/bid/93590 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1385499 | CONFIRM:https://github.com/mdadams/jasper/commit/8f62b4761711d036fd8964df256b938c809b7fca | FEDORA:FEDORA-2016-6c789ba91d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22FCKKHQCQ3S6TZY5G44EFDTMWOJXJRD/ | MISC:https://blogs.gentoo.org/ago/2016/10/16/jasper-two-null-pointer-dereference-in-bmp_getdata-bmp_dec-c/ | MLIST:[debian-lts-announce] 20181121 [SECURITY] [DLA 1583-1] jasper security update | URL:https://lists.debian.org/debian-lts-announce/2018/11/msg00023.html | MLIST:[oss-security] 20160823 Fuzzing jasper | URL:http://www.openwall.com/lists/oss-security/2016/08/23/6 | MLIST:[oss-security] 20161015 Re: Fuzzing jasper | URL:http://www.openwall.com/lists/oss-security/2016/10/16/14 | REDHAT:RHSA-2017:1208 | URL:https://access.redhat.com/errata/RHSA-2017:1208",Assigned (20161015),"None (candidate not yet proposed)","" CVE-2016-8691,Candidate,"The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted XRsiz value in a BMP image to the imginfo command.","BID:93593 | URL:http://www.securityfocus.com/bid/93593 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1385502 | CONFIRM:https://github.com/mdadams/jasper/commit/d8c2604cd438c41ec72aff52c16ebd8183068020 | DEBIAN:DSA-3785 | URL:http://www.debian.org/security/2017/dsa-3785 | FEDORA:FEDORA-2016-81f9c6f0ae | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/THLEZURI4D24PRM7SMASC5I25IAWXXTM/ | MISC:https://blogs.gentoo.org/ago/2016/10/16/jasper-two-divide-by-zero-in-jpc_dec_process_siz-jpc_dec-c/ | MLIST:[oss-security] 20160823 Fuzzing jasper | URL:http://www.openwall.com/lists/oss-security/2016/08/23/6 | MLIST:[oss-security] 20161015 Re: Fuzzing jasper | URL:http://www.openwall.com/lists/oss-security/2016/10/16/14 | REDHAT:RHSA-2017:1208 | URL:https://access.redhat.com/errata/RHSA-2017:1208",Assigned (20161015),"None (candidate not yet proposed)","" CVE-2016-8692,Candidate,"The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted YRsiz value in a BMP image to the imginfo command.","BID:93588 | URL:http://www.securityfocus.com/bid/93588 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1385502 | CONFIRM:https://github.com/mdadams/jasper/commit/d8c2604cd438c41ec72aff52c16ebd8183068020 | DEBIAN:DSA-3785 | URL:http://www.debian.org/security/2017/dsa-3785 | FEDORA:FEDORA-2016-81f9c6f0ae | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/THLEZURI4D24PRM7SMASC5I25IAWXXTM/ | MISC:https://blogs.gentoo.org/ago/2016/10/16/jasper-two-divide-by-zero-in-jpc_dec_process_siz-jpc_dec-c/ | MLIST:[oss-security] 20160823 Fuzzing jasper | URL:http://www.openwall.com/lists/oss-security/2016/08/23/6 | MLIST:[oss-security] 20161015 Re: Fuzzing jasper | URL:http://www.openwall.com/lists/oss-security/2016/10/16/14 | REDHAT:RHSA-2017:1208 | URL:https://access.redhat.com/errata/RHSA-2017:1208",Assigned (20161015),"None (candidate not yet proposed)","" CVE-2016-8693,Candidate,"Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo command.","BID:93587 | URL:http://www.securityfocus.com/bid/93587 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1385507 | CONFIRM:https://github.com/mdadams/jasper/commit/44a524e367597af58d6265ae2014468b334d0309 | DEBIAN:DSA-3785 | URL:http://www.debian.org/security/2017/dsa-3785 | FEDORA:FEDORA-2016-6c789ba91d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22FCKKHQCQ3S6TZY5G44EFDTMWOJXJRD/ | MISC:https://blogs.gentoo.org/ago/2016/10/16/jasper-double-free-in-mem_close-jas_stream-c/ | MLIST:[oss-security] 20160823 Fuzzing jasper | URL:http://www.openwall.com/lists/oss-security/2016/08/23/6 | MLIST:[oss-security] 20161015 Re: Fuzzing jasper | URL:http://www.openwall.com/lists/oss-security/2016/10/16/14 | REDHAT:RHSA-2017:1208 | URL:https://access.redhat.com/errata/RHSA-2017:1208 | SUSE:openSUSE-SU-2016:2722 | URL:http://lists.opensuse.org/opensuse-updates/2016-11/msg00010.html",Assigned (20161015),"None (candidate not yet proposed)","" CVE-2016-8882,Candidate,"The jpc_dec_tilefini function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.","BID:95864 | URL:http://www.securityfocus.com/bid/95864 | CONFIRM:https://github.com/mdadams/jasper/issues/30 | DEBIAN:DSA-3785 | URL:http://www.debian.org/security/2017/dsa-3785 | MLIST:[oss-security] 20161017 Re: Re: Fuzzing jasper | URL:http://www.openwall.com/lists/oss-security/2016/10/17/1 | MLIST:[oss-security] 20161022 Re: Fuzzing jasper | URL:http://www.openwall.com/lists/oss-security/2016/10/23/8",Assigned (20161022),"None (candidate not yet proposed)","" CVE-2016-8883,Candidate,"The jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.","BID:95865 | URL:http://www.securityfocus.com/bid/95865 | CONFIRM:https://github.com/mdadams/jasper/issues/32 | MLIST:[oss-security] 20161017 Re: Re: Fuzzing jasper | URL:http://www.openwall.com/lists/oss-security/2016/10/17/1 | MLIST:[oss-security] 20161022 Re: Fuzzing jasper | URL:http://www.openwall.com/lists/oss-security/2016/10/23/8 | REDHAT:RHSA-2017:1208 | URL:https://access.redhat.com/errata/RHSA-2017:1208 | UBUNTU:USN-3693-1 | URL:https://usn.ubuntu.com/3693-1/",Assigned (20161022),"None (candidate not yet proposed)","" CVE-2016-8884,Candidate,"The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8690.","BID:93834 | URL:http://www.securityfocus.com/bid/93834 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1385499 | CONFIRM:https://github.com/mdadams/jasper/commit/5d66894d2313e3f3469f19066e149e08ff076698 | FEDORA:FEDORA-2016-6c789ba91d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22FCKKHQCQ3S6TZY5G44EFDTMWOJXJRD/ | FEDORA:FEDORA-2016-e0f0d48142 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EGI2FZQLOTSZI3VA4ECJERI74SMNQDL4/ | MISC:https://blogs.gentoo.org/ago/2016/10/18/jasper-two-null-pointer-dereference-in-bmp_getdata-bmp_dec-c-incomplete-fix-for-cve-2016-8690/ | MLIST:[oss-security] 20161022 Re: jasper: two NULL pointer dereference in bmp_getdata (bmp_dec.c) (Incomplete fix for CVE-2016-8690) | URL:http://www.openwall.com/lists/oss-security/2016/10/23/1 | MLIST:[oss-security] 20161023 Re: jasper: two NULL pointer dereference in bmp_getdata (bmp_dec.c) (Incomplete fix for CVE-2016-8690) | URL:http://www.openwall.com/lists/oss-security/2016/10/23/9 | REDHAT:RHSA-2017:1208 | URL:https://access.redhat.com/errata/RHSA-2017:1208",Assigned (20161022),"None (candidate not yet proposed)","" CVE-2016-8885,Candidate,"The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image.","BID:93834 | URL:http://www.securityfocus.com/bid/93834 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1385499 | FEDORA:FEDORA-2016-6c789ba91d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22FCKKHQCQ3S6TZY5G44EFDTMWOJXJRD/ | FEDORA:FEDORA-2016-e0f0d48142 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EGI2FZQLOTSZI3VA4ECJERI74SMNQDL4/ | MISC:https://blogs.gentoo.org/ago/2016/10/18/jasper-two-null-pointer-dereference-in-bmp_getdata-bmp_dec-c-incomplete-fix-for-cve-2016-8690 | MLIST:[oss-security] 20161022 Re: jasper: two NULL pointer dereference in bmp_getdata (bmp_dec.c) (Incomplete fix for CVE-2016-8690) | URL:http://www.openwall.com/lists/oss-security/2016/10/23/1 | MLIST:[oss-security] 20161023 Re: jasper: two NULL pointer dereference in bmp_getdata (bmp_dec.c) (Incomplete fix for CVE-2016-8690) | URL:http://www.openwall.com/lists/oss-security/2016/10/23/5 | MLIST:[oss-security] 20161023 Re: jasper: two NULL pointer dereference in bmp_getdata (bmp_dec.c) (Incomplete fix for CVE-2016-8690) | URL:http://www.openwall.com/lists/oss-security/2016/10/23/9 | REDHAT:RHSA-2017:1208 | URL:https://access.redhat.com/errata/RHSA-2017:1208",Assigned (20161022),"None (candidate not yet proposed)","" CVE-2016-8886,Candidate,"The jas_malloc function in libjasper/base/jas_malloc.c in JasPer before 1.900.11 allows remote attackers to have unspecified impact via a crafted file, which triggers a memory allocation failure.","BID:93839 | URL:http://www.securityfocus.com/bid/93839 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1388880 | FEDORA:FEDORA-2016-6c789ba91d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22FCKKHQCQ3S6TZY5G44EFDTMWOJXJRD/ | FEDORA:FEDORA-2016-e0f0d48142 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EGI2FZQLOTSZI3VA4ECJERI74SMNQDL4/ | MISC:https://blogs.gentoo.org/ago/2016/10/18/jasper-memory-allocation-failure-in-jas_malloc-jas_malloc-c | MLIST:[oss-security] 20161022 Re: jasper: memory allocation failure in jas_malloc (jas_malloc.c) | URL:http://www.openwall.com/lists/oss-security/2016/10/23/2 | MLIST:[oss-security] 20161025 Re: Re: jasper: memory allocation failure in jas_malloc (jas_malloc.c) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/11",Assigned (20161022),"None (candidate not yet proposed)","" CVE-2016-8887,Candidate,"The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer dereference).","BID:93835 | URL:http://www.securityfocus.com/bid/93835 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1388828 | CONFIRM:https://github.com/mdadams/jasper/commit/e24bdc716c3327b067c551bc6cfb97fd2370358d | FEDORA:FEDORA-2016-6c789ba91d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22FCKKHQCQ3S6TZY5G44EFDTMWOJXJRD/ | FEDORA:FEDORA-2016-e0f0d48142 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EGI2FZQLOTSZI3VA4ECJERI74SMNQDL4/ | MISC:https://blogs.gentoo.org/ago/2016/10/18/jasper-null-pointer-dereference-in-jp2_colr_destroy-jp2_cod-c | MLIST:[oss-security] 20161022 Re: jasper: NULL pointer dereference in jp2_colr_destroy (jp2_cod.c) | URL:http://www.openwall.com/lists/oss-security/2016/10/23/3 | MLIST:[oss-security] 20161023 jasper: NULL pointer dereference in jp2_colr_destroy (jp2_cod.c) (incomplete fix for CVE-2016-8887) | URL:http://www.openwall.com/lists/oss-security/2016/10/23/6 | UBUNTU:USN-3693-1 | URL:https://usn.ubuntu.com/3693-1/",Assigned (20161022),"None (candidate not yet proposed)","" CVE-2016-9262,Candidate,"Multiple integer overflows in the (1) jas_realloc function in base/jas_malloc.c and (2) mem_resize function in base/jas_stream.c in JasPer before 1.900.22 allow remote attackers to cause a denial of service via a crafted image, which triggers use after free vulnerabilities.","BID:94224 | URL:http://www.securityfocus.com/bid/94224 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1393882 | CONFIRM:https://github.com/mdadams/jasper/commit/634ce8e8a5accc0fa05dd2c20d42b4749d4b2735 | GENTOO:GLSA-201707-07 | URL:https://security.gentoo.org/glsa/201707-07 | MISC:https://blogs.gentoo.org/ago/2016/11/07/jasper-use-after-free-in-jas_realloc-jas_malloc-c | MLIST:[oss-security] 20161110 Re: jasper: use after free in jas_realloc (jas_malloc.c) | URL:http://www.openwall.com/lists/oss-security/2016/11/10/4 | REDHAT:RHSA-2017:1208 | URL:https://access.redhat.com/errata/RHSA-2017:1208 | UBUNTU:USN-3693-1 | URL:https://usn.ubuntu.com/3693-1/",Assigned (20161110),"None (candidate not yet proposed)","" CVE-2016-9387,Candidate,"Integer overflow in the jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.13 allows remote attackers to have unspecified impact via a crafted file, which triggers an assertion failure.","BID:94374 | URL:http://www.securityfocus.com/bid/94374 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1396959 | CONFIRM:https://github.com/mdadams/jasper/commit/d91198abd00fc435a397fe6bad906a4c1748e9cf | MISC:https://blogs.gentoo.org/ago/2016/11/16/jasper-multiple-assertion-failure | MLIST:[oss-security] 20161117 Re: jasper: multiple assertion failures | URL:http://www.openwall.com/lists/oss-security/2016/11/17/1 | REDHAT:RHSA-2017:1208 | URL:https://access.redhat.com/errata/RHSA-2017:1208 | UBUNTU:USN-3693-1 | URL:https://usn.ubuntu.com/3693-1/",Assigned (20161117),"None (candidate not yet proposed)","" CVE-2016-9388,Candidate,"The ras_getcmap function in ras_dec.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file.","BID:94371 | URL:http://www.securityfocus.com/bid/94371 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1396962 | CONFIRM:https://github.com/mdadams/jasper/commit/411a4068f8c464e883358bf403a3e25158863823 | MISC:https://blogs.gentoo.org/ago/2016/11/16/jasper-multiple-assertion-failure | MLIST:[oss-security] 20161117 Re: jasper: multiple assertion failures | URL:http://www.openwall.com/lists/oss-security/2016/11/17/1 | REDHAT:RHSA-2017:1208 | URL:https://access.redhat.com/errata/RHSA-2017:1208 | UBUNTU:USN-3693-1 | URL:https://usn.ubuntu.com/3693-1/",Assigned (20161117),"None (candidate not yet proposed)","" CVE-2016-9389,Candidate,"The jpc_irct and jpc_iict functions in jpc_mct.c in JasPer before 1.900.14 allow remote attackers to cause a denial of service (assertion failure).","BID:94371 | URL:http://www.securityfocus.com/bid/94371 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1396963 | CONFIRM:https://github.com/mdadams/jasper/commit/dee11ec440d7908d1daf69f40a3324b27cf213ba | CONFIRM:https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | MISC:https://blogs.gentoo.org/ago/2016/11/16/jasper-multiple-assertion-failure | MLIST:[oss-security] 20161117 Re: jasper: multiple assertion failures | URL:http://www.openwall.com/lists/oss-security/2016/11/17/1 | REDHAT:RHSA-2017:1208 | URL:https://access.redhat.com/errata/RHSA-2017:1208 | UBUNTU:USN-3693-1 | URL:https://usn.ubuntu.com/3693-1/",Assigned (20161117),"None (candidate not yet proposed)","" CVE-2016-9390,Candidate,"The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file.","BID:94371 | URL:http://www.securityfocus.com/bid/94371 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1396965 | CONFIRM:https://github.com/mdadams/jasper/commit/ba2b9d000660313af7b692542afbd374c5685865 | MISC:https://blogs.gentoo.org/ago/2016/11/16/jasper-multiple-assertion-failure | MLIST:[oss-security] 20161117 Re: jasper: multiple assertion failures | URL:http://www.openwall.com/lists/oss-security/2016/11/17/1 | REDHAT:RHSA-2017:1208 | URL:https://access.redhat.com/errata/RHSA-2017:1208 | UBUNTU:USN-3693-1 | URL:https://usn.ubuntu.com/3693-1/",Assigned (20161117),"None (candidate not yet proposed)","" CVE-2016-9391,Candidate,"The jpc_bitstream_getbits function in jpc_bs.c in JasPer before 2.0.10 allows remote attackers to cause a denial of service (assertion failure) via a very large integer.","BID:94371 | URL:http://www.securityfocus.com/bid/94371 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1396967 | CONFIRM:https://github.com/mdadams/jasper/commit/1e84674d95353c64e5c4c0e7232ae86fd6ea813b | MISC:https://blogs.gentoo.org/ago/2016/11/16/jasper-multiple-assertion-failure | MLIST:[oss-security] 20161117 Re: jasper: multiple assertion failures | URL:http://www.openwall.com/lists/oss-security/2016/11/17/1 | REDHAT:RHSA-2017:1208 | URL:https://access.redhat.com/errata/RHSA-2017:1208 | UBUNTU:USN-3693-1 | URL:https://usn.ubuntu.com/3693-1/",Assigned (20161117),"None (candidate not yet proposed)","" CVE-2016-9392,Candidate,"The calcstepsizes function in jpc_dec.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.","BID:94377 | URL:http://www.securityfocus.com/bid/94377 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1396971 | CONFIRM:https://github.com/mdadams/jasper/commit/f7038068550fba0e41e1d0c355787f1dcd5bf330 | CONFIRM:https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | MISC:https://blogs.gentoo.org/ago/2016/11/16/jasper-multiple-assertion-failure | MLIST:[oss-security] 20161117 Re: jasper: multiple assertion failures | URL:http://www.openwall.com/lists/oss-security/2016/11/17/1 | REDHAT:RHSA-2017:1208 | URL:https://access.redhat.com/errata/RHSA-2017:1208 | UBUNTU:USN-3693-1 | URL:https://usn.ubuntu.com/3693-1/",Assigned (20161117),"None (candidate not yet proposed)","" CVE-2016-9393,Candidate,"The jpc_pi_nextrpcl function in jpc_t2cod.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.","BID:94377 | URL:http://www.securityfocus.com/bid/94377 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1396972 | CONFIRM:https://github.com/mdadams/jasper/commit/f7038068550fba0e41e1d0c355787f1dcd5bf330 | MISC:https://blogs.gentoo.org/ago/2016/11/16/jasper-multiple-assertion-failure | MLIST:[oss-security] 20161117 Re: jasper: multiple assertion failures | URL:http://www.openwall.com/lists/oss-security/2016/11/17/1 | REDHAT:RHSA-2017:1208 | URL:https://access.redhat.com/errata/RHSA-2017:1208 | UBUNTU:USN-3693-1 | URL:https://usn.ubuntu.com/3693-1/",Assigned (20161117),"None (candidate not yet proposed)","" CVE-2016-9394,Candidate,"The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.","BID:94372 | URL:http://www.securityfocus.com/bid/94372 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1396975 | CONFIRM:https://github.com/mdadams/jasper/commit/f7038068550fba0e41e1d0c355787f1dcd5bf330 | MISC:https://blogs.gentoo.org/ago/2016/11/16/jasper-multiple-assertion-failure | MLIST:[oss-security] 20161117 Re: jasper: multiple assertion failures | URL:http://www.openwall.com/lists/oss-security/2016/11/17/1 | REDHAT:RHSA-2017:1208 | URL:https://access.redhat.com/errata/RHSA-2017:1208 | UBUNTU:USN-3693-1 | URL:https://usn.ubuntu.com/3693-1/",Assigned (20161117),"None (candidate not yet proposed)","" CVE-2016-9395,Candidate,"The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.","BID:94376 | URL:http://www.securityfocus.com/bid/94376 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1396977 | CONFIRM:https://github.com/mdadams/jasper/commit/d42b2388f7f8e0332c846675133acea151fc557a | MISC:https://blogs.gentoo.org/ago/2016/11/16/jasper-multiple-assertion-failure | MLIST:[oss-security] 20161117 Re: jasper: multiple assertion failures | URL:http://www.openwall.com/lists/oss-security/2016/11/17/1 | SUSE:SUSE-SU-2017:0084 | URL:http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00008.html | SUSE:openSUSE-SU-2017:0101 | URL:http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00009.html",Assigned (20161117),"None (candidate not yet proposed)","" CVE-2016-9396,Candidate,"The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in JasPer through 2.0.12 allows remote attackers to cause a denial of service (JPC_COX_RFT assertion failure) via unspecified vectors.","BID:94379 | URL:http://www.securityfocus.com/bid/94379 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1396978 | FEDORA:FEDORA-2021-0a6290f865 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M/ | FEDORA:FEDORA-2021-2b151590d9 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET/ | MISC:https://blogs.gentoo.org/ago/2016/11/16/jasper-multiple-assertion-failure | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1485272 | MLIST:[oss-security] 20161117 Re: jasper: multiple assertion failures | URL:http://www.openwall.com/lists/oss-security/2016/11/17/1 | REDHAT:RHSA-2018:3253 | URL:https://access.redhat.com/errata/RHSA-2018:3253 | REDHAT:RHSA-2018:3505 | URL:https://access.redhat.com/errata/RHSA-2018:3505 | SUSE:openSUSE-SU-2019:1315 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00004.html | UBUNTU:USN-3693-1 | URL:https://usn.ubuntu.com/3693-1/",Assigned (20161117),"None (candidate not yet proposed)","" CVE-2016-9397,Candidate,"The jpc_dequantize function in jpc_dec.c in JasPer 1.900.13 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.","BID:94373 | URL:http://www.securityfocus.com/bid/94373 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1396979 | FEDORA:FEDORA-2021-0a6290f865 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M/ | FEDORA:FEDORA-2021-2b151590d9 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET/ | MISC:https://blogs.gentoo.org/ago/2016/11/16/jasper-multiple-assertion-failure | MLIST:[oss-security] 20161117 Re: jasper: multiple assertion failures | URL:http://www.openwall.com/lists/oss-security/2016/11/17/1",Assigned (20161117),"None (candidate not yet proposed)","" CVE-2016-9398,Candidate,"The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.","BID:94382 | URL:http://www.securityfocus.com/bid/94382 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1396980 | FEDORA:FEDORA-2021-0a6290f865 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M/ | FEDORA:FEDORA-2021-2b151590d9 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET/ | MISC:https://blogs.gentoo.org/ago/2016/11/16/jasper-multiple-assertion-failure | MLIST:[oss-security] 20161117 Re: jasper: multiple assertion failures | URL:http://www.openwall.com/lists/oss-security/2016/11/17/1 | SUSE:SUSE-SU-2017:0084 | URL:http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00008.html | SUSE:openSUSE-SU-2017:0101 | URL:http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00009.html | SUSE:openSUSE-SU-2020:1517 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html | SUSE:openSUSE-SU-2020:1523 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00085.html",Assigned (20161117),"None (candidate not yet proposed)","" CVE-2016-9399,Candidate,"The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.","BID:94380 | URL:http://www.securityfocus.com/bid/94380 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1396981 | FEDORA:FEDORA-2021-0a6290f865 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M/ | FEDORA:FEDORA-2021-2b151590d9 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET/ | MISC:https://blogs.gentoo.org/ago/2016/11/16/jasper-multiple-assertion-failure | MLIST:[oss-security] 20161117 Re: jasper: multiple assertion failures | URL:http://www.openwall.com/lists/oss-security/2016/11/17/1 | SUSE:openSUSE-SU-2020:1517 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html | SUSE:openSUSE-SU-2020:1523 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00085.html",Assigned (20161117),"None (candidate not yet proposed)","" CVE-2016-9557,Candidate,"Integer overflow in jas_image.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (application crash) via a crafted file.","BID:94490 | URL:http://www.securityfocus.com/bid/94490 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1398251 | CONFIRM:https://github.com/mdadams/jasper/commit/d42b2388f7f8e0332c846675133acea151fc557a | MISC:https://blogs.gentoo.org/ago/2016/11/19/jasper-signed-integer-overflow-in-jas_image-c | MLIST:[oss-security] 20161122 Re: jasper: signed integer overflow in jas_image.c | URL:http://www.openwall.com/lists/oss-security/2016/11/23/2",Assigned (20161122),"None (candidate not yet proposed)","" CVE-2016-9560,Candidate,"Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified impact via a crafted image.","BID:94428 | URL:http://www.securityfocus.com/bid/94428 | CONFIRM:https://github.com/mdadams/jasper/commit/1abc2e5a401a4bf1d5ca4df91358ce5df111f495 | DEBIAN:DSA-3785 | URL:http://www.debian.org/security/2017/dsa-3785 | MISC:https://blogs.gentoo.org/ago/2016/11/20/jasper-stack-based-buffer-overflow-in-jpc_tsfb_getbands2-jpc_tsfb-c/ | MISC:https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2016-9560 | MLIST:[oss-security] 20161120 jasper: stack-based buffer overflow in jpc_tsfb_getbands2 (jpc_tsfb.c) | URL:http://www.openwall.com/lists/oss-security/2016/11/20/1 | MLIST:[oss-security] 20161122 Re: jasper: stack-based buffer overflow in jpc_tsfb_getbands2 (jpc_tsfb.c) | URL:http://www.openwall.com/lists/oss-security/2016/11/23/5 | REDHAT:RHSA-2017:1208 | URL:https://access.redhat.com/errata/RHSA-2017:1208",Assigned (20161122),"None (candidate not yet proposed)","" CVE-2016-9583,Candidate,"An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input.","BID:94925 | URL:http://www.securityfocus.com/bid/94925 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9583 | CONFIRM:https://github.com/mdadams/jasper/commit/aa0b0f79ade5eef8b0e7a214c03f5af54b36ba7d | CONFIRM:https://github.com/mdadams/jasper/commit/f25486c3d4aa472fec79150f2c41ed4333395d3d | CONFIRM:https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | REDHAT:RHSA-2017:1208 | URL:https://access.redhat.com/errata/RHSA-2017:1208",Assigned (20161123),"None (candidate not yet proposed)","" CVE-2016-9591,Candidate,"JasPer before version 2.0.12 is vulnerable to a use-after-free in the way it decodes certain JPEG 2000 image files resulting in a crash on the application using JasPer.","BID:94952 | URL:http://www.securityfocus.com/bid/94952 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1406405 | DEBIAN:DSA-3827 | URL:https://www.debian.org/security/2017/dsa-3827 | GENTOO:GLSA-201707-07 | URL:https://security.gentoo.org/glsa/201707-07 | REDHAT:RHSA-2017:1208 | URL:https://access.redhat.com/errata/RHSA-2017:1208",Assigned (20161123),"None (candidate not yet proposed)","" CVE-2016-9600,Candidate,"JasPer before version 2.0.10 is vulnerable to a null pointer dereference was found in the decoded creation of JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash.","CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1410026 | REDHAT:RHSA-2017:1208 | URL:https://access.redhat.com/errata/RHSA-2017:1208 | UBUNTU:USN-3693-1 | URL:https://usn.ubuntu.com/3693-1/",Assigned (20161123),"None (candidate not yet proposed)","" CVE-2017-1000050,Candidate,"JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service.","BID:96595 | URL:http://www.securityfocus.com/bid/96595 | FEDORA:FEDORA-2021-0a6290f865 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M/ | FEDORA:FEDORA-2021-2b151590d9 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET/ | GENTOO:GLSA-201908-03 | URL:https://security.gentoo.org/glsa/201908-03 | MLIST:[oss-security] 20170305 CVE-Request JasPer 2.0.12 NULL Pointer Dereference jp2_encode (jp2_enc.c) | URL:http://www.openwall.com/lists/oss-security/2017/03/06/1 | REDHAT:RHSA-2018:3253 | URL:https://access.redhat.com/errata/RHSA-2018:3253 | REDHAT:RHSA-2018:3505 | URL:https://access.redhat.com/errata/RHSA-2018:3505 | UBUNTU:USN-3693-1 | URL:https://usn.ubuntu.com/3693-1/",Assigned (20170710),"None (candidate not yet proposed)","" CVE-2017-13745,Candidate,"There is a reachable assertion abort in the function jpc_dec_process_sot() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack by triggering an unexpected jpc_ppmstabtostreams return value, a different vulnerability than CVE-2018-9154.","BID:100514 | URL:http://www.securityfocus.com/bid/100514 | CONFIRM:https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | FEDORA:FEDORA-2021-0a6290f865 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M/ | FEDORA:FEDORA-2021-2b151590d9 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET/ | GENTOO:GLSA-201908-03 | URL:https://security.gentoo.org/glsa/201908-03 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1485274 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html",Assigned (20170829),"None (candidate not yet proposed)","" CVE-2017-13746,Candidate,"There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1297 in JasPer 2.0.12 that will lead to a remote denial of service attack.","BID:100514 | URL:http://www.securityfocus.com/bid/100514 | FEDORA:FEDORA-2021-0a6290f865 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M/ | FEDORA:FEDORA-2021-2b151590d9 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET/ | GENTOO:GLSA-201908-03 | URL:https://security.gentoo.org/glsa/201908-03 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1485286",Assigned (20170829),"None (candidate not yet proposed)","" CVE-2017-13747,Candidate,"There is a reachable assertion abort in the function jpc_floorlog2() in jpc/jpc_math.c in JasPer 2.0.12 that will lead to a remote denial of service attack.","BID:100514 | URL:http://www.securityfocus.com/bid/100514 | FEDORA:FEDORA-2021-0a6290f865 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M/ | FEDORA:FEDORA-2021-2b151590d9 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET/ | GENTOO:GLSA-201908-03 | URL:https://security.gentoo.org/glsa/201908-03 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1485282",Assigned (20170829),"None (candidate not yet proposed)","" CVE-2017-13748,Candidate,"There are lots of memory leaks in JasPer 2.0.12, triggered in the function jas_strdup() in base/jas_string.c, that will lead to a remote denial of service attack.","BID:100514 | URL:http://www.securityfocus.com/bid/100514 | FEDORA:FEDORA-2021-0a6290f865 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M/ | FEDORA:FEDORA-2021-2b151590d9 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET/ | GENTOO:GLSA-201908-03 | URL:https://security.gentoo.org/glsa/201908-03 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1485287 | MLIST:[debian-lts-announce] 20181121 [SECURITY] [DLA 1583-1] jasper security update | URL:https://lists.debian.org/debian-lts-announce/2018/11/msg00023.html",Assigned (20170829),"None (candidate not yet proposed)","" CVE-2017-13749,Candidate,"There is a reachable assertion abort in the function jpc_pi_nextrpcl() in jpc/jpc_t2cod.c in JasPer 2.0.12 that will lead to a remote denial of service attack.","BID:100514 | URL:http://www.securityfocus.com/bid/100514 | FEDORA:FEDORA-2021-0a6290f865 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M/ | FEDORA:FEDORA-2021-2b151590d9 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET/ | GENTOO:GLSA-201908-03 | URL:https://security.gentoo.org/glsa/201908-03 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1485285",Assigned (20170829),"None (candidate not yet proposed)","" CVE-2017-13750,Candidate,"There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1296 in JasPer 2.0.12 that will lead to a remote denial of service attack.","BID:100514 | URL:http://www.securityfocus.com/bid/100514 | FEDORA:FEDORA-2021-0a6290f865 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M/ | FEDORA:FEDORA-2021-2b151590d9 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET/ | GENTOO:GLSA-201908-03 | URL:https://security.gentoo.org/glsa/201908-03 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1485280",Assigned (20170829),"None (candidate not yet proposed)","" CVE-2017-13751,Candidate,"There is a reachable assertion abort in the function calcstepsizes() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack.","BID:100514 | URL:http://www.securityfocus.com/bid/100514 | FEDORA:FEDORA-2021-0a6290f865 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M/ | FEDORA:FEDORA-2021-2b151590d9 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET/ | GENTOO:GLSA-201908-03 | URL:https://security.gentoo.org/glsa/201908-03 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1485283",Assigned (20170829),"None (candidate not yet proposed)","" CVE-2017-13752,Candidate,"There is a reachable assertion abort in the function jpc_dequantize() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack.","BID:100514 | URL:http://www.securityfocus.com/bid/100514 | FEDORA:FEDORA-2021-0a6290f865 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M/ | FEDORA:FEDORA-2021-2b151590d9 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET/ | GENTOO:GLSA-201908-03 | URL:https://security.gentoo.org/glsa/201908-03 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1485276",Assigned (20170829),"None (candidate not yet proposed)","" CVE-2017-14132,Candidate,"JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jas_image_ishomosamp function in libjasper/base/jas_image.c.","FEDORA:FEDORA-2021-0a6290f865 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M/ | FEDORA:FEDORA-2021-2b151590d9 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET/ | GENTOO:GLSA-201908-03 | URL:https://security.gentoo.org/glsa/201908-03 | MISC:https://github.com/mdadams/jasper/issues/147 | MLIST:[debian-lts-announce] 20181121 [SECURITY] [DLA 1583-1] jasper security update | URL:https://lists.debian.org/debian-lts-announce/2018/11/msg00023.html | SUSE:openSUSE-SU-2020:1517 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html | SUSE:openSUSE-SU-2020:1523 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00085.html",Assigned (20170904),"None (candidate not yet proposed)","" CVE-2017-14229,Candidate,"There is an infinite loop in the jpc_dec_tileinit function in jpc/jpc_dec.c of Jasper 2.0.13. It will lead to a remote denial of service attack.","BID:100861 | URL:http://www.securityfocus.com/bid/100861 | CONFIRM:https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | GENTOO:GLSA-201908-03 | URL:https://security.gentoo.org/glsa/201908-03 | MISC:https://github.com/mdadams/jasper/issues/146",Assigned (20170909),"None (candidate not yet proposed)","" CVE-2017-14941,Candidate,"Jaspersoft JasperReports 4.7 suffers from a saved credential disclosure vulnerability, which allows a remote authenticated user to retrieve stored Data Source passwords by accessing flow.html and reading the HTML source code of the page reached in an Edit action for a Data Source connector.","MISC:https://github.com/binary1985/VulnerabilityDisclosure/blob/master/JasperSoft%20JasperReports%20-%204.7%20-%20CVE-2017-14941",Assigned (20170929),"None (candidate not yet proposed)","" CVE-2017-5498,Candidate,"libjasper/include/jasper/jas_math.h in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.","BID:95666 | URL:http://www.securityfocus.com/bid/95666 | MISC:https://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/",Assigned (20170116),"None (candidate not yet proposed)","" CVE-2017-5499,Candidate,"Integer overflow in libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file.","BID:95666 | URL:http://www.securityfocus.com/bid/95666 | MISC:https://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/ | SUSE:openSUSE-SU-2020:1517 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html | SUSE:openSUSE-SU-2020:1523 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00085.html",Assigned (20170116),"None (candidate not yet proposed)","" CVE-2017-5500,Candidate,"libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.","BID:95666 | URL:http://www.securityfocus.com/bid/95666 | MISC:https://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/",Assigned (20170116),"None (candidate not yet proposed)","" CVE-2017-5501,Candidate,"Integer overflow in libjasper/jpc/jpc_tsfb.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file.","BID:95666 | URL:http://www.securityfocus.com/bid/95666 | MISC:https://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/",Assigned (20170116),"None (candidate not yet proposed)","" CVE-2017-5502,Candidate,"libjasper/jp2/jp2_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.","BID:95666 | URL:http://www.securityfocus.com/bid/95666 | MISC:https://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/",Assigned (20170116),"None (candidate not yet proposed)","" CVE-2017-5503,Candidate,"The dec_clnpass function in libjasper/jpc/jpc_t1dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via a crafted image.","BID:95683 | URL:http://www.securityfocus.com/bid/95683 | GENTOO:GLSA-201908-03 | URL:https://security.gentoo.org/glsa/201908-03 | MISC:https://blogs.gentoo.org/ago/2017/01/16/jasper-invalid-memory-write-in-dec_clnpass-jpc_t1dec-c/ | MLIST:[oss-security] 20170116 jasper: invalid memory write in dec_clnpass (jpc_t1dec.c) | URL:http://www.openwall.com/lists/oss-security/2017/01/16/3 | MLIST:[oss-security] 20170117 Re: Re: jasper: invalid memory write in dec_clnpass (jpc_t1dec.c) | URL:http://www.openwall.com/lists/oss-security/2017/01/17/10 | SUSE:openSUSE-SU-2020:1517 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html | SUSE:openSUSE-SU-2020:1523 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00085.html",Assigned (20170116),"None (candidate not yet proposed)","" CVE-2017-5504,Candidate,"The jpc_undo_roi function in libjasper/jpc/jpc_dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image.","BID:95682 | URL:http://www.securityfocus.com/bid/95682 | GENTOO:GLSA-201908-03 | URL:https://security.gentoo.org/glsa/201908-03 | MISC:https://blogs.gentoo.org/ago/2017/01/16/jasper-invalid-memory-read-in-jpc_undo_roi-jpc_dec-c/ | SUSE:openSUSE-SU-2020:1517 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html | SUSE:openSUSE-SU-2020:1523 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00085.html",Assigned (20170116),"None (candidate not yet proposed)","" CVE-2017-5505,Candidate,"The jas_matrix_asl function in jas_seq.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image.","BID:95687 | URL:http://www.securityfocus.com/bid/95687 | GENTOO:GLSA-201908-03 | URL:https://security.gentoo.org/glsa/201908-03 | MISC:https://blogs.gentoo.org/ago/2017/01/16/jasper-invalid-memory-read-in-jas_matrix_asl-jas_seq-c/ | MLIST:[oss-security] 20170116 Re: jasper: invalid memory read in jas_matrix_asl (jas_seq.c) | URL:http://www.openwall.com/lists/oss-security/2017/01/17/4 | MLIST:[oss-security] 20170116 jasper: invalid memory read in jas_matrix_asl (jas_seq.c) | URL:http://www.openwall.com/lists/oss-security/2017/01/16/5 | SUSE:openSUSE-SU-2020:1517 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html | SUSE:openSUSE-SU-2020:1523 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00085.html",Assigned (20170116),"None (candidate not yet proposed)","" CVE-2017-5528,Candidate,"Multiple JasperReports Server components contain vulnerabilities which may allow authorized users to perform cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. The impact of this vulnerability includes the theoretical disclosure of sensitive information. Affects TIBCO JasperReports Server (versions 6.1.1 and below, 6.2.0, 6.2.1, and 6.3.0), TIBCO JasperReports Server Community Edition (versions 6.3.0 and below), TIBCO JasperReports Server for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO Jaspersoft for AWS with Multi-Tenancy (versions 6.2.0 and below), and TIBCO Jaspersoft Reporting and Analytics for AWS (versions 6.2.0 and below).","CONFIRM:https://www.tibco.com/support/advisories/2017/06/tibco-security-advisory-june-28-2017-tibco-jasperreports-server-2017",Assigned (20170119),"None (candidate not yet proposed)","" CVE-2017-5529,Candidate,"JasperReports library components contain an information disclosure vulnerability. This vulnerability includes the theoretical disclosure of any accessible information from the host file system. Affects TIBCO JasperReports Library Community Edition (versions 6.4.0 and below), TIBCO JasperReports Library for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO JasperReports Professional (versions 6.2.1 and below, and 6.3.0), TIBCO JasperReports Server (versions 6.1.1 and below, 6.2.0, 6.2.1, 6.3.0), TIBCO JasperReports Server Community Edition (versions 6.3.0 and below), TIBCO JasperReports Server for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO Jaspersoft for AWS with Multi-Tenancy (versions 6.3.0 and below), TIBCO Jaspersoft Reporting and Analytics for AWS (versions 6.3.0 and below), and TIBCO Jaspersoft Studio for ActiveMatrix BPM (versions 6.2.0 and below).","CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://www.tibco.com/support/advisories/2017/06/tibco-security-advisory-june-28-2017-tibco-jasperreports-server-2017-0 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html",Assigned (20170119),"None (candidate not yet proposed)","" CVE-2017-5532,Candidate,"A vulnerability in the report renderer component of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS, TIBCO Jaspersoft Studio, and TIBCO Jaspersoft Studio for ActiveMatrix BPM may allow a subset of authorized users to perform persistent cross-site scripting (XSS) attacks. Affected releases are TIBCO JasperReports Server 6.2.3 and below; 6.3.0; 6.3.1; 6.3.2; 6.4.0, TIBCO JasperReports Server Community Edition 6.4.0 and below, TIBCO JasperReports Server for ActiveMatrix BPM 6.4.0 and below, TIBCO JasperReports Library 6.2.3 and below; 6.3.0; 6.3.1; 6.3.2; 6.4.0; 6.4.1, TIBCO JasperReports Library for ActiveMatrix BPM 6.4.1 and below, TIBCO Jaspersoft for AWS with Multi-Tenancy 6.4.0 and below, TIBCO Jaspersoft Reporting and Analytics for AWS 6.4.0 and below, TIBCO Jaspersoft Studio 6.2.3 and below; 6.3.0; 6.3.1; 6.3.2; 6.4.0, and TIBCO Jaspersoft Studio for ActiveMatrix BPM 6.4.0 and below.","BID:101873 | URL:http://www.securityfocus.com/bid/101873 | CONFIRM:https://www.tibco.com/support/advisories/2017/11/tibco-security-advisory-november-15-2017-tibco-jasperreports-2017-5532",Assigned (20170119),"None (candidate not yet proposed)","" CVE-2017-5533,Candidate,"A vulnerability in the server content cache of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability which fails to prevent remote access to all the contents of the web application, including key configuration files. Affected releases are TIBCO JasperReports Server 6.4.0, TIBCO JasperReports Server Community Edition 6.4.0, TIBCO JasperReports Server for ActiveMatrix BPM 6.4.0, TIBCO Jaspersoft for AWS with Multi-Tenancy 6.4.0, TIBCO Jaspersoft Reporting and Analytics for AWS 6.4.0.","BID:101878 | URL:http://www.securityfocus.com/bid/101878 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:http://www.tibco.com/support/advisories/2017/11/tibco-security-advisory-november-15-2017-tibco-jasperreports-server-2017 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | MISC:https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",Assigned (20170119),"None (candidate not yet proposed)","" CVE-2017-6850,Candidate,"The jp2_cdef_destroy function in jp2_cod.c in JasPer before 2.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image.","CONFIRM:https://github.com/mdadams/jasper/commit/e96fc4fdd525fa0ede28074a7e2b1caf94b58b0d | CONFIRM:https://github.com/mdadams/jasper/issues/112 | MISC:https://blogs.gentoo.org/ago/2017/01/25/jasper-null-pointer-dereference-in-jp2_cdef_destroy-jp2_cod-c/ | UBUNTU:USN-3693-1 | URL:https://usn.ubuntu.com/3693-1/",Assigned (20170312),"None (candidate not yet proposed)","" CVE-2017-6851,Candidate,"The jas_matrix_bindsub function in jas_seq.c in JasPer 2.0.10 allows remote attackers to cause a denial of service (invalid read) via a crafted image.","GENTOO:GLSA-201908-03 | URL:https://security.gentoo.org/glsa/201908-03 | MISC:https://blogs.gentoo.org/ago/2017/01/25/jasper-invalid-memory-read-in-jas_matrix_bindsub-jas_seq-c/ | MISC:https://github.com/mdadams/jasper/issues/113",Assigned (20170312),"None (candidate not yet proposed)","" CVE-2017-6852,Candidate,"Heap-based buffer overflow in the jpc_dec_decodepkt function in jpc_t2dec.c in JasPer 2.0.10 allows remote attackers to have unspecified impact via a crafted image.","GENTOO:GLSA-201908-03 | URL:https://security.gentoo.org/glsa/201908-03 | MISC:https://blogs.gentoo.org/ago/2017/01/25/jasper-heap-based-buffer-overflow-in-jpc_dec_decodepkt-jpc_t2dec-c/ | MISC:https://github.com/mdadams/jasper/issues/114",Assigned (20170312),"None (candidate not yet proposed)","" CVE-2017-9782,Candidate,"JasPer 2.0.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jp2_decode function in libjasper/jp2/jp2_dec.c.","GENTOO:GLSA-201908-03 | URL:https://security.gentoo.org/glsa/201908-03 | MISC:https://github.com/mdadams/jasper/issues/140 | SUSE:openSUSE-SU-2020:1517 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html | SUSE:openSUSE-SU-2020:1523 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00085.html",Assigned (20170621),"None (candidate not yet proposed)","" CVE-2018-18808,Candidate,"The domain management component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a race-condition vulnerability that may allow any users with domain save privileges to gain superuser privileges. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.3.4; 6.4.0; 6.4.1; 6.4.2; 6.4.3; 7.1.0, TIBCO JasperReports Server Community Edition: versions up to and including 7.1.0, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.3, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 7.1.0, and TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 7.1.0.","BID:107350 | URL:http://www.securityfocus.com/bid/107350 | CONFIRM:https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-6-2019-tibco-jasperreports-server-2018-18808 | MISC:http://www.tibco.com/services/support/advisories",Assigned (20181029),"None (candidate not yet proposed)","" CVE-2018-18809,Candidate,"The default server implementation of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a directory-traversal vulnerability that may theoretically allow web server users to access contents of the host system. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Library: versions up to and including 6.3.4; 6.4.1; 6.4.2; 6.4.21; 7.1.0; 7.2.0, TIBCO JasperReports Library Community Edition: versions up to and including 6.7.0, TIBCO JasperReports Library for ActiveMatrix BPM: versions up to and including 6.4.21, TIBCO JasperReports Server: versions up to and including 6.3.4; 6.4.0; 6.4.1; 6.4.2; 6.4.3; 7.1.0, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.3; 7.1.0, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.3, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 7.1.0, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 7.1.0.","BID:107351 | URL:http://www.securityfocus.com/bid/107351 | CONFIRM:https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-6-2019-tibco-jasperreports-library-2018-18809 | FULLDISC:20190909 CVE-2018-18809 Path traversal in Tibco JasperSoft | URL:http://seclists.org/fulldisclosure/2019/Sep/17 | MISC:http://packetstormsecurity.com/files/154406/Tibco-JasperSoft-Path-Traversal.html | MISC:http://www.tibco.com/services/support/advisories | MISC:https://cybersecurityworks.com/zerodays/cve-2018-18809-tibco.html | MISC:https://security.elarlang.eu/cve-2018-18809-path-traversal-in-tibco-jaspersoft.html",Assigned (20181029),"None (candidate not yet proposed)","" CVE-2018-18815,Candidate,"The REST API component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability that theoretically allows unauthenticated users to bypass authorization checks for portions of the HTTP interface to the JasperReports Server. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: 6.4.0; 6.4.1; 6.4.2; 6.4.3; 7.1.0, TIBCO JasperReports Server Community Edition: versions up to and including 7.1.0, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.3, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 7.1.0, and TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 7.1.0.","BID:107346 | URL:http://www.securityfocus.com/bid/107346 | CONFIRM:https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-6-2019-tibco-jasperreports-library-2018-18809 | CONFIRM:https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-6-2019-tibco-jasperreports-server-2018-18815 | MISC:http://www.tibco.com/services/support/advisories | MISC:https://www.zerodayinitiative.com/advisories/ZDI-19-305/",Assigned (20181029),"None (candidate not yet proposed)","" CVE-2018-18816,Candidate,"The repository component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS contains a persistent cross site scripting vulnerability. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.3.4; 6.4.0; 6.4.1; 6.4.2; 6.4.3; 7.1.0, TIBCO JasperReports Server Community Edition: versions up to and including 7.1.0, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.3, TIBCO Jaspersoft for AWS with Multi- Tenancy versions up to and including 7.1.0, and TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 7.1.0.","BID:107348 | URL:http://www.securityfocus.com/bid/107348 | CONFIRM:https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-6-2019-tibco-jasperreports-2018-18816 | MISC:http://www.tibco.com/services/support/advisories",Assigned (20181029),"None (candidate not yet proposed)","" CVE-2018-18873,Candidate,"An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c.","GENTOO:GLSA-201908-03 | URL:https://security.gentoo.org/glsa/201908-03 | MISC:https://github.com/mdadams/jasper/issues/184 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | MLIST:[debian-lts-announce] 20190102 [SECURITY] [DLA 1628-1] jasper security update | URL:https://lists.debian.org/debian-lts-announce/2019/01/msg00003.html | SUSE:openSUSE-SU-2020:1517 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html | SUSE:openSUSE-SU-2020:1523 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00085.html",Assigned (20181031),"None (candidate not yet proposed)","" CVE-2018-19139,Candidate,"An issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c.","BID:105956 | URL:http://www.securityfocus.com/bid/105956 | MISC:https://github.com/mdadams/jasper/issues/188 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | MLIST:[debian-lts-announce] 20190102 [SECURITY] [DLA 1628-1] jasper security update | URL:https://lists.debian.org/debian-lts-announce/2019/01/msg00003.html | SUSE:openSUSE-SU-2020:1517 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html | SUSE:openSUSE-SU-2020:1523 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00085.html",Assigned (20181109),"None (candidate not yet proposed)","" CVE-2018-19539,Candidate,"An issue was discovered in JasPer 2.0.14. There is an access violation in the function jas_image_readcmpt in libjasper/base/jas_image.c, leading to a denial of service.","MISC:https://github.com/mdadams/jasper/issues/182 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | MLIST:[debian-lts-announce] 20190102 [SECURITY] [DLA 1628-1] jasper security update | URL:https://lists.debian.org/debian-lts-announce/2019/01/msg00003.html | SUSE:openSUSE-SU-2019:1315 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00004.html",Assigned (20181125),"None (candidate not yet proposed)","" CVE-2018-19540,Candidate,"An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16. There is a heap-based buffer overflow of size 1 in the function jas_icctxtdesc_input in libjasper/base/jas_icc.c.","MISC:https://github.com/mdadams/jasper/issues/182 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | MLIST:[debian-lts-announce] 20190102 [SECURITY] [DLA 1628-1] jasper security update | URL:https://lists.debian.org/debian-lts-announce/2019/01/msg00003.html | SUSE:openSUSE-SU-2019:2279 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00025.html | SUSE:openSUSE-SU-2019:2282 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00023.html",Assigned (20181125),"None (candidate not yet proposed)","" CVE-2018-19541,Candidate,"An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16. There is a heap-based buffer over-read of size 8 in the function jas_image_depalettize in libjasper/base/jas_image.c.","MISC:https://github.com/mdadams/jasper/issues/182 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | MLIST:[debian-lts-announce] 20190102 [SECURITY] [DLA 1628-1] jasper security update | URL:https://lists.debian.org/debian-lts-announce/2019/01/msg00003.html | SUSE:openSUSE-SU-2019:2279 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00025.html | SUSE:openSUSE-SU-2019:2282 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00023.html",Assigned (20181125),"None (candidate not yet proposed)","" CVE-2018-19542,Candidate,"An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function jp2_decode in libjasper/jp2/jp2_dec.c, leading to a denial of service.","MISC:https://github.com/mdadams/jasper/issues/182 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | MLIST:[debian-lts-announce] 20190102 [SECURITY] [DLA 1628-1] jasper security update | URL:https://lists.debian.org/debian-lts-announce/2019/01/msg00003.html | SUSE:openSUSE-SU-2019:1315 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00004.html",Assigned (20181125),"None (candidate not yet proposed)","" CVE-2018-19543,Candidate,"An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jp2_decode in libjasper/jp2/jp2_dec.c.","MISC:https://github.com/mdadams/jasper/issues/182 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | SUSE:openSUSE-SU-2020:1517 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html | SUSE:openSUSE-SU-2020:1523 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00085.html",Assigned (20181125),"None (candidate not yet proposed)","" CVE-2018-20570,Candidate,"jp2_encode in jp2/jp2_enc.c in JasPer 2.0.14 has a heap-based buffer over-read.","MISC:https://github.com/mdadams/jasper/issues/191 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | MLIST:[debian-lts-announce] 20190102 [SECURITY] [DLA 1628-1] jasper security update | URL:https://lists.debian.org/debian-lts-announce/2019/01/msg00003.html | SUSE:openSUSE-SU-2020:1517 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html | SUSE:openSUSE-SU-2020:1523 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00085.html",Assigned (20181228),"None (candidate not yet proposed)","" CVE-2018-20584,Candidate,"JasPer 2.0.14 allows remote attackers to cause a denial of service (application hang) via an attempted conversion to the jp2 format.","BID:106356 | URL:http://www.securityfocus.com/bid/106356 | GENTOO:GLSA-201908-03 | URL:https://security.gentoo.org/glsa/201908-03 | MISC:https://github.com/mdadams/jasper/issues/192 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | MLIST:[debian-lts-announce] 20190102 [SECURITY] [DLA 1628-1] jasper security update | URL:https://lists.debian.org/debian-lts-announce/2019/01/msg00003.html",Assigned (20181229),"None (candidate not yet proposed)","" CVE-2018-20622,Candidate,"JasPer 2.0.14 has a memory leak in base/jas_malloc.c in libjasper.a when ""--output-format jp2"" is used.","BID:106373 | URL:http://www.securityfocus.com/bid/106373 | MISC:https://github.com/mdadams/jasper/issues/193 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | MLIST:[debian-lts-announce] 20190102 [SECURITY] [DLA 1628-1] jasper security update | URL:https://lists.debian.org/debian-lts-announce/2019/01/msg00003.html | SUSE:openSUSE-SU-2020:1517 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html | SUSE:openSUSE-SU-2020:1523 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00085.html",Assigned (20181231),"None (candidate not yet proposed)","" CVE-2018-5429,Candidate,"A vulnerability in the report scripting component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS, TIBCO Jaspersoft Studio, TIBCO Jaspersoft Studio Community Edition, and TIBCO Jaspersoft Studio for ActiveMatrix BPM may allow analytic reports that contain scripting to perform arbitrary code execution. Affected releases include TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.2.4; 6.3.0; 6.3.2;6.3.3; 6.4.0; 6.4.2, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.2, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO JasperReports Library: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3; 6.4.0; 6.4.1; 6.4.2, TIBCO JasperReports Library Community Edition: versions up to and including 6.4.3, TIBCO JasperReports Library for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 6.4.2, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 6.4.2, TIBCO Jaspersoft Studio: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3; 6.4.0; 6.4.2, TIBCO Jaspersoft Studio Community Edition: versions up to and including 6.4.3, TIBCO Jaspersoft Studio for ActiveMatrix BPM: versions up to and including 6.4.2.","CONFIRM:https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5429",Assigned (20180112),"None (candidate not yet proposed)","" CVE-2018-5430,Candidate,"The Spring web flows of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contain a vulnerability which may allow any authenticated user read-only access to the contents of the web application, including key configuration files. Affected releases include TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3;6.4.0; 6.4.2, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.2, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 6.4.2, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 6.4.2.","CONFIRM:https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5430 | EXPLOIT-DB:44623 | URL:https://www.exploit-db.com/exploits/44623/ | MISC:https://rhinosecuritylabs.com/application-security/authenticated-file-read-vulnerability-in-jasperreports/",Assigned (20180112),"None (candidate not yet proposed)","" CVE-2018-5431,Candidate,"The domain designer component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability which may allow, in the context of a non-default permissions configuration, persisted cross-site scripting (XSS) attacks. Affected releases include TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3; 6.4.0; 6.4.2, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.2, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 6.4.2, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 6.4.2.","CONFIRM:https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5431",Assigned (20180112),"None (candidate not yet proposed)","" CVE-2018-9055,Candidate,"JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_firstone in libjasper/jpc/jpc_math.c.","BID:103577 | URL:http://www.securityfocus.com/bid/103577 | GENTOO:GLSA-201908-03 | URL:https://security.gentoo.org/glsa/201908-03 | MISC:https://github.com/mdadams/jasper/issues/172 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html",Assigned (20180326),"None (candidate not yet proposed)","" CVE-2018-9154,Candidate,"There is a reachable abort in the function jpc_dec_process_sot in libjasper/jpc/jpc_dec.c of JasPer 2.0.14 that will lead to a remote denial of service attack by triggering an unexpected jas_alloc2 return value, a different vulnerability than CVE-2017-13745.","GENTOO:GLSA-201908-03 | URL:https://security.gentoo.org/glsa/201908-03 | MISC:https://drive.google.com/drive/u/2/folders/1YuxdfbZrw79kfzoQz0PpxIutZ7pkf_kW | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html",Assigned (20180331),"None (candidate not yet proposed)","" CVE-2018-9252,Candidate,"JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_abstorelstepsize in libjasper/jpc/jpc_enc.c.","MISC:https://github.com/mdadams/jasper/issues/173 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | SUSE:openSUSE-SU-2020:1517 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html | SUSE:openSUSE-SU-2020:1523 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00085.html",Assigned (20180403),"None (candidate not yet proposed)","" CVE-2019-15799,Candidate,"An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. User accounts created through the web interface of the device, when given non-admin level privileges, have the same level of privileged access as administrators when connecting to the device via SSH (while their permissions via the web interface are in fact restricted). This allows normal users to obtain the administrative password by running the tech-support command via the CLI: this contains the encrypted passwords for all users on the device. As these passwords are encrypted using well-known and static parameters, they can be decrypted and the original passwords (including the administrator password) can be obtained.","CONFIRM:https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml | MISC:https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html | MISC:https://vimeo.com/354726424",Assigned (20190829),"None (candidate not yet proposed)","" CVE-2019-15800,Candidate,"An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Due to lack of input validation in the cmd_sys_traceroute_exec(), cmd_sys_arp_clear(), and cmd_sys_ping_exec() functions in the libclicmd.so library contained in the firmware, an attacker could leverage these functions to call system() and execute arbitrary commands on the switches. (Note that these functions are currently not called in this version of the firmware, however an attacker could use other vulnerabilities to finally use these vulnerabilities to gain code execution.)","CONFIRM:https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml | MISC:https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html",Assigned (20190829),"None (candidate not yet proposed)","" CVE-2019-15801,Candidate,"An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. The firmware image contains encrypted passwords that are used to authenticate users wishing to access a diagnostics or password-recovery menu. Using the hardcoded cryptographic key found elsewhere in the firmware, these passwords can be decrypted. This is related to fds_sys_passDebugPasswd_ret() and fds_sys_passRecoveryPasswd_ret() in libfds.so.0.0.","CONFIRM:https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml | MISC:https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html",Assigned (20190829),"None (candidate not yet proposed)","" CVE-2019-15802,Candidate,"An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. The firmware hashes and encrypts passwords using a hardcoded cryptographic key in sal_util_str_encrypt() in libsal.so.0.0. The parameters (salt, IV, and key data) are used to encrypt and decrypt all passwords using AES256 in CBC mode. With the parameters known, all previously encrypted passwords can be decrypted. This includes the passwords that are part of configuration backups or otherwise embedded as part of the firmware.","CONFIRM:https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml | MISC:https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html",Assigned (20190829),"None (candidate not yet proposed)","" CVE-2019-15803,Candidate,"An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Through an undocumented sequence of keypresses, undocumented functionality is triggered. A diagnostics shell is triggered via CTRL-ALT-t, which prompts for the password returned by fds_sys_passDebugPasswd_ret(). The firmware contains access control checks that determine if remote users are allowed to access this functionality. The function that performs this check (fds_sys_remoteDebugEnable_ret in libfds.so) always return TRUE with no actual checks performed. The diagnostics menu allows for reading/writing arbitrary registers and various other configuration parameters which are believed to be related to the network interface chips.","CONFIRM:https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml | MISC:https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html",Assigned (20190829),"None (candidate not yet proposed)","" CVE-2019-15804,Candidate,"An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. By sending a signal to the CLI process, undocumented functionality is triggered. Specifically, a menu can be triggered by sending the SIGQUIT signal to the CLI application (e.g., through CTRL+\ via SSH). The access control check for this menu does work and prohibits accessing the menu, which contains ""Password recovery for specific user"" options. The menu is believed to be accessible using a serial console.","CONFIRM:https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml | MISC:https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html",Assigned (20190829),"None (candidate not yet proposed)","" CVE-2019-8986,Candidate,"The SOAP API component vulnerability of TIBCO Software Inc.'s TIBCO JasperReports Server, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that may allow a malicious authenticated user to copy text files from the host operating system. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.3.4; 6.4.0; 6.4.1; 6.4.2; 6.4.3, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.3.","CONFIRM:https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-6-2019-tibco-jasperreports-server-2018-8986 | MISC:http://www.tibco.com/services/support/advisories",Assigned (20190221),"None (candidate not yet proposed)","" CVE-2020-27828,Candidate,"There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an arbitrary out-of-bounds write. This could potentially affect data confidentiality, integrity, or application availability.","FEDORA:FEDORA-2020-596e40f29c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBZZ2SNTQ4BSA6PNJCTOAKXIAXYNNF6V/ | FEDORA:FEDORA-2020-c549cf2462 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/COBEVDBUO3QTNR6YQBBTIQKNIB6W3MJ2/ | FEDORA:FEDORA-2021-0a6290f865 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M/ | FEDORA:FEDORA-2021-2b151590d9 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET/ | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1905201 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=1905201 | MISC:https://github.com/jasper-software/jasper/issues/252 | URL:https://github.com/jasper-software/jasper/issues/252",Assigned (20201027),"None (candidate not yet proposed)","" CVE-2020-9409,Candidate,"The administrative UI component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that theoretically allows an unauthenticated attacker to obtain the permissions of a JasperReports Server ""superuser"" for the affected systems. The attacker can theoretically exploit the vulnerability consistently, remotely, and without authenticating. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions 7.1.1 and below, TIBCO JasperReports Server for AWS Marketplace: versions 7.1.1 and below, and TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.1.1 and below.","CONFIRM:http://www.tibco.com/services/support/advisories | URL:http://www.tibco.com/services/support/advisories | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html",Assigned (20200226),"None (candidate not yet proposed)","" CVE-2020-9410,Candidate,"The report generator component of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that theoretically allows an attacker to exploit HTML injection to gain full control of a web interface containing the output of the report generator component with the privileges of any user that views the affected report(s). The attacker can theoretically exploit this vulnerability when other users view a maliciously generated report, where those reports use Fusion Charts and a data source with contents controlled by the attacker. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Library: versions 7.1.1 and below, versions 7.2.0 and 7.2.1, version 7.3.0, version 7.5.0, TIBCO JasperReports Library for ActiveMatrix BPM: versions 7.1.1 and below, TIBCO JasperReports Server: versions 7.1.1 and below, version 7.2.0, version 7.5.0, TIBCO JasperReports Server for AWS Marketplace: versions 7.5.0 and below, and TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.1.1 and below.","CONFIRM:http://www.tibco.com/services/support/advisories | URL:http://www.tibco.com/services/support/advisories | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html",Assigned (20200226),"None (candidate not yet proposed)","" CVE-2021-26926,Candidate,"A flaw was found in jasper before 2.0.25. An out of bounds read issue was found in jp2_decode function whic may lead to disclosure of information or program crash.","FEDORA:FEDORA-2021-56a49b0bc6 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRZFZSJ4UVLLMXSKHR455TAC2SD3TOHI/ | FEDORA:FEDORA-2021-5a34dd3f2d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSXESYUHMO522Z3RHXOQ2SJNWP3XTO67/ | FEDORA:FEDORA-2021-7f3323a767 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JYVCFVTVPL66OS7LCNLUSYCMYQAVWXMM/ | MISC:https://github.com/jasper-software/jasper/commit/41f214b121b837fa30d9ca5f2430212110f5cd9b | URL:https://github.com/jasper-software/jasper/commit/41f214b121b837fa30d9ca5f2430212110f5cd9b | MISC:https://github.com/jasper-software/jasper/issues/264 | URL:https://github.com/jasper-software/jasper/issues/264",Assigned (20210209),"None (candidate not yet proposed)","" CVE-2021-26927,Candidate,"A flaw was found in jasper before 2.0.25. A null pointer dereference in jp2_decode in jp2_dec.c may lead to program crash and denial of service.","FEDORA:FEDORA-2021-56a49b0bc6 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRZFZSJ4UVLLMXSKHR455TAC2SD3TOHI/ | FEDORA:FEDORA-2021-5a34dd3f2d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSXESYUHMO522Z3RHXOQ2SJNWP3XTO67/ | FEDORA:FEDORA-2021-7f3323a767 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JYVCFVTVPL66OS7LCNLUSYCMYQAVWXMM/ | MISC:https://github.com/jasper-software/jasper/commit/41f214b121b837fa30d9ca5f2430212110f5cd9b | URL:https://github.com/jasper-software/jasper/commit/41f214b121b837fa30d9ca5f2430212110f5cd9b | MISC:https://github.com/jasper-software/jasper/issues/265 | URL:https://github.com/jasper-software/jasper/issues/265",Assigned (20210209),"None (candidate not yet proposed)","" CVE-2021-3272,Candidate,"jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components.","FEDORA:FEDORA-2021-8ecb3686ca | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HD2Y2LT4N5ZWCMKYCUIKB3XODNJLOW3J/ | FEDORA:FEDORA-2021-b1b17185fc | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BZFU2F6UW4L2FJE65WJLWGUIELDWCL7/ | MISC:https://github.com/jasper-software/jasper/issues/259",Assigned (20210122),"None (candidate not yet proposed)","" CVE-2021-3443,Candidate,"A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened.","MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1939233 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=1939233",Assigned (20210315),"None (candidate not yet proposed)","" CVE-2021-3467,Candidate,"A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.26 handled component references in CDEF box in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened.","FEDORA:FEDORA-2021-2213a29364 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWAIUFNIUCGS2IMGGDTWZIUIY7BNLGKF/ | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1942097 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=1942097",Assigned (20210324),"None (candidate not yet proposed)","" CVE-2008-4575,Candidate,"Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attackers to cause a denial of service (crash) via (1) a long -cmd argument and (2) unspecified vectors related to ""a bunch of potential string overflows.""","BID:31770 | URL:http://www.securityfocus.com/bid/31770 | CONFIRM:http://www.sentex.net/~mwandel/jhead/changes.txt | CONFIRM:https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020 | FEDORA:FEDORA-2008-8928 | URL:https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00511.html | FEDORA:FEDORA-2008-8941 | URL:https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00531.html | MLIST:[oss-security] 20081015 Re: CVE request: jhead | URL:http://www.openwall.com/lists/oss-security/2008/10/15/6 | SECUNIA:32363 | URL:http://secunia.com/advisories/32363",Assigned (20081015),"None (candidate not yet proposed)","" CVE-2008-4639,Candidate,"jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file.","CONFIRM:https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020 | MLIST:[oss-security] 20081015 CVE request: jhead | URL:http://www.openwall.com/lists/oss-security/2008/10/15/5 | MLIST:[oss-security] 20081015 Re: CVE request: jhead | URL:http://www.openwall.com/lists/oss-security/2008/10/15/6 | MLIST:[oss-security] 20081016 Re: CVE request: jhead | URL:http://www.openwall.com/lists/oss-security/2008/10/16/3 | MLIST:[oss-security] 20090206 Re: CVE request: jhead | URL:http://www.openwall.com/lists/oss-security/2009/02/06/5",Assigned (20081021),"None (candidate not yet proposed)","" CVE-2008-4640,Candidate,"The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to delete arbitrary files via vectors involving a modified input filename in which (1) a final ""z"" character is replaced by a ""t"" character or (2) a final ""t"" character is replaced by a ""z"" character.","BID:32506 | URL:http://www.securityfocus.com/bid/32506 | CONFIRM:https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020 | MLIST:[oss-security] 20081016 Re: CVE request: jhead | URL:http://www.openwall.com/lists/oss-security/2008/10/16/3 | MLIST:[oss-security] 20081127 Re: CVE request: jhead | URL:http://www.openwall.com/lists/oss-security/2008/11/26/4",Assigned (20081021),"None (candidate not yet proposed)","" CVE-2008-4641,Candidate,"The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input.","BID:31921 | URL:http://www.securityfocus.com/bid/31921 | CONFIRM:https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020 | MLIST:[oss-security] 20081015 CVE request: jhead | URL:http://www.openwall.com/lists/oss-security/2008/10/15/5 | MLIST:[oss-security] 20081015 Re: CVE request: jhead | URL:http://www.openwall.com/lists/oss-security/2008/10/15/6 | MLIST:[oss-security] 20081016 Re: CVE request: jhead | URL:http://www.openwall.com/lists/oss-security/2008/10/16/3 | MLIST:[oss-security] 20081127 Re: CVE request: jhead | URL:http://www.openwall.com/lists/oss-security/2008/11/26/4",Assigned (20081021),"None (candidate not yet proposed)","" CVE-2016-3822,Candidate,"exif.c in Matthias Wandel jhead 2.87, as used in libjhead in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds access) via crafted EXIF data, aka internal bug 28868315.","BID:92226 | URL:http://www.securityfocus.com/bid/92226 | CONFIRM:http://source.android.com/security/bulletin/2016-08-01.html | CONFIRM:https://android.googlesource.com/platform/external/jhead/+/bae671597d47b9e5955c4cb742e468cebfd7ca6b | DEBIAN:DSA-3825 | URL:http://www.debian.org/security/2017/dsa-3825",Assigned (20160330),"None (candidate not yet proposed)","" CVE-2016-3862,Candidate,"media/ExifInterface.java in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 does not properly interact with the use of static variables in libjhead_jni, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 29270469.","CONFIRM:http://source.android.com/security/bulletin/2016-09-01.html | CONFIRM:https://android.googlesource.com/platform/frameworks/base/+/e739d9ca5469ed30129d0fa228e3d0f2878671ac | SECTRACK:1036763 | URL:http://www.securitytracker.com/id/1036763",Assigned (20160330),"None (candidate not yet proposed)","" CVE-2017-0766,Candidate,"A remote code execution vulnerability in the Android media framework (libjhead). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37776688.","BID:100649 | URL:http://www.securityfocus.com/bid/100649 | CONFIRM:https://source.android.com/security/bulletin/2017-09-01",Assigned (20161129),"None (candidate not yet proposed)","" CVE-2018-16554,Candidate,"The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because of inconsistency between float and double in a sprintf format string during TAG_GPS_ALT handling.","MISC:https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908176 | MISC:https://nimo-zhang.github.io/2018/09/07/bug-analysis-1/#more | MLIST:[debian-lts-announce] 20191231 [SECURITY] [DLA 2054-1] jhead security update | URL:https://lists.debian.org/debian-lts-announce/2019/12/msg00037.html",Assigned (20180906),"None (candidate not yet proposed)","" CVE-2018-17088,Candidate,"The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because there is an integer overflow during a check for whether a location exceeds the EXIF data length. This is analogous to the CVE-2016-3822 integer overflow in exif.c. This gpsinfo.c vulnerability is unrelated to the CVE-2018-16554 gpsinfo.c vulnerability.","MISC:https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907925 | MLIST:[debian-lts-announce] 20191231 [SECURITY] [DLA 2054-1] jhead security update | URL:https://lists.debian.org/debian-lts-announce/2019/12/msg00037.html",Assigned (20180916),"None (candidate not yet proposed)","" CVE-2018-6612,Candidate,"An integer underflow bug in the process_EXIF function of the exif.c file of jhead 3.00 raises a heap-based buffer over-read when processing a malicious JPEG file, which may allow a remote attacker to cause a denial-of-service attack or unspecified other impact.","CONFIRM:https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889272 | CONFIRM:https://launchpad.net/ubuntu/+source/jhead/1:3.00-6",Assigned (20180204),"None (candidate not yet proposed)","" CVE-2019-1010301,Candidate,"jhead 3.03 is affected by: Buffer Overflow. The impact is: Denial of service. The component is: gpsinfo.c Line 151 ProcessGpsInfo(). The attack vector is: Open a specially crafted JPEG file.","CONFIRM:https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/1838251 | FEDORA:FEDORA-2019-17b95fecd3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WVQTORTGQE56XXC6OVHQCSCUGABRMQZ/ | FEDORA:FEDORA-2019-441c2fb0d1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YTGUHTJTQ6EKEPDXFSKZKVLUJC4UAPBQ/ | GENTOO:GLSA-202007-17 | URL:https://security.gentoo.org/glsa/202007-17 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1679952 | MISC:https://launchpadlibrarian.net/435112680/32_crash_in_gpsinfo | MLIST:[debian-lts-announce] 20191231 [SECURITY] [DLA 2054-1] jhead security update | URL:https://lists.debian.org/debian-lts-announce/2019/12/msg00037.html",Assigned (20190320),"None (candidate not yet proposed)","" CVE-2019-1010302,Candidate,"jhead 3.03 is affected by: Incorrect Access Control. The impact is: Denial of service. The component is: iptc.c Line 122 show_IPTC(). The attack vector is: the victim must open a specially crafted JPEG file.","FEDORA:FEDORA-2019-17b95fecd3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WVQTORTGQE56XXC6OVHQCSCUGABRMQZ/ | FEDORA:FEDORA-2019-441c2fb0d1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YTGUHTJTQ6EKEPDXFSKZKVLUJC4UAPBQ/ | GENTOO:GLSA-202007-17 | URL:https://security.gentoo.org/glsa/202007-17 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1679978 | MLIST:[debian-lts-announce] 20191231 [SECURITY] [DLA 2054-1] jhead security update | URL:https://lists.debian.org/debian-lts-announce/2019/12/msg00037.html",Assigned (20190320),"None (candidate not yet proposed)","" CVE-2019-19035,Candidate,"jhead 3.03 is affected by: heap-based buffer over-read. The impact is: Denial of service. The component is: ReadJpegSections and process_SOFn in jpgfile.c. The attack vector is: Open a specially crafted JPEG file.","FEDORA:FEDORA-2019-7efb86afdc | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOL6LCMEVOOB342EJ4TKWTPJAJPJSVWH/ | FEDORA:FEDORA-2019-948e6ebaeb | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GPNV43VBUCMUBRBKPJBY4DDSYLHQ2GFR/ | GENTOO:GLSA-202007-17 | URL:https://security.gentoo.org/glsa/202007-17 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1765647",Assigned (20191117),"None (candidate not yet proposed)","" CVE-2020-6624,Candidate,"jhead through 3.04 has a heap-based buffer over-read in process_DQT in jpgqguess.c.","GENTOO:GLSA-202007-17 | URL:https://security.gentoo.org/glsa/202007-17 | MISC:https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/1858744",Assigned (20200109),"None (candidate not yet proposed)","" CVE-2020-6625,Candidate,"jhead through 3.04 has a heap-based buffer over-read in Get32s when called from ProcessGpsInfo in gpsinfo.c.","GENTOO:GLSA-202007-17 | URL:https://security.gentoo.org/glsa/202007-17 | MISC:https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/1858746",Assigned (20200109),"None (candidate not yet proposed)","" CVE-2004-0803,Candidate,"Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files.","BID:11406 | URL:http://www.securityfocus.com/bid/11406 | BUGTRAQ:20041013 CESA-2004-006: libtiff | URL:http://marc.info/?l=bugtraq&m=109778785107450&w=2 | CERT-VN:VU#948752 | URL:http://www.kb.cert.org/vuls/id/948752 | CONECTIVA:CLA-2004:888 | URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000888 | CONFIRM:http://www.kde.org/info/security/advisory-20041209-2.txt | DEBIAN:DSA-567 | URL:http://www.debian.org/security/2004/dsa-567 | GENTOO:GLSA-200410-11 | URL:http://www.gentoo.org/security/en/glsa/glsa-200410-11.xml | MANDRAKE:MDKSA-2004:109 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2004:109 | MANDRAKE:MDKSA-2005:052 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:052 | MISC:http://scary.beasts.org/security/CESA-2004-006.txt | OVAL:oval:org.mitre.oval:def:100114 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100114 | OVAL:oval:org.mitre.oval:def:8896 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8896 | REDHAT:RHSA-2004:577 | URL:http://www.redhat.com/support/errata/RHSA-2004-577.html | REDHAT:RHSA-2005:021 | URL:http://www.redhat.com/support/errata/RHSA-2005-021.html | REDHAT:RHSA-2005:354 | URL:http://www.redhat.com/support/errata/RHSA-2005-354.html | SECUNIA:12818 | URL:http://secunia.com/advisories/12818 | SUNALERT:101677 | URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1 | SUNALERT:201072 | URL:http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1 | SUSE:SUSE-SA:2004:038 | URL:http://www.novell.com/linux/security/advisories/2004_38_libtiff.html | XF:libtiff-library-decoding-bo(17703) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/17703",Assigned (20040825),"None (candidate not yet proposed)","" CVE-2004-0804,Candidate,"Vulnerability in tif_dirread.c for libtiff allows remote attackers to cause a denial of service (application crash) via a TIFF image that causes a divide-by-zero error when the number of row bytes is zero, a different vulnerability than CVE-2005-2452.","CERT-VN:VU#555304 | URL:http://www.kb.cert.org/vuls/id/555304 | CONECTIVA:CLA-2004:888 | URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000888 | CONFIRM:http://www.kde.org/info/security/advisory-20041209-2.txt | DEBIAN:DSA-567 | URL:http://www.debian.org/security/2004/dsa-567 | MANDRAKE:MDKSA-2004:109 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2004:109 | MANDRAKE:MDKSA-2005:052 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:052 | MISC:http://bugzilla.remotesensing.org/show_bug.cgi?id=111 | OVAL:oval:org.mitre.oval:def:100115 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100115 | OVAL:oval:org.mitre.oval:def:11711 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11711 | REDHAT:RHSA-2004:577 | URL:http://www.redhat.com/support/errata/RHSA-2004-577.html | REDHAT:RHSA-2005:021 | URL:http://www.redhat.com/support/errata/RHSA-2005-021.html | REDHAT:RHSA-2005:354 | URL:http://www.redhat.com/support/errata/RHSA-2005-354.html | SUNALERT:101677 | URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1 | SUNALERT:201072 | URL:http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1 | SUSE:SUSE-SA:2004:038 | URL:http://www.novell.com/linux/security/advisories/2004_38_libtiff.html | XF:libtiff-dos(17755) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/17755",Assigned (20040825),"None (candidate not yet proposed)","" CVE-2004-0886,Candidate,"Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls.","BID:11406 | URL:http://www.securityfocus.com/bid/11406 | CERT-VN:VU#687568 | URL:http://www.kb.cert.org/vuls/id/687568 | CIAC:P-015 | URL:http://www.ciac.org/ciac/bulletins/p-015.shtml | CONECTIVA:CLA-2004:888 | URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000888 | CONFIRM:http://www.kde.org/info/security/advisory-20041209-2.txt | DEBIAN:DSA-567 | URL:http://www.debian.org/security/2004/dsa-567 | MANDRAKE:MDKSA-2004:109 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2004:109 | MANDRAKE:MDKSA-2005:052 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:052 | OPENPKG:OpenPKG-SA-2004.043 | URL:http://marc.info/?l=bugtraq&m=109779465621929&w=2 | OVAL:oval:org.mitre.oval:def:100116 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100116 | OVAL:oval:org.mitre.oval:def:9907 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9907 | REDHAT:RHSA-2004:577 | URL:http://www.redhat.com/support/errata/RHSA-2004-577.html | REDHAT:RHSA-2005:021 | URL:http://www.redhat.com/support/errata/RHSA-2005-021.html | REDHAT:RHSA-2005:354 | URL:http://www.redhat.com/support/errata/RHSA-2005-354.html | SECTRACK:1011674 | URL:http://securitytracker.com/id?1011674 | SECUNIA:12818 | URL:http://secunia.com/advisories/12818 | SUNALERT:101677 | URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1 | SUNALERT:201072 | URL:http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1 | SUSE:SUSE-SA:2004:038 | URL:http://www.novell.com/linux/security/advisories/2004_38_libtiff.html | TRUSTIX:2004-0054 | URL:http://www.trustix.org/errata/2004/0054/ | XF:libtiff-bo(17715) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/17715",Assigned (20040922),"None (candidate not yet proposed)","" CVE-2004-0929,Candidate,"Heap-based buffer overflow in the OJPEGVSetField function in tif_ojpeg.c for libtiff 3.6.1 and earlier, when compiled with the OJPEG_SUPPORT (old JPEG support) option, allows remote attackers to execute arbitrary code via a malformed TIFF image.","CERT-VN:VU#129910 | URL:http://www.kb.cert.org/vuls/id/129910 | IDEFENSE:20041022 Novell SuSe Linux LibTIFF Heap Overflow Vulnerability | URL:http://www.idefense.com/application/poi/display?id=154&type=vulnerabilities | SUSE:SUSE-SA:2004:038 | URL:http://www.novell.com/linux/security/advisories/2004_38_libtiff.html | XF:libtiff-ojpegvsetfield-bo(17843) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/17843",Assigned (20041004),"None (candidate not yet proposed)","" CVE-2004-1183,Candidate,"Integer overflow in the tiffdump utility for libtiff 3.7.1 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF file.","BID:12173 | URL:http://www.securityfocus.com/bid/12173 | BUGTRAQ:20050106 [USN-54-1] TIFF library tool vulnerability | URL:http://marc.info/?l=bugtraq&m=110503635113419&w=2 | CONECTIVA:CLA-2005:920 | URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000920 | DEBIAN:DSA-626 | URL:http://www.debian.org/security/2004/dsa-626 | GENTOO:GLSA-200501-06 | URL:http://security.gentoo.org/glsa/glsa-200501-06.xml | MANDRAKE:MDKSA-2005:001 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:001 | MANDRAKE:MDKSA-2005:002 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:002 | MANDRAKE:MDKSA-2005:052 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:052 | OVAL:oval:org.mitre.oval:def:9743 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9743 | REDHAT:RHSA-2005:019 | URL:http://www.redhat.com/support/errata/RHSA-2005-019.html | REDHAT:RHSA-2005:035 | URL:http://www.redhat.com/support/errata/RHSA-2005-035.html | SECUNIA:13728 | URL:http://secunia.com/advisories/13728/ | SECUNIA:13776 | URL:http://secunia.com/advisories/13776 | SUSE:SUSE-SA:2005:001 | URL:http://www.novell.com/linux/security/advisories/2005_01_libtiff_tiff.html | XF:libtiff-tiffdump-bo(18782) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/18782",Assigned (20041213),"None (candidate not yet proposed)","" CVE-2004-1307,Candidate,"Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.","APPLE:APPLE-SA-2005-05-03 | URL:http://lists.apple.com/archives/security-announce/2005/May/msg00001.html | CERT:TA05-136A | URL:http://www.us-cert.gov/cas/techalerts/TA05-136A.html | CERT-VN:VU#539110 | URL:http://www.kb.cert.org/vuls/id/539110 | IDEFENSE:20041221 libtiff STRIPOFFSETS Integer Overflow Vulnerability | URL:http://www.idefense.com/application/poi/display?id=173&type=vulnerabilities&flashstatus=true | OVAL:oval:org.mitre.oval:def:11175 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11175 | SUNALERT:101677 | URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1 | SUNALERT:201072 | URL:http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1",Assigned (20041221),"None (candidate not yet proposed)","" CVE-2004-1308,Candidate,"Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for libtiff 3.5.7 and 3.7.0 allows remote attackers to execute arbitrary code via a TIFF file containing a TIFF_ASCII or TIFF_UNDEFINED directory entry with a -1 entry count, which leads to a heap-based buffer overflow.","APPLE:APPLE-SA-2005-05-03 | URL:http://lists.apple.com/archives/security-announce/2005/May/msg00001.html | CERT:TA05-136A | URL:http://www.us-cert.gov/cas/techalerts/TA05-136A.html | CERT-VN:VU#125598 | URL:http://www.kb.cert.org/vuls/id/125598 | CONECTIVA:CLA-2005:920 | URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000920 | DEBIAN:DSA-617 | URL:http://www.debian.org/security/2004/dsa-617 | IDEFENSE:20041221 libtiff Directory Entry Count Integer Overflow Vulnerability | URL:http://www.idefense.com/application/poi/display?id=174&type=vulnerabilities | MANDRAKE:MDKSA-2005:052 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:052 | OVAL:oval:org.mitre.oval:def:100117 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100117 | OVAL:oval:org.mitre.oval:def:9392 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9392 | REDHAT:RHSA-2005:019 | URL:http://www.redhat.com/support/errata/RHSA-2005-019.html | REDHAT:RHSA-2005:035 | URL:http://www.redhat.com/support/errata/RHSA-2005-035.html | SECUNIA:13776 | URL:http://secunia.com/advisories/13776 | SUNALERT:101677 | URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1 | SUNALERT:201072 | URL:http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1 | SUSE:SUSE-SA:2005:001 | URL:http://www.novell.com/linux/security/advisories/2005_01_libtiff_tiff.html | XF:libtiff-tiff-tdircount-bo(18637) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/18637",Assigned (20041221),"None (candidate not yet proposed)","" CVE-2005-1544,Candidate,"Stack-based buffer overflow in libTIFF before 3.7.2 allows remote attackers to execute arbitrary code via a TIFF file with a malformed BitsPerSample tag.","BID:13585 | URL:http://www.securityfocus.com/bid/13585 | DEBIAN:DSA-755 | URL:http://www.debian.org/security/2005/dsa-755 | GENTOO:GLSA-200505-07 | URL:http://www.gentoo.org/security/en/glsa/glsa-200505-07.xml | MANDRIVA:MDKSA-2006:042 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:042 | MISC:http://bugs.gentoo.org/show_bug.cgi?id=91584 | MISC:http://bugzilla.remotesensing.org/show_bug.cgi?id=843 | OSVDB:16350 | URL:http://www.osvdb.org/16350 | SCO:SCOSA-2005.34 | URL:ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.34/SCOSA-2005.34.txt | SCO:SCOSA-2006.3 | URL:ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.3/SCOSA-2006.3.txt | SECTRACK:1013944 | URL:http://securitytracker.com/id?1013944 | SECUNIA:15320 | URL:http://secunia.com/advisories/15320 | SECUNIA:16872 | URL:http://secunia.com/advisories/16872 | SECUNIA:18289 | URL:http://secunia.com/advisories/18289 | SECUNIA:18943 | URL:http://secunia.com/advisories/18943 | UBUNTU:USN-130-1 | URL:http://www.ubuntu.com/usn/usn-130-1 | XF:libtiff-bitspersample-bo(20533) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/20533",Assigned (20050514),"None (candidate not yet proposed)","" CVE-2005-2452,Candidate,"libtiff up to 3.7.0 allows remote attackers to cause a denial of service (application crash) via a TIFF image header with a zero ""YCbCr subsampling"" value, which causes a divide-by-zero error in (1) tif_strip.c and (2) tif_tile.c, a different vulnerability than CVE-2004-0804.","BID:14417 | URL:http://www.securityfocus.com/bid/14417 | MANDRAKE:MDKSA-2005:142 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:142 | MANDRAKE:MDKSA-2005:143 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:143 | MANDRAKE:MDKSA-2005:144 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:144 | MISC:https://bugzilla.ubuntu.com/show_bug.cgi?id=12008 | SECUNIA:16266 | URL:http://secunia.com/advisories/16266 | SECUNIA:16486 | URL:http://secunia.com/advisories/16486 | UBUNTU:USN-156-1 | URL:https://usn.ubuntu.com/156-1/",Assigned (20050803),"None (candidate not yet proposed)","" CVE-2006-0405,Candidate,"The TIFFFetchShortPair function in tif_dirread.c in libtiff 3.8.0 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers a NULL pointer dereference, possibly due to changes in type declarations and/or the TIFFVSetField function.","BID:18172 | URL:http://www.securityfocus.com/bid/18172 | GENTOO:GLSA-200605-17 | URL:http://www.gentoo.org/security/en/glsa/glsa-200605-17.xml | MISC:http://bugzilla.remotesensing.org/show_bug.cgi?id=1029 | MISC:http://bugzilla.remotesensing.org/show_bug.cgi?id=1034 | SECUNIA:18587 | URL:http://secunia.com/advisories/18587 | SECUNIA:20345 | URL:http://secunia.com/advisories/20345 | VUPEN:ADV-2006-0302 | URL:http://www.vupen.com/english/advisories/2006/0302 | XF:libtiff-tiffvsetfield-dos(24275) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/24275",Assigned (20060125),"None (candidate not yet proposed)","" CVE-2006-2024,Candidate,"Multiple vulnerabilities in libtiff before 3.8.1 allow context-dependent attackers to cause a denial of service via a TIFF image that triggers errors in (1) the TIFFFetchAnyArray function in (a) tif_dirread.c; (2) certain ""codec cleanup methods"" in (b) tif_lzw.c, (c) tif_pixarlog.c, and (d) tif_zip.c; (3) and improper restoration of setfield and getfield methods in cleanup functions within (e) tif_jpeg.c, tif_pixarlog.c, (f) tif_fax3.c, and tif_zip.c.","BID:17730 | URL:http://www.securityfocus.com/bid/17730 | CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-119.htm | CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189933 | DEBIAN:DSA-1054 | URL:http://www.debian.org/security/2006/dsa-1054 | GENTOO:GLSA-200605-17 | URL:http://www.gentoo.org/security/en/glsa/glsa-200605-17.xml | MANDRIVA:MDKSA-2006:082 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:082 | MISC:http://bugzilla.remotesensing.org/show_bug.cgi?id=1102 | OVAL:oval:org.mitre.oval:def:9893 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9893 | REDHAT:RHSA-2006:0425 | URL:http://www.redhat.com/support/errata/RHSA-2006-0425.html | SECUNIA:19838 | URL:http://secunia.com/advisories/19838 | SECUNIA:19851 | URL:http://secunia.com/advisories/19851 | SECUNIA:19897 | URL:http://secunia.com/advisories/19897 | SECUNIA:19936 | URL:http://secunia.com/advisories/19936 | SECUNIA:19949 | URL:http://secunia.com/advisories/19949 | SECUNIA:19964 | URL:http://secunia.com/advisories/19964 | SECUNIA:20021 | URL:http://secunia.com/advisories/20021 | SECUNIA:20023 | URL:http://secunia.com/advisories/20023 | SECUNIA:20210 | URL:http://secunia.com/advisories/20210 | SECUNIA:20345 | URL:http://secunia.com/advisories/20345 | SECUNIA:20667 | URL:http://secunia.com/advisories/20667 | SGI:20060501-01-U | URL:ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc | SUNALERT:103099 | URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-103099-1 | SUNALERT:201332 | URL:http://sunsolve.sun.com/search/document.do?assetkey=1-66-201332-1 | SUSE:SUSE-SR:2006:009 | URL:http://www.novell.com/linux/security/advisories/2006_04_28.html | TRUSTIX:2006-0024 | URL:http://www.trustix.org/errata/2006/0024 | UBUNTU:USN-277-1 | URL:https://usn.ubuntu.com/277-1/ | VUPEN:ADV-2006-1563 | URL:http://www.vupen.com/english/advisories/2006/1563 | XF:libtiff-tifffetchanyarray-dos(26133) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/26133",Assigned (20060425),"None (candidate not yet proposed)","" CVE-2006-2025,Candidate,"Integer overflow in the TIFFFetchData function in tif_dirread.c for libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted TIFF image.","BID:17732 | URL:http://www.securityfocus.com/bid/17732 | CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-119.htm | CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189933 | DEBIAN:DSA-1054 | URL:http://www.debian.org/security/2006/dsa-1054 | GENTOO:GLSA-200605-17 | URL:http://www.gentoo.org/security/en/glsa/glsa-200605-17.xml | MANDRIVA:MDKSA-2006:082 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:082 | MISC:http://bugzilla.remotesensing.org/show_bug.cgi?id=1102 | OVAL:oval:org.mitre.oval:def:10593 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10593 | REDHAT:RHSA-2006:0425 | URL:http://www.redhat.com/support/errata/RHSA-2006-0425.html | SECUNIA:19838 | URL:http://secunia.com/advisories/19838 | SECUNIA:19897 | URL:http://secunia.com/advisories/19897 | SECUNIA:19936 | URL:http://secunia.com/advisories/19936 | SECUNIA:19949 | URL:http://secunia.com/advisories/19949 | SECUNIA:19964 | URL:http://secunia.com/advisories/19964 | SECUNIA:20021 | URL:http://secunia.com/advisories/20021 | SECUNIA:20023 | URL:http://secunia.com/advisories/20023 | SECUNIA:20210 | URL:http://secunia.com/advisories/20210 | SECUNIA:20345 | URL:http://secunia.com/advisories/20345 | SECUNIA:20667 | URL:http://secunia.com/advisories/20667 | SGI:20060501-01-U | URL:ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc | SUNALERT:103099 | URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-103099-1 | SUNALERT:201332 | URL:http://sunsolve.sun.com/search/document.do?assetkey=1-66-201332-1 | SUSE:SUSE-SR:2006:009 | URL:http://www.novell.com/linux/security/advisories/2006_04_28.html | TRUSTIX:2006-0024 | URL:http://www.trustix.org/errata/2006/0024 | UBUNTU:USN-277-1 | URL:https://usn.ubuntu.com/277-1/ | VUPEN:ADV-2006-1563 | URL:http://www.vupen.com/english/advisories/2006/1563 | XF:libtiff-tifffetchdata-overflow(26134) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/26134",Assigned (20060425),"None (candidate not yet proposed)","" CVE-2006-2026,Candidate,"Double free vulnerability in tif_jpeg.c in libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers errors related to ""setfield/getfield methods in cleanup functions.""","BID:17733 | URL:http://www.securityfocus.com/bid/17733 | CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-119.htm | CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189933 | DEBIAN:DSA-1054 | URL:http://www.debian.org/security/2006/dsa-1054 | GENTOO:GLSA-200605-17 | URL:http://www.gentoo.org/security/en/glsa/glsa-200605-17.xml | MANDRIVA:MDKSA-2006:082 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:082 | MISC:http://bugzilla.remotesensing.org/show_bug.cgi?id=1102 | OVAL:oval:org.mitre.oval:def:11389 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11389 | REDHAT:RHSA-2006:0425 | URL:http://www.redhat.com/support/errata/RHSA-2006-0425.html | SECUNIA:19838 | URL:http://secunia.com/advisories/19838 | SECUNIA:19897 | URL:http://secunia.com/advisories/19897 | SECUNIA:19936 | URL:http://secunia.com/advisories/19936 | SECUNIA:19949 | URL:http://secunia.com/advisories/19949 | SECUNIA:19964 | URL:http://secunia.com/advisories/19964 | SECUNIA:20021 | URL:http://secunia.com/advisories/20021 | SECUNIA:20023 | URL:http://secunia.com/advisories/20023 | SECUNIA:20210 | URL:http://secunia.com/advisories/20210 | SECUNIA:20345 | URL:http://secunia.com/advisories/20345 | SECUNIA:20667 | URL:http://secunia.com/advisories/20667 | SGI:20060501-01-U | URL:ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc | SUNALERT:103099 | URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-103099-1 | SUNALERT:201332 | URL:http://sunsolve.sun.com/search/document.do?assetkey=1-66-201332-1 | SUSE:SUSE-SR:2006:009 | URL:http://www.novell.com/linux/security/advisories/2006_04_28.html | TRUSTIX:2006-0024 | URL:http://www.trustix.org/errata/2006/0024 | UBUNTU:USN-277-1 | URL:https://usn.ubuntu.com/277-1/ | VUPEN:ADV-2006-1563 | URL:http://www.vupen.com/english/advisories/2006/1563 | XF:libtiff-tifjpeg-doublefree-memory-corruption(26135) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/26135",Assigned (20060425),"None (candidate not yet proposed)","" CVE-2006-2120,Candidate,"The TIFFToRGB function in libtiff before 3.8.1 allows remote attackers to cause a denial of service (crash) via a crafted TIFF image with Yr/Yg/Yb values that exceed the YCR/YCG/YCB values, which triggers an out-of-bounds read.","BID:17809 | URL:http://www.securityfocus.com/bid/17809 | CONFIRM:http://bugzilla.remotesensing.org/show_bug.cgi?id=1065 | CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-119.htm | CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189974 | DEBIAN:DSA-1078 | URL:http://www.debian.org/security/2006/dsa-1078 | MANDRIVA:MDKSA-2006:082 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:082 | OVAL:oval:org.mitre.oval:def:9572 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9572 | REDHAT:RHSA-2006:0425 | URL:http://www.redhat.com/support/errata/RHSA-2006-0425.html | SECUNIA:19936 | URL:http://secunia.com/advisories/19936 | SECUNIA:19949 | URL:http://secunia.com/advisories/19949 | SECUNIA:19964 | URL:http://secunia.com/advisories/19964 | SECUNIA:20023 | URL:http://secunia.com/advisories/20023 | SECUNIA:20210 | URL:http://secunia.com/advisories/20210 | SECUNIA:20330 | URL:http://secunia.com/advisories/20330 | SECUNIA:20667 | URL:http://secunia.com/advisories/20667 | SGI:20060501-01-U | URL:ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc | TRUSTIX:2006-0024 | URL:http://www.trustix.org/errata/2006/0024 | UBUNTU:USN-277-1 | URL:https://usn.ubuntu.com/277-1/",Assigned (20060501),"None (candidate not yet proposed)","" CVE-2006-2193,Candidate,"Buffer overflow in the t2p_write_pdf_string function in tiff2pdf in libtiff 3.8.2 and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a TIFF file with a DocumentName tag that contains UTF-8 characters, which triggers the overflow when a character is sign extended to an integer that produces more digits than expected in an sprintf call.","BID:18331 | URL:http://www.securityfocus.com/bid/18331 | CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=370355 | CONFIRM:http://bugzilla.remotesensing.org/show_bug.cgi?id=1196 | DEBIAN:DSA-1091 | URL:http://www.debian.org/security/2006/dsa-1091 | GENTOO:GLSA-200607-03 | URL:http://security.gentoo.org/glsa/glsa-200607-03.xml | MANDRIVA:MDKSA-2006:102 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:102 | OVAL:oval:org.mitre.oval:def:9788 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9788 | REDHAT:RHSA-2008:0848 | URL:http://www.redhat.com/support/errata/RHSA-2008-0848.html | SECUNIA:20488 | URL:http://secunia.com/advisories/20488 | SECUNIA:20501 | URL:http://secunia.com/advisories/20501 | SECUNIA:20520 | URL:http://secunia.com/advisories/20520 | SECUNIA:20693 | URL:http://secunia.com/advisories/20693 | SECUNIA:20766 | URL:http://secunia.com/advisories/20766 | SECUNIA:21002 | URL:http://secunia.com/advisories/21002 | SECUNIA:27181 | URL:http://secunia.com/advisories/27181 | SECUNIA:27222 | URL:http://secunia.com/advisories/27222 | SECUNIA:27832 | URL:http://secunia.com/advisories/27832 | SECUNIA:31670 | URL:http://secunia.com/advisories/31670 | SUNALERT:103160 | URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1 | SUNALERT:201331 | URL:http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1 | SUSE:SUSE-SR:2006:014 | URL:http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.html | UBUNTU:USN-289-1 | URL:https://usn.ubuntu.com/289-1/ | VUPEN:ADV-2006-2197 | URL:http://www.vupen.com/english/advisories/2006/2197 | VUPEN:ADV-2007-3486 | URL:http://www.vupen.com/english/advisories/2007/3486 | VUPEN:ADV-2007-4034 | URL:http://www.vupen.com/english/advisories/2007/4034 | XF:libtiff-tiff2pdf-bo(26991) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/26991",Assigned (20060504),"None (candidate not yet proposed)","" CVE-2006-2656,Candidate,"Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and earlier might might allow attackers to execute arbitrary code via a long filename. NOTE: tiffsplit is not setuid. If there is not a common scenario under which tiffsplit is called with attacker-controlled command line arguments, then perhaps this issue should not be included in CVE.","DEBIAN:DSA-1091 | URL:http://www.debian.org/security/2006/dsa-1091 | FEDORA:FEDORA-2006-591 | URL:https://www.redhat.com/archives/fedora-package-announce/2006-May/msg00127.html | GENTOO:GLSA-200607-03 | URL:http://security.gentoo.org/glsa/glsa-200607-03.xml | MANDRIVA:MDKSA-2006:095 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:095 | SECUNIA:20501 | URL:http://secunia.com/advisories/20501 | SECUNIA:20520 | URL:http://secunia.com/advisories/20520 | SECUNIA:20766 | URL:http://secunia.com/advisories/20766 | SECUNIA:21002 | URL:http://secunia.com/advisories/21002 | SUSE:SUSE-SR:2006:014 | URL:http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.html | UBUNTU:USN-289-1 | URL:https://usn.ubuntu.com/289-1/ | VULN-DEV:20060524 tiffsplit (libtiff <= 3.8.2) bss & stack buffer overflow... | URL:http://marc.info/?l=vuln-dev&m=114857412916909&w=2",Assigned (20060530),"None (candidate not yet proposed)","" CVE-2006-3459,Candidate,"Multiple stack-based buffer overflows in the TIFF library (libtiff) before 3.8.2, as used in Adobe Reader 9.3.0 and other products, allow context-dependent attackers to execute arbitrary code or cause a denial of service via unspecified vectors, including a large tdir_count value in the TIFFFetchShortPair function in tif_dirread.c.","APPLE:APPLE-SA-2006-08-01 | URL:http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html | BID:19283 | URL:http://www.securityfocus.com/bid/19283 | BID:19289 | URL:http://www.securityfocus.com/bid/19289 | CERT:TA06-214A | URL:http://www.us-cert.gov/cas/techalerts/TA06-214A.html | CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm | CONFIRM:https://issues.rpath.com/browse/RPL-558 | DEBIAN:DSA-1137 | URL:http://www.debian.org/security/2006/dsa-1137 | GENTOO:GLSA-200608-07 | URL:http://www.gentoo.org/security/en/glsa/glsa-200608-07.xml | MANDRIVA:MDKSA-2006:136 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:136 | MANDRIVA:MDKSA-2006:137 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:137 | MISC:http://secunia.com/blog/76 | OSVDB:27723 | URL:http://www.osvdb.org/27723 | OVAL:oval:org.mitre.oval:def:11497 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11497 | REDHAT:RHSA-2006:0603 | URL:http://www.redhat.com/support/errata/RHSA-2006-0603.html | REDHAT:RHSA-2006:0648 | URL:http://www.redhat.com/support/errata/RHSA-2006-0648.html | SECTRACK:1016628 | URL:http://securitytracker.com/id?1016628 | SECTRACK:1016671 | URL:http://securitytracker.com/id?1016671 | SECUNIA:21253 | URL:http://secunia.com/advisories/21253 | SECUNIA:21274 | URL:http://secunia.com/advisories/21274 | SECUNIA:21290 | URL:http://secunia.com/advisories/21290 | SECUNIA:21304 | URL:http://secunia.com/advisories/21304 | SECUNIA:21319 | URL:http://secunia.com/advisories/21319 | SECUNIA:21334 | URL:http://secunia.com/advisories/21334 | SECUNIA:21338 | URL:http://secunia.com/advisories/21338 | SECUNIA:21346 | URL:http://secunia.com/advisories/21346 | SECUNIA:21370 | URL:http://secunia.com/advisories/21370 | SECUNIA:21392 | URL:http://secunia.com/advisories/21392 | SECUNIA:21501 | URL:http://secunia.com/advisories/21501 | SECUNIA:21537 | URL:http://secunia.com/advisories/21537 | SECUNIA:21598 | URL:http://secunia.com/advisories/21598 | SECUNIA:21632 | URL:http://secunia.com/advisories/21632 | SECUNIA:22036 | URL:http://secunia.com/advisories/22036 | SECUNIA:27181 | URL:http://secunia.com/advisories/27181 | SECUNIA:27222 | URL:http://secunia.com/advisories/27222 | SECUNIA:27832 | URL:http://secunia.com/advisories/27832 | SGI:20060801-01-P | URL:ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P | SGI:20060901-01-P | URL:ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc | SLACKWARE:SSA:2006-230-01 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.536600 | SUNALERT:103160 | URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1 | SUNALERT:201331 | URL:http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1 | SUSE:SUSE-SA:2006:044 | URL:http://www.novell.com/linux/security/advisories/2006_44_libtiff.html | TRUSTIX:2006-0044 | URL:http://lwn.net/Alerts/194228/ | UBUNTU:USN-330-1 | URL:http://www.ubuntu.com/usn/usn-330-1 | VUPEN:ADV-2006-3101 | URL:http://www.vupen.com/english/advisories/2006/3101 | VUPEN:ADV-2006-3105 | URL:http://www.vupen.com/english/advisories/2006/3105 | VUPEN:ADV-2007-3486 | URL:http://www.vupen.com/english/advisories/2007/3486 | VUPEN:ADV-2007-4034 | URL:http://www.vupen.com/english/advisories/2007/4034",Assigned (20060710),"None (candidate not yet proposed)","" CVE-2006-3460,Candidate,"Heap-based buffer overflow in the JPEG decoder in the TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an encoded JPEG stream that is longer than the scan line size (TiffScanLineSize).","BID:19288 | URL:http://www.securityfocus.com/bid/19288 | BID:19289 | URL:http://www.securityfocus.com/bid/19289 | CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm | CONFIRM:https://issues.rpath.com/browse/RPL-558 | DEBIAN:DSA-1137 | URL:http://www.debian.org/security/2006/dsa-1137 | GENTOO:GLSA-200608-07 | URL:http://www.gentoo.org/security/en/glsa/glsa-200608-07.xml | MANDRIVA:MDKSA-2006:136 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:136 | MANDRIVA:MDKSA-2006:137 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:137 | OVAL:oval:org.mitre.oval:def:11265 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11265 | REDHAT:RHSA-2006:0603 | URL:http://www.redhat.com/support/errata/RHSA-2006-0603.html | REDHAT:RHSA-2006:0648 | URL:http://www.redhat.com/support/errata/RHSA-2006-0648.html | SECTRACK:1016628 | URL:http://securitytracker.com/id?1016628 | SECUNIA:21274 | URL:http://secunia.com/advisories/21274 | SECUNIA:21290 | URL:http://secunia.com/advisories/21290 | SECUNIA:21304 | URL:http://secunia.com/advisories/21304 | SECUNIA:21319 | URL:http://secunia.com/advisories/21319 | SECUNIA:21334 | URL:http://secunia.com/advisories/21334 | SECUNIA:21338 | URL:http://secunia.com/advisories/21338 | SECUNIA:21346 | URL:http://secunia.com/advisories/21346 | SECUNIA:21370 | URL:http://secunia.com/advisories/21370 | SECUNIA:21392 | URL:http://secunia.com/advisories/21392 | SECUNIA:21501 | URL:http://secunia.com/advisories/21501 | SECUNIA:21537 | URL:http://secunia.com/advisories/21537 | SECUNIA:21598 | URL:http://secunia.com/advisories/21598 | SECUNIA:21632 | URL:http://secunia.com/advisories/21632 | SECUNIA:22036 | URL:http://secunia.com/advisories/22036 | SECUNIA:27181 | URL:http://secunia.com/advisories/27181 | SECUNIA:27222 | URL:http://secunia.com/advisories/27222 | SECUNIA:27832 | URL:http://secunia.com/advisories/27832 | SGI:20060801-01-P | URL:ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P | SGI:20060901-01-P | URL:ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc | SLACKWARE:SSA:2006-230-01 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.536600 | SUNALERT:103160 | URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1 | SUNALERT:201331 | URL:http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1 | SUSE:SUSE-SA:2006:044 | URL:http://www.novell.com/linux/security/advisories/2006_44_libtiff.html | TRUSTIX:2006-0044 | URL:http://lwn.net/Alerts/194228/ | UBUNTU:USN-330-1 | URL:http://www.ubuntu.com/usn/usn-330-1 | VUPEN:ADV-2006-3101 | URL:http://www.vupen.com/english/advisories/2006/3101 | VUPEN:ADV-2006-3105 | URL:http://www.vupen.com/english/advisories/2006/3105 | VUPEN:ADV-2007-3486 | URL:http://www.vupen.com/english/advisories/2007/3486 | VUPEN:ADV-2007-4034 | URL:http://www.vupen.com/english/advisories/2007/4034",Assigned (20060710),"None (candidate not yet proposed)","" CVE-2006-3461,Candidate,"Heap-based buffer overflow in the PixarLog decoder in the TIFF library (libtiff) before 3.8.2 might allow context-dependent attackers to execute arbitrary code via unknown vectors.","APPLE:APPLE-SA-2006-08-01 | URL:http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html | BID:19289 | URL:http://www.securityfocus.com/bid/19289 | BID:19290 | URL:http://www.securityfocus.com/bid/19290 | CERT:TA06-214A | URL:http://www.us-cert.gov/cas/techalerts/TA06-214A.html | CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm | CONFIRM:https://issues.rpath.com/browse/RPL-558 | DEBIAN:DSA-1137 | URL:http://www.debian.org/security/2006/dsa-1137 | GENTOO:GLSA-200608-07 | URL:http://www.gentoo.org/security/en/glsa/glsa-200608-07.xml | MANDRIVA:MDKSA-2006:137 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:137 | OSVDB:27725 | URL:http://www.osvdb.org/27725 | OVAL:oval:org.mitre.oval:def:9910 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9910 | REDHAT:RHSA-2006:0603 | URL:http://www.redhat.com/support/errata/RHSA-2006-0603.html | REDHAT:RHSA-2006:0648 | URL:http://www.redhat.com/support/errata/RHSA-2006-0648.html | SECTRACK:1016628 | URL:http://securitytracker.com/id?1016628 | SECTRACK:1016671 | URL:http://securitytracker.com/id?1016671 | SECUNIA:21253 | URL:http://secunia.com/advisories/21253 | SECUNIA:21274 | URL:http://secunia.com/advisories/21274 | SECUNIA:21290 | URL:http://secunia.com/advisories/21290 | SECUNIA:21304 | URL:http://secunia.com/advisories/21304 | SECUNIA:21319 | URL:http://secunia.com/advisories/21319 | SECUNIA:21334 | URL:http://secunia.com/advisories/21334 | SECUNIA:21338 | URL:http://secunia.com/advisories/21338 | SECUNIA:21346 | URL:http://secunia.com/advisories/21346 | SECUNIA:21370 | URL:http://secunia.com/advisories/21370 | SECUNIA:21392 | URL:http://secunia.com/advisories/21392 | SECUNIA:21501 | URL:http://secunia.com/advisories/21501 | SECUNIA:21537 | URL:http://secunia.com/advisories/21537 | SECUNIA:21598 | URL:http://secunia.com/advisories/21598 | SECUNIA:21632 | URL:http://secunia.com/advisories/21632 | SECUNIA:22036 | URL:http://secunia.com/advisories/22036 | SECUNIA:27181 | URL:http://secunia.com/advisories/27181 | SECUNIA:27222 | URL:http://secunia.com/advisories/27222 | SECUNIA:27832 | URL:http://secunia.com/advisories/27832 | SGI:20060801-01-P | URL:ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P | SGI:20060901-01-P | URL:ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc | SLACKWARE:SSA:2006-230-01 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.536600 | SUNALERT:103160 | URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1 | SUNALERT:201331 | URL:http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1 | SUSE:SUSE-SA:2006:044 | URL:http://www.novell.com/linux/security/advisories/2006_44_libtiff.html | TRUSTIX:2006-0044 | URL:http://lwn.net/Alerts/194228/ | UBUNTU:USN-330-1 | URL:http://www.ubuntu.com/usn/usn-330-1 | VUPEN:ADV-2006-3101 | URL:http://www.vupen.com/english/advisories/2006/3101 | VUPEN:ADV-2006-3105 | URL:http://www.vupen.com/english/advisories/2006/3105 | VUPEN:ADV-2007-3486 | URL:http://www.vupen.com/english/advisories/2007/3486 | VUPEN:ADV-2007-4034 | URL:http://www.vupen.com/english/advisories/2007/4034",Assigned (20060710),"None (candidate not yet proposed)","" CVE-2006-3462,Candidate,"Heap-based buffer overflow in the NeXT RLE decoder in the TIFF library (libtiff) before 3.8.2 might allow context-dependent attackers to execute arbitrary code via unknown vectors involving decoding large RLE images.","APPLE:APPLE-SA-2006-08-01 | URL:http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html | BID:19282 | URL:http://www.securityfocus.com/bid/19282 | BID:19289 | URL:http://www.securityfocus.com/bid/19289 | CERT:TA06-214A | URL:http://www.us-cert.gov/cas/techalerts/TA06-214A.html | CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm | CONFIRM:https://issues.rpath.com/browse/RPL-558 | DEBIAN:DSA-1137 | URL:http://www.debian.org/security/2006/dsa-1137 | GENTOO:GLSA-200608-07 | URL:http://www.gentoo.org/security/en/glsa/glsa-200608-07.xml | MANDRIVA:MDKSA-2006:136 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:136 | MANDRIVA:MDKSA-2006:137 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:137 | MISC:http://docs.info.apple.com/article.html?artnum=304063 | OSVDB:27726 | URL:http://www.osvdb.org/27726 | OVAL:oval:org.mitre.oval:def:11301 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11301 | REDHAT:RHSA-2006:0603 | URL:http://www.redhat.com/support/errata/RHSA-2006-0603.html | REDHAT:RHSA-2006:0648 | URL:http://www.redhat.com/support/errata/RHSA-2006-0648.html | SECTRACK:1016628 | URL:http://securitytracker.com/id?1016628 | SECTRACK:1016671 | URL:http://securitytracker.com/id?1016671 | SECUNIA:21253 | URL:http://secunia.com/advisories/21253 | SECUNIA:21274 | URL:http://secunia.com/advisories/21274 | SECUNIA:21290 | URL:http://secunia.com/advisories/21290 | SECUNIA:21304 | URL:http://secunia.com/advisories/21304 | SECUNIA:21319 | URL:http://secunia.com/advisories/21319 | SECUNIA:21334 | URL:http://secunia.com/advisories/21334 | SECUNIA:21338 | URL:http://secunia.com/advisories/21338 | SECUNIA:21346 | URL:http://secunia.com/advisories/21346 | SECUNIA:21370 | URL:http://secunia.com/advisories/21370 | SECUNIA:21392 | URL:http://secunia.com/advisories/21392 | SECUNIA:21501 | URL:http://secunia.com/advisories/21501 | SECUNIA:21537 | URL:http://secunia.com/advisories/21537 | SECUNIA:21598 | URL:http://secunia.com/advisories/21598 | SECUNIA:21632 | URL:http://secunia.com/advisories/21632 | SECUNIA:22036 | URL:http://secunia.com/advisories/22036 | SECUNIA:27181 | URL:http://secunia.com/advisories/27181 | SECUNIA:27222 | URL:http://secunia.com/advisories/27222 | SECUNIA:27832 | URL:http://secunia.com/advisories/27832 | SGI:20060801-01-P | URL:ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P | SGI:20060901-01-P | URL:ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc | SLACKWARE:SSA:2006-230-01 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.536600 | SUNALERT:103160 | URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1 | SUNALERT:201331 | URL:http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1 | SUSE:SUSE-SA:2006:044 | URL:http://www.novell.com/linux/security/advisories/2006_44_libtiff.html | TRUSTIX:2006-0044 | URL:http://lwn.net/Alerts/194228/ | UBUNTU:USN-330-1 | URL:http://www.ubuntu.com/usn/usn-330-1 | VUPEN:ADV-2006-3101 | URL:http://www.vupen.com/english/advisories/2006/3101 | VUPEN:ADV-2006-3105 | URL:http://www.vupen.com/english/advisories/2006/3105 | VUPEN:ADV-2007-3486 | URL:http://www.vupen.com/english/advisories/2007/3486 | VUPEN:ADV-2007-4034 | URL:http://www.vupen.com/english/advisories/2007/4034",Assigned (20060710),"None (candidate not yet proposed)","" CVE-2006-3463,Candidate,"The EstimateStripByteCounts function in TIFF library (libtiff) before 3.8.2 uses a 16-bit unsigned short when iterating over an unsigned 32-bit value, which allows context-dependent attackers to cause a denial of service via a large td_nstrips value, which triggers an infinite loop.","BID:19284 | URL:http://www.securityfocus.com/bid/19284 | CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm | CONFIRM:https://issues.rpath.com/browse/RPL-558 | DEBIAN:DSA-1137 | URL:http://www.debian.org/security/2006/dsa-1137 | GENTOO:GLSA-200608-07 | URL:http://www.gentoo.org/security/en/glsa/glsa-200608-07.xml | MANDRIVA:MDKSA-2006:136 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:136 | MANDRIVA:MDKSA-2006:137 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:137 | OVAL:oval:org.mitre.oval:def:10639 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10639 | REDHAT:RHSA-2006:0603 | URL:http://www.redhat.com/support/errata/RHSA-2006-0603.html | REDHAT:RHSA-2006:0648 | URL:http://www.redhat.com/support/errata/RHSA-2006-0648.html | SECTRACK:1016628 | URL:http://securitytracker.com/id?1016628 | SECUNIA:21274 | URL:http://secunia.com/advisories/21274 | SECUNIA:21290 | URL:http://secunia.com/advisories/21290 | SECUNIA:21304 | URL:http://secunia.com/advisories/21304 | SECUNIA:21319 | URL:http://secunia.com/advisories/21319 | SECUNIA:21334 | URL:http://secunia.com/advisories/21334 | SECUNIA:21338 | URL:http://secunia.com/advisories/21338 | SECUNIA:21346 | URL:http://secunia.com/advisories/21346 | SECUNIA:21370 | URL:http://secunia.com/advisories/21370 | SECUNIA:21392 | URL:http://secunia.com/advisories/21392 | SECUNIA:21501 | URL:http://secunia.com/advisories/21501 | SECUNIA:21537 | URL:http://secunia.com/advisories/21537 | SECUNIA:21598 | URL:http://secunia.com/advisories/21598 | SECUNIA:21632 | URL:http://secunia.com/advisories/21632 | SECUNIA:22036 | URL:http://secunia.com/advisories/22036 | SECUNIA:27181 | URL:http://secunia.com/advisories/27181 | SECUNIA:27222 | URL:http://secunia.com/advisories/27222 | SECUNIA:27832 | URL:http://secunia.com/advisories/27832 | SGI:20060801-01-P | URL:ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P | SGI:20060901-01-P | URL:ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc | SLACKWARE:SSA:2006-230-01 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.536600 | SUNALERT:103160 | URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1 | SUNALERT:201331 | URL:http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1 | SUSE:SUSE-SA:2006:044 | URL:http://www.novell.com/linux/security/advisories/2006_44_libtiff.html | TRUSTIX:2006-0044 | URL:http://lwn.net/Alerts/194228/ | UBUNTU:USN-330-1 | URL:http://www.ubuntu.com/usn/usn-330-1 | VUPEN:ADV-2006-3105 | URL:http://www.vupen.com/english/advisories/2006/3105 | VUPEN:ADV-2007-3486 | URL:http://www.vupen.com/english/advisories/2007/3486 | VUPEN:ADV-2007-4034 | URL:http://www.vupen.com/english/advisories/2007/4034",Assigned (20060710),"None (candidate not yet proposed)","" CVE-2006-3464,Candidate,"TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to pass numeric range checks and possibly execute code, and trigger assert errors, via large offset values in a TIFF directory that lead to an integer overflow and other unspecified vectors involving ""unchecked arithmetic operations"".","BID:19286 | URL:http://www.securityfocus.com/bid/19286 | CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm | CONFIRM:https://issues.rpath.com/browse/RPL-558 | DEBIAN:DSA-1137 | URL:http://www.debian.org/security/2006/dsa-1137 | GENTOO:GLSA-200608-07 | URL:http://www.gentoo.org/security/en/glsa/glsa-200608-07.xml | MANDRIVA:MDKSA-2006:136 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:136 | MANDRIVA:MDKSA-2006:137 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:137 | OVAL:oval:org.mitre.oval:def:10916 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10916 | REDHAT:RHSA-2006:0603 | URL:http://www.redhat.com/support/errata/RHSA-2006-0603.html | REDHAT:RHSA-2006:0648 | URL:http://www.redhat.com/support/errata/RHSA-2006-0648.html | SECTRACK:1016628 | URL:http://securitytracker.com/id?1016628 | SECUNIA:21274 | URL:http://secunia.com/advisories/21274 | SECUNIA:21290 | URL:http://secunia.com/advisories/21290 | SECUNIA:21304 | URL:http://secunia.com/advisories/21304 | SECUNIA:21319 | URL:http://secunia.com/advisories/21319 | SECUNIA:21334 | URL:http://secunia.com/advisories/21334 | SECUNIA:21338 | URL:http://secunia.com/advisories/21338 | SECUNIA:21346 | URL:http://secunia.com/advisories/21346 | SECUNIA:21370 | URL:http://secunia.com/advisories/21370 | SECUNIA:21392 | URL:http://secunia.com/advisories/21392 | SECUNIA:21501 | URL:http://secunia.com/advisories/21501 | SECUNIA:21537 | URL:http://secunia.com/advisories/21537 | SECUNIA:21598 | URL:http://secunia.com/advisories/21598 | SECUNIA:21632 | URL:http://secunia.com/advisories/21632 | SECUNIA:22036 | URL:http://secunia.com/advisories/22036 | SECUNIA:27832 | URL:http://secunia.com/advisories/27832 | SGI:20060801-01-P | URL:ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P | SGI:20060901-01-P | URL:ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc | SLACKWARE:SSA:2006-230-01 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.536600 | SUNALERT:103160 | URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1 | SUNALERT:201331 | URL:http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1 | SUSE:SUSE-SA:2006:044 | URL:http://www.novell.com/linux/security/advisories/2006_44_libtiff.html | TRUSTIX:2006-0044 | URL:http://lwn.net/Alerts/194228/ | UBUNTU:USN-330-1 | URL:http://www.ubuntu.com/usn/usn-330-1 | VUPEN:ADV-2006-3105 | URL:http://www.vupen.com/english/advisories/2006/3105 | VUPEN:ADV-2007-4034 | URL:http://www.vupen.com/english/advisories/2007/4034",Assigned (20060710),"None (candidate not yet proposed)","" CVE-2006-3465,Candidate,"Unspecified vulnerability in the custom tag support for the TIFF library (libtiff) before 3.8.2 allows remote attackers to cause a denial of service (instability or crash) and execute arbitrary code via unknown vectors.","APPLE:APPLE-SA-2006-08-01 | URL:http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html | BID:19287 | URL:http://www.securityfocus.com/bid/19287 | BID:19289 | URL:http://www.securityfocus.com/bid/19289 | CERT:TA06-214A | URL:http://www.us-cert.gov/cas/techalerts/TA06-214A.html | CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm | CONFIRM:https://issues.rpath.com/browse/RPL-558 | DEBIAN:DSA-1137 | URL:http://www.debian.org/security/2006/dsa-1137 | GENTOO:GLSA-200608-07 | URL:http://www.gentoo.org/security/en/glsa/glsa-200608-07.xml | MANDRIVA:MDKSA-2006:137 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:137 | MISC:http://docs.info.apple.com/article.html?artnum=304063 | OSVDB:27729 | URL:http://www.osvdb.org/27729 | OVAL:oval:org.mitre.oval:def:9067 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9067 | REDHAT:RHSA-2006:0603 | URL:http://www.redhat.com/support/errata/RHSA-2006-0603.html | REDHAT:RHSA-2006:0648 | URL:http://www.redhat.com/support/errata/RHSA-2006-0648.html | SECTRACK:1016628 | URL:http://securitytracker.com/id?1016628 | SECTRACK:1016671 | URL:http://securitytracker.com/id?1016671 | SECUNIA:21253 | URL:http://secunia.com/advisories/21253 | SECUNIA:21274 | URL:http://secunia.com/advisories/21274 | SECUNIA:21290 | URL:http://secunia.com/advisories/21290 | SECUNIA:21304 | URL:http://secunia.com/advisories/21304 | SECUNIA:21319 | URL:http://secunia.com/advisories/21319 | SECUNIA:21334 | URL:http://secunia.com/advisories/21334 | SECUNIA:21338 | URL:http://secunia.com/advisories/21338 | SECUNIA:21346 | URL:http://secunia.com/advisories/21346 | SECUNIA:21370 | URL:http://secunia.com/advisories/21370 | SECUNIA:21392 | URL:http://secunia.com/advisories/21392 | SECUNIA:21501 | URL:http://secunia.com/advisories/21501 | SECUNIA:21537 | URL:http://secunia.com/advisories/21537 | SECUNIA:21598 | URL:http://secunia.com/advisories/21598 | SECUNIA:21632 | URL:http://secunia.com/advisories/21632 | SECUNIA:22036 | URL:http://secunia.com/advisories/22036 | SECUNIA:27832 | URL:http://secunia.com/advisories/27832 | SGI:20060801-01-P | URL:ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P | SGI:20060901-01-P | URL:ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc | SLACKWARE:SSA:2006-230-01 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.536600 | SUNALERT:103160 | URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1 | SUNALERT:201331 | URL:http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1 | SUSE:SUSE-SA:2006:044 | URL:http://www.novell.com/linux/security/advisories/2006_44_libtiff.html | TRUSTIX:2006-0044 | URL:http://lwn.net/Alerts/194228/ | UBUNTU:USN-330-1 | URL:http://www.ubuntu.com/usn/usn-330-1 | VUPEN:ADV-2006-3101 | URL:http://www.vupen.com/english/advisories/2006/3101 | VUPEN:ADV-2006-3105 | URL:http://www.vupen.com/english/advisories/2006/3105 | VUPEN:ADV-2007-4034 | URL:http://www.vupen.com/english/advisories/2007/4034",Assigned (20060710),"None (candidate not yet proposed)","" CVE-2006-4507,Candidate,"Unspecified vulnerability in the TIFF viewer (possibly libTIFF) in the Photo Viewer in the Sony PlaystationPortable (PSP) 2.00 through 2.80 allows local users to execute arbitrary code via crafted TIFF images. NOTE: due to lack of details, it is not clear whether this is related to other issues such as CVE-2006-3464 or CVE-2006-3465.","MISC:http://noobz.eu/content/home.html#280806 | SECUNIA:21672 | URL:http://secunia.com/advisories/21672 | VUPEN:ADV-2006-3419 | URL:http://www.vupen.com/english/advisories/2006/3419 | XF:sonypsp-tiff-code-execution(28689) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/28689",Assigned (20060831),"None (candidate not yet proposed)","" CVE-2008-0960,Candidate,"SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte.","APPLE:APPLE-SA-2008-06-30 | URL:http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html | BID:29623 | URL:http://www.securityfocus.com/bid/29623 | BUGTRAQ:20080609 [oCERT-2008-006] multiple SNMP implementations HMAC authentication spoofing | URL:http://www.securityfocus.com/archive/1/493218/100/0/threaded | BUGTRAQ:20081031 VMSA-2008-0017 Updated ESX packages for libxml2, ucd-snmp, libtiff | URL:http://www.securityfocus.com/archive/1/497962/100/0/threaded | CERT:TA08-162A | URL:http://www.us-cert.gov/cas/techalerts/TA08-162A.html | CERT-VN:VU#878044 | URL:http://www.kb.cert.org/vuls/id/878044 | CISCO:20080610 SNMP Version 3 Authentication Vulnerabilities | URL:http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml | CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=833770 | CONFIRM:http://sourceforge.net/tracker/index.php?func=detail&aid=1989089&group_id=12694&atid=456380 | CONFIRM:http://support.apple.com/kb/HT2163 | CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2008-282.htm | CONFIRM:http://www.kb.cert.org/vuls/id/CTAR-7FBS8Q | CONFIRM:http://www.kb.cert.org/vuls/id/MIMG-7ETS5Z | CONFIRM:http://www.kb.cert.org/vuls/id/MIMG-7ETS87 | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2008-0013.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=447974 | DEBIAN:DSA-1663 | URL:http://www.debian.org/security/2008/dsa-1663 | EXPLOIT-DB:5790 | URL:https://www.exploit-db.com/exploits/5790 | FEDORA:FEDORA-2008-5215 | URL:https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00363.html | FEDORA:FEDORA-2008-5218 | URL:https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00459.html | FEDORA:FEDORA-2008-5224 | URL:https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00380.html | GENTOO:GLSA-200808-02 | URL:http://security.gentoo.org/glsa/glsa-200808-02.xml | HP:HPSBMA02439 | URL:http://marc.info/?l=bugtraq&m=127730470825399&w=2 | HP:SSRT080082 | URL:http://marc.info/?l=bugtraq&m=127730470825399&w=2 | MANDRIVA:MDVSA-2008:118 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:118 | MISC:http://www.ocert.org/advisories/ocert-2008-006.html | MISC:http://www.vmware.com/security/advisories/VMSA-2008-0017.html | MLIST:[oss-security] 20080609 [oCERT-2008-006] multiple SNMP implementations HMAC authentication spoofing | URL:http://www.openwall.com/lists/oss-security/2008/06/09/1 | MLIST:[productinfo] 20080611 Ingate Firewall and SIParator affected by SNMPv3 vulnerability | URL:http://lists.ingate.com/pipermail/productinfo/2008/000021.html | OVAL:oval:org.mitre.oval:def:10820 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10820 | OVAL:oval:org.mitre.oval:def:5785 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5785 | OVAL:oval:org.mitre.oval:def:6414 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6414 | REDHAT:RHSA-2008:0528 | URL:http://rhn.redhat.com/errata/RHSA-2008-0528.html | REDHAT:RHSA-2008:0529 | URL:http://www.redhat.com/support/errata/RHSA-2008-0529.html | SECTRACK:1020218 | URL:http://www.securitytracker.com/id?1020218 | SECUNIA:30574 | URL:http://secunia.com/advisories/30574 | SECUNIA:30596 | URL:http://secunia.com/advisories/30596 | SECUNIA:30612 | URL:http://secunia.com/advisories/30612 | SECUNIA:30615 | URL:http://secunia.com/advisories/30615 | SECUNIA:30626 | URL:http://secunia.com/advisories/30626 | SECUNIA:30647 | URL:http://secunia.com/advisories/30647 | SECUNIA:30648 | URL:http://secunia.com/advisories/30648 | SECUNIA:30665 | URL:http://secunia.com/advisories/30665 | SECUNIA:30802 | URL:http://secunia.com/advisories/30802 | SECUNIA:31334 | URL:http://secunia.com/advisories/31334 | SECUNIA:31351 | URL:http://secunia.com/advisories/31351 | SECUNIA:31467 | URL:http://secunia.com/advisories/31467 | SECUNIA:31568 | URL:http://secunia.com/advisories/31568 | SECUNIA:32664 | URL:http://secunia.com/advisories/32664 | SECUNIA:33003 | URL:http://secunia.com/advisories/33003 | SECUNIA:35463 | URL:http://secunia.com/advisories/35463 | SREASON:3933 | URL:http://securityreason.com/securityalert/3933 | SUNALERT:238865 | URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-238865-1 | SUSE:SUSE-SA:2008:039 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00000.html | UBUNTU:USN-685-1 | URL:http://www.ubuntu.com/usn/usn-685-1 | VUPEN:ADV-2008-1787 | URL:http://www.vupen.com/english/advisories/2008/1787/references | VUPEN:ADV-2008-1788 | URL:http://www.vupen.com/english/advisories/2008/1788/references | VUPEN:ADV-2008-1797 | URL:http://www.vupen.com/english/advisories/2008/1797/references | VUPEN:ADV-2008-1800 | URL:http://www.vupen.com/english/advisories/2008/1800/references | VUPEN:ADV-2008-1801 | URL:http://www.vupen.com/english/advisories/2008/1801/references | VUPEN:ADV-2008-1836 | URL:http://www.vupen.com/english/advisories/2008/1836/references | VUPEN:ADV-2008-1981 | URL:http://www.vupen.com/english/advisories/2008/1981/references | VUPEN:ADV-2008-2361 | URL:http://www.vupen.com/english/advisories/2008/2361 | VUPEN:ADV-2008-2971 | URL:http://www.vupen.com/english/advisories/2008/2971 | VUPEN:ADV-2009-1612 | URL:http://www.vupen.com/english/advisories/2009/1612",Assigned (20080225),"None (candidate not yet proposed)","" CVE-2008-2327,Candidate,"Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat, and (3) LZWDecodeVector functions in tif_lzw.c in the LZW decoder in LibTIFF 3.8.2 and earlier allow context-dependent attackers to execute arbitrary code via a crafted TIFF file, related to improper handling of the CODE_CLEAR code.","APPLE:APPLE-SA-2008-09-15 | URL:http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html | APPLE:APPLE-SA-2008-11-13 | URL:http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html | APPLE:APPLE-SA-2008-11-20 | URL:http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html | BID:30832 | URL:http://www.securityfocus.com/bid/30832 | BUGTRAQ:20080905 rPSA-2008-0268-1 libtiff | URL:http://www.securityfocus.com/archive/1/496033/100/0/threaded | BUGTRAQ:20081031 VMSA-2008-0017 Updated ESX packages for libxml2, ucd-snmp, libtiff | URL:http://www.securityfocus.com/archive/1/497962/100/0/threaded | CERT:TA08-260A | URL:http://www.us-cert.gov/cas/techalerts/TA08-260A.html | CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=234080 | CONFIRM:http://security-tracker.debian.net/tracker/CVE-2008-2327 | CONFIRM:http://security-tracker.debian.net/tracker/DSA-1632-1 | CONFIRM:http://security-tracker.debian.net/tracker/DTSA-160-1 | CONFIRM:http://support.apple.com/kb/HT3276 | CONFIRM:http://support.apple.com/kb/HT3298 | CONFIRM:http://support.apple.com/kb/HT3318 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=458674 | DEBIAN:DSA-1632 | URL:http://www.debian.org/security/2008/dsa-1632 | FEDORA:FEDORA-2008-7370 | URL:https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00102.html | FEDORA:FEDORA-2008-7388 | URL:https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00121.html | GENTOO:GLSA-200809-07 | URL:http://security.gentoo.org/glsa/glsa-200809-07.xml | MANDRIVA:MDVSA-2008:184 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:184 | MISC:http://www.vmware.com/security/advisories/VMSA-2008-0017.html | OVAL:oval:org.mitre.oval:def:11489 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11489 | OVAL:oval:org.mitre.oval:def:5514 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5514 | REDHAT:RHSA-2008:0847 | URL:http://www.redhat.com/support/errata/RHSA-2008-0847.html | REDHAT:RHSA-2008:0848 | URL:http://www.redhat.com/support/errata/RHSA-2008-0848.html | REDHAT:RHSA-2008:0863 | URL:http://www.redhat.com/support/errata/RHSA-2008-0863.html | SECTRACK:1020750 | URL:http://www.securitytracker.com/id?1020750 | SECUNIA:31610 | URL:http://secunia.com/advisories/31610 | SECUNIA:31623 | URL:http://secunia.com/advisories/31623 | SECUNIA:31668 | URL:http://secunia.com/advisories/31668 | SECUNIA:31670 | URL:http://secunia.com/advisories/31670 | SECUNIA:31698 | URL:http://secunia.com/advisories/31698 | SECUNIA:31838 | URL:http://secunia.com/advisories/31838 | SECUNIA:31882 | URL:http://secunia.com/advisories/31882 | SECUNIA:31982 | URL:http://secunia.com/advisories/31982 | SECUNIA:32706 | URL:http://secunia.com/advisories/32706 | SECUNIA:32756 | URL:http://secunia.com/advisories/32756 | SUNALERT:265030 | URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-265030-1 | SUSE:SUSE-SR:2008:018 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html | UBUNTU:USN-639-1 | URL:http://www.ubuntu.com/usn/usn-639-1 | VUPEN:ADV-2008-2438 | URL:http://www.vupen.com/english/advisories/2008/2438 | VUPEN:ADV-2008-2584 | URL:http://www.vupen.com/english/advisories/2008/2584 | VUPEN:ADV-2008-2776 | URL:http://www.vupen.com/english/advisories/2008/2776 | VUPEN:ADV-2008-2971 | URL:http://www.vupen.com/english/advisories/2008/2971 | VUPEN:ADV-2008-3107 | URL:http://www.vupen.com/english/advisories/2008/3107 | VUPEN:ADV-2008-3232 | URL:http://www.vupen.com/english/advisories/2008/3232 | VUPEN:ADV-2009-2143 | URL:http://www.vupen.com/english/advisories/2009/2143",Assigned (20080518),"None (candidate not yet proposed)","" CVE-2008-3281,Candidate,"libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document.","APPLE:APPLE-SA-2009-06-08-1 | URL:http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html | APPLE:APPLE-SA-2009-06-17-1 | URL:http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html | BID:30783 | URL:http://www.securityfocus.com/bid/30783 | BUGTRAQ:20081031 VMSA-2008-0017 Updated ESX packages for libxml2, ucd-snmp, libtiff | URL:http://www.securityfocus.com/archive/1/497962/100/0/threaded | CONFIRM:http://support.apple.com/kb/HT3613 | CONFIRM:http://support.apple.com/kb/HT3639 | CONFIRM:http://svn.gnome.org/viewvc/libxml2?view=revision&revision=3772 | CONFIRM:http://wiki.rpath.com/Advisories:rPSA-2008-0325 | CONFIRM:http://xmlsoft.org/news.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=458086 | DEBIAN:DSA-1631 | URL:http://www.debian.org/security/2008/dsa-1631 | FEDORA:FEDORA-2008-7395 | URL:https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00347.html | FEDORA:FEDORA-2008-7594 | URL:https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00261.html | GENTOO:GLSA-200812-06 | URL:http://security.gentoo.org/glsa/glsa-200812-06.xml | MANDRIVA:MDVSA-2008:180 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:180 | MANDRIVA:MDVSA-2008:192 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:192 | MISC:http://www.vmware.com/security/advisories/VMSA-2008-0017.html | MLIST:[Security-announce] 20081030 VMSA-2008-0017 Updated ESX packages for libxml2, ucd-snmp, libtiff | URL:http://lists.vmware.com/pipermail/security-announce/2008/000039.html | MLIST:[xml] 20080820 Security fix for libxml2 | URL:http://mail.gnome.org/archives/xml/2008-August/msg00034.html | OVAL:oval:org.mitre.oval:def:6496 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6496 | OVAL:oval:org.mitre.oval:def:9812 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9812 | REDHAT:RHSA-2008:0836 | URL:https://rhn.redhat.com/errata/RHSA-2008-0836.html | SECTRACK:1020728 | URL:http://www.securitytracker.com/id?1020728 | SECUNIA:31558 | URL:http://secunia.com/advisories/31558 | SECUNIA:31566 | URL:http://secunia.com/advisories/31566 | SECUNIA:31590 | URL:http://secunia.com/advisories/31590 | SECUNIA:31728 | URL:http://secunia.com/advisories/31728 | SECUNIA:31748 | URL:http://secunia.com/advisories/31748 | SECUNIA:31855 | URL:http://secunia.com/advisories/31855 | SECUNIA:31982 | URL:http://secunia.com/advisories/31982 | SECUNIA:32488 | URL:http://secunia.com/advisories/32488 | SECUNIA:32807 | URL:http://secunia.com/advisories/32807 | SECUNIA:32974 | URL:http://secunia.com/advisories/32974 | SECUNIA:35379 | URL:http://secunia.com/advisories/35379 | SUSE:SUSE-SR:2008:018 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html | UBUNTU:USN-640-1 | URL:http://www.ubuntu.com/usn/usn-640-1 | UBUNTU:USN-644-1 | URL:https://usn.ubuntu.com/644-1/ | VUPEN:ADV-2008-2419 | URL:http://www.vupen.com/english/advisories/2008/2419 | VUPEN:ADV-2008-2843 | URL:http://www.vupen.com/english/advisories/2008/2843 | VUPEN:ADV-2008-2971 | URL:http://www.vupen.com/english/advisories/2008/2971 | VUPEN:ADV-2009-1522 | URL:http://www.vupen.com/english/advisories/2009/1522 | VUPEN:ADV-2009-1621 | URL:http://www.vupen.com/english/advisories/2009/1621",Assigned (20080724),"None (candidate not yet proposed)","" CVE-2009-2285,Candidate,"Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327.","APPLE:APPLE-SA-2009-11-09-1 | URL:http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html | APPLE:APPLE-SA-2010-01-19-1 | URL:http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html | APPLE:APPLE-SA-2010-02-02-1 | URL:http://lists.apple.com/archives/security-announce/2010/Feb/msg00000.html | APPLE:APPLE-SA-2010-03-11-1 | URL:http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html | APPLE:APPLE-SA-2010-03-30-2 | URL:http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html | CONFIRM:http://bugzilla.maptools.org/show_bug.cgi?id=2065 | CONFIRM:http://support.apple.com/kb/HT3937 | CONFIRM:http://support.apple.com/kb/HT4004 | CONFIRM:http://support.apple.com/kb/HT4013 | CONFIRM:http://support.apple.com/kb/HT4070 | CONFIRM:http://support.apple.com/kb/HT4105 | CONFIRM:https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/380149 | DEBIAN:DSA-1835 | URL:http://www.debian.org/security/2009/dsa-1835 | FEDORA:FEDORA-2009-7335 | URL:https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00142.html | FEDORA:FEDORA-2009-7358 | URL:https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00161.html | FEDORA:FEDORA-2009-7417 | URL:https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00230.html | FEDORA:FEDORA-2009-7717 | URL:https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00655.html | FEDORA:FEDORA-2009-7763 | URL:https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00714.html | GENTOO:GLSA-200908-03 | URL:http://security.gentoo.org/glsa/glsa-200908-03.xml | MISC:http://www.lan.st/showthread.php?t=1856&page=3 | MLIST:[oss-security] 20090621 libtiff buffer underflow in LZWDecodeCompat | URL:http://www.openwall.com/lists/oss-security/2009/06/22/1 | MLIST:[oss-security] 20090623 Re: libtiff buffer underflow in LZWDecodeCompat | URL:http://www.openwall.com/lists/oss-security/2009/06/23/1 | MLIST:[oss-security] 20090629 CVE Request -- libtiff [was: Re: libtiff buffer underflow in LZWDecodeCompat] | URL:http://www.openwall.com/lists/oss-security/2009/06/29/5 | OVAL:oval:org.mitre.oval:def:10145 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10145 | OVAL:oval:org.mitre.oval:def:7049 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7049 | REDHAT:RHSA-2009:1159 | URL:http://www.redhat.com/support/errata/RHSA-2009-1159.html | SECUNIA:35695 | URL:http://secunia.com/advisories/35695 | SECUNIA:35716 | URL:http://secunia.com/advisories/35716 | SECUNIA:35866 | URL:http://secunia.com/advisories/35866 | SECUNIA:35883 | URL:http://secunia.com/advisories/35883 | SECUNIA:35912 | URL:http://secunia.com/advisories/35912 | SECUNIA:36194 | URL:http://secunia.com/advisories/36194 | SECUNIA:36831 | URL:http://secunia.com/advisories/36831 | SECUNIA:38241 | URL:http://secunia.com/advisories/38241 | SECUNIA:39135 | URL:http://secunia.com/advisories/39135 | SUNALERT:267808 | URL:http://sunsolve.sun.com/search/document.do?assetkey=1-66-267808-1 | UBUNTU:USN-797-1 | URL:https://usn.ubuntu.com/797-1/ | VUPEN:ADV-2009-1637 | URL:http://www.vupen.com/english/advisories/2009/1637 | VUPEN:ADV-2009-2727 | URL:http://www.vupen.com/english/advisories/2009/2727 | VUPEN:ADV-2009-3184 | URL:http://www.vupen.com/english/advisories/2009/3184 | VUPEN:ADV-2010-0173 | URL:http://www.vupen.com/english/advisories/2010/0173",Assigned (20090701),"None (candidate not yet proposed)","" CVE-2009-2347,Candidate,"Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr.","BID:35652 | URL:http://www.securityfocus.com/bid/35652 | BUGTRAQ:20090713 [oCERT-2009-012] libtiff tools integer overflows | URL:http://www.securityfocus.com/archive/1/504892/100/0/threaded | CONFIRM:http://article.gmane.org/gmane.linux.debian.devel.changes.unstable/178563/ | CONFIRM:http://bugzilla.maptools.org/show_bug.cgi?id=2079 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2347 | DEBIAN:DSA-1835 | URL:http://www.debian.org/security/2009/dsa-1835 | FEDORA:FEDORA-2009-7724 | URL:https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00663.html | FEDORA:FEDORA-2009-7775 | URL:https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00724.html | GENTOO:GLSA-200908-03 | URL:http://security.gentoo.org/glsa/glsa-200908-03.xml | GENTOO:GLSA-201209-02 | URL:http://security.gentoo.org/glsa/glsa-201209-02.xml | MANDRIVA:MDVSA-2009:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:150 | MANDRIVA:MDVSA-2011:043 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:043 | MISC:http://www.ocert.org/advisories/ocert-2009-012.html | OSVDB:55821 | URL:http://osvdb.org/55821 | OSVDB:55822 | URL:http://osvdb.org/55822 | OVAL:oval:org.mitre.oval:def:10988 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10988 | REDHAT:RHSA-2009:1159 | URL:http://www.redhat.com/support/errata/RHSA-2009-1159.html | SECTRACK:1022539 | URL:http://www.securitytracker.com/id?1022539 | SECUNIA:35811 | URL:http://secunia.com/advisories/35811 | SECUNIA:35817 | URL:http://secunia.com/advisories/35817 | SECUNIA:35866 | URL:http://secunia.com/advisories/35866 | SECUNIA:35883 | URL:http://secunia.com/advisories/35883 | SECUNIA:35911 | URL:http://secunia.com/advisories/35911 | SECUNIA:36194 | URL:http://secunia.com/advisories/36194 | SECUNIA:50726 | URL:http://secunia.com/advisories/50726 | UBUNTU:USN-801-1 | URL:http://www.ubuntu.com/usn/USN-801-1 | VUPEN:ADV-2009-1870 | URL:http://www.vupen.com/english/advisories/2009/1870 | VUPEN:ADV-2011-0621 | URL:http://www.vupen.com/english/advisories/2011/0621 | XF:libtiff-rgb2ycbcr-tiff2rgba-bo(51688) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/51688",Assigned (20090707),"None (candidate not yet proposed)","" CVE-2009-5022,Candidate,"Heap-based buffer overflow in tif_ojpeg.c in the OJPEG decoder in LibTIFF before 3.9.5 allows remote attackers to execute arbitrary code via a crafted TIFF file.","BID:47338 | URL:http://www.securityfocus.com/bid/47338 | CONFIRM:http://bugzilla.maptools.org/show_bug.cgi?id=1999 | CONFIRM:http://www.remotesensing.org/libtiff/v3.9.5.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=695885 | DEBIAN:DSA-2256 | URL:http://www.debian.org/security/2011/dsa-2256 | FEDORA:FEDORA-2011-5304 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058478.html | GENTOO:GLSA-201209-02 | URL:http://security.gentoo.org/glsa/glsa-201209-02.xml | MANDRIVA:MDVSA-2011:078 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:078 | MLIST:[oss-security] 20110412 libtiff CVE assignments | URL:http://openwall.com/lists/oss-security/2011/04/12/10 | REDHAT:RHSA-2011:0452 | URL:http://www.redhat.com/support/errata/RHSA-2011-0452.html | SECTRACK:1025380 | URL:http://securitytracker.com/id?1025380 | SECUNIA:44271 | URL:http://secunia.com/advisories/44271 | SECUNIA:50726 | URL:http://secunia.com/advisories/50726 | UBUNTU:USN-1120-1 | URL:http://www.ubuntu.com/usn/USN-1120-1 | VUPEN:ADV-2011-1014 | URL:http://www.vupen.com/english/advisories/2011/1014 | VUPEN:ADV-2011-1082 | URL:http://www.vupen.com/english/advisories/2011/1082 | XF:libtiff-ojpeg-bo(66774) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/66774",Assigned (20101209),"None (candidate not yet proposed)","" CVE-2010-1411,Candidate,"Multiple integer overflows in the Fax3SetupState function in tif_fax3.c in the FAX3 decoder in LibTIFF before 3.9.3, as used in ImageIO in Apple Mac OS X 10.5.8 and Mac OS X 10.6 before 10.6.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF file that triggers a heap-based buffer overflow.","APPLE:APPLE-SA-2010-06-15-1 | URL:http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html | APPLE:APPLE-SA-2010-06-16-1 | URL:http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html | BID:40823 | URL:http://www.securityfocus.com/bid/40823 | CONFIRM:http://support.apple.com/kb/HT4188 | CONFIRM:http://support.apple.com/kb/HT4196 | CONFIRM:http://support.apple.com/kb/HT4220 | CONFIRM:http://www.remotesensing.org/libtiff/v3.9.3.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=592361 | FEDORA:FEDORA-2010-10460 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043769.html | FEDORA:FEDORA-2010-10469 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043835.html | GENTOO:GLSA-201209-02 | URL:http://security.gentoo.org/glsa/glsa-201209-02.xml | MLIST:[oss-security] 20100623 CVE requests: LibTIFF | URL:http://marc.info/?l=oss-security&m=127731610612908&w=2 | REDHAT:RHSA-2010:0519 | URL:http://www.redhat.com/support/errata/RHSA-2010-0519.html | REDHAT:RHSA-2010:0520 | URL:http://www.redhat.com/support/errata/RHSA-2010-0520.html | SECTRACK:1024103 | URL:http://securitytracker.com/id?1024103 | SECUNIA:40181 | URL:http://secunia.com/advisories/40181 | SECUNIA:40196 | URL:http://secunia.com/advisories/40196 | SECUNIA:40220 | URL:http://secunia.com/advisories/40220 | SECUNIA:40381 | URL:http://secunia.com/advisories/40381 | SECUNIA:40478 | URL:http://secunia.com/advisories/40478 | SECUNIA:40527 | URL:http://secunia.com/advisories/40527 | SECUNIA:40536 | URL:http://secunia.com/advisories/40536 | SECUNIA:50726 | URL:http://secunia.com/advisories/50726 | SLACKWARE:SSA:2010-180-02 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.596424 | SUSE:SUSE-SR:2010:014 | URL:http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html | UBUNTU:USN-954-1 | URL:http://www.ubuntu.com/usn/USN-954-1 | VUPEN:ADV-2010-1435 | URL:http://www.vupen.com/english/advisories/2010/1435 | VUPEN:ADV-2010-1481 | URL:http://www.vupen.com/english/advisories/2010/1481 | VUPEN:ADV-2010-1512 | URL:http://www.vupen.com/english/advisories/2010/1512 | VUPEN:ADV-2010-1638 | URL:http://www.vupen.com/english/advisories/2010/1638 | VUPEN:ADV-2010-1731 | URL:http://www.vupen.com/english/advisories/2010/1731 | VUPEN:ADV-2010-1761 | URL:http://www.vupen.com/english/advisories/2010/1761",Assigned (20100415),"None (candidate not yet proposed)","" CVE-2010-2065,Candidate,"Integer overflow in the TIFFroundup macro in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF file that triggers a buffer overflow.","CONFIRM:http://blogs.sun.com/security/entry/cve_2010_2065_cve_2010 | CONFIRM:https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/589565 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=601274 | GENTOO:GLSA-201209-02 | URL:http://security.gentoo.org/glsa/glsa-201209-02.xml | MANDRIVA:MDVSA-2011:043 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:043 | MISC:http://www.remotesensing.org/libtiff/v3.9.3.html | MLIST:[oss-security] 20100623 CVE requests: LibTIFF | URL:http://marc.info/?l=oss-security&m=127731610612908&w=2 | SECUNIA:40181 | URL:http://secunia.com/advisories/40181 | SECUNIA:40381 | URL:http://secunia.com/advisories/40381 | SECUNIA:50726 | URL:http://secunia.com/advisories/50726 | SLACKWARE:SSA:2010-180-02 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.596424 | UBUNTU:USN-954-1 | URL:http://www.ubuntu.com/usn/USN-954-1 | VUPEN:ADV-2010-1638 | URL:http://www.vupen.com/english/advisories/2010/1638 | VUPEN:ADV-2011-0204 | URL:http://www.vupen.com/english/advisories/2011/0204 | VUPEN:ADV-2011-0621 | URL:http://www.vupen.com/english/advisories/2011/0621",Assigned (20100525),"None (candidate not yet proposed)","" CVE-2010-2067,Candidate,"Stack-based buffer overflow in the TIFFFetchSubjectDistance function in tif_dirread.c in LibTIFF before 3.9.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long EXIF SubjectDistance field in a TIFF file.","CONFIRM:http://bugzilla.maptools.org/show_bug.cgi?id=2212 | CONFIRM:http://www.remotesensing.org/libtiff/v3.9.4.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=599576 | GENTOO:GLSA-201209-02 | URL:http://security.gentoo.org/glsa/glsa-201209-02.xml | IDEFENSE:20100621 Multiple Vendor LibTIFF 3.9.2 Stack Buffer Overflow Vulnerability | URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=874 | MLIST:[oss-security] 20100623 CVE requests: LibTIFF | URL:http://marc.info/?l=oss-security&m=127731610612908&w=2 | OSVDB:65676 | URL:http://osvdb.org/65676 | SECUNIA:40241 | URL:http://secunia.com/advisories/40241 | SECUNIA:40381 | URL:http://secunia.com/advisories/40381 | SECUNIA:50726 | URL:http://secunia.com/advisories/50726 | SLACKWARE:SSA:2010-180-02 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.596424 | SUSE:SUSE-SR:2010:014 | URL:http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html | UBUNTU:USN-954-1 | URL:http://www.ubuntu.com/usn/USN-954-1 | VUPEN:ADV-2010-1638 | URL:http://www.vupen.com/english/advisories/2010/1638",Assigned (20100525),"None (candidate not yet proposed)","" CVE-2010-2233,Candidate,"tif_getimage.c in LibTIFF 3.9.0 and 3.9.2 on 64-bit platforms, as used in ImageMagick, does not properly perform vertical flips, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF image, related to ""downsampled OJPEG input.""","CONFIRM:http://bugzilla.maptools.org/show_bug.cgi?id=2207 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=583081 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=607198 | GENTOO:GLSA-201209-02 | URL:http://security.gentoo.org/glsa/glsa-201209-02.xml | MISC:http://www.remotesensing.org/libtiff/v3.9.4.html | MLIST:[oss-security] 20100623 CVE requests: LibTIFF | URL:http://marc.info/?l=oss-security&m=127731610612908&w=2 | SECTRACK:1024150 | URL:http://securitytracker.com/id?1024150 | SECUNIA:40422 | URL:http://secunia.com/advisories/40422 | SECUNIA:50726 | URL:http://secunia.com/advisories/50726",Assigned (20100609),"None (candidate not yet proposed)","" CVE-2010-2443,Candidate,"The OJPEGReadBufferFill function in tif_ojpeg.c in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an OJPEG image with undefined strip offsets, related to the TIFFVGetField function.","CONFIRM:http://blogs.sun.com/security/entry/cve_2010_2065_cve_2010 | CONFIRM:http://www.remotesensing.org/libtiff/v3.9.3.html | CONFIRM:https://bugs.launchpad.net/ubuntu/lucid/+source/tiff/+bug/589145 | GENTOO:GLSA-201209-02 | URL:http://security.gentoo.org/glsa/glsa-201209-02.xml | MLIST:[oss-security] 20100624 Re: CVE requests: LibTIFF | URL:http://marc.info/?l=oss-security&m=127736307002102&w=2 | MLIST:[oss-security] 20100629 Re: CVE requests: LibTIFF | URL:http://marc.info/?l=oss-security&m=127781315415896&w=2 | SECUNIA:50726 | URL:http://secunia.com/advisories/50726 | VUPEN:ADV-2011-0204 | URL:http://www.vupen.com/english/advisories/2011/0204",Assigned (20100624),"None (candidate not yet proposed)","" CVE-2010-2481,Candidate,"The TIFFExtractData macro in LibTIFF before 3.9.4 does not properly handle unknown tag types in TIFF directory entries, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF file.","CONFIRM:http://bugzilla.maptools.org/show_bug.cgi?id=2210 | GENTOO:GLSA-201209-02 | URL:http://security.gentoo.org/glsa/glsa-201209-02.xml | MLIST:[oss-security] 20100623 CVE requests: LibTIFF | URL:http://marc.info/?l=oss-security&m=127731610612908&w=2 | MLIST:[oss-security] 20100624 Re: CVE requests: LibTIFF | URL:http://marc.info/?l=oss-security&m=127736307002102&w=2 | MLIST:[oss-security] 20100624 Re: CVE requests: LibTIFF | URL:http://marc.info/?l=oss-security&m=127738540902757&w=2 | MLIST:[oss-security] 20100629 Re: CVE requests: LibTIFF | URL:http://marc.info/?l=oss-security&m=127781315415896&w=2 | MLIST:[oss-security] 20100630 Re: CVE requests: LibTIFF | URL:http://www.openwall.com/lists/oss-security/2010/06/30/22 | MLIST:[oss-security] 20100701 Re: CVE requests: LibTIFF | URL:http://marc.info/?l=oss-security&m=127797353202873&w=2 | REDHAT:RHSA-2010:0519 | URL:http://www.redhat.com/support/errata/RHSA-2010-0519.html | SECUNIA:40527 | URL:http://secunia.com/advisories/40527 | SECUNIA:50726 | URL:http://secunia.com/advisories/50726 | VUPEN:ADV-2010-1761 | URL:http://www.vupen.com/english/advisories/2010/1761",Assigned (20100628),"None (candidate not yet proposed)","" CVE-2010-2482,Candidate,"LibTIFF 3.9.4 and earlier does not properly handle an invalid td_stripbytecount field, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted TIFF file, a different vulnerability than CVE-2010-2443.","CONFIRM:http://bugzilla.maptools.org/show_bug.cgi?id=1996 | CONFIRM:https://bugs.launchpad.net/bugs/597246 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=603024 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=608010 | DEBIAN:DSA-2552 | URL:http://www.debian.org/security/2012/dsa-2552 | GENTOO:GLSA-201209-02 | URL:http://security.gentoo.org/glsa/glsa-201209-02.xml | MLIST:[oss-security] 20100624 Re: CVE requests: LibTIFF | URL:http://marc.info/?l=oss-security&m=127736307002102&w=2 | MLIST:[oss-security] 20100624 Re: CVE requests: LibTIFF | URL:http://marc.info/?l=oss-security&m=127738540902757&w=2 | MLIST:[oss-security] 20100630 Re: CVE requests: LibTIFF | URL:http://www.openwall.com/lists/oss-security/2010/06/30/22 | MLIST:[oss-security] 20100701 Re: CVE requests: LibTIFF | URL:http://marc.info/?l=oss-security&m=127797353202873&w=2 | SECUNIA:40422 | URL:http://secunia.com/advisories/40422 | SECUNIA:50726 | URL:http://secunia.com/advisories/50726",Assigned (20100628),"None (candidate not yet proposed)","" CVE-2010-2483,Candidate,"The TIFFRGBAImageGet function in LibTIFF 3.9.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a TIFF file with an invalid combination of SamplesPerPixel and Photometric values.","CONFIRM:http://bugzilla.maptools.org/show_bug.cgi?id=2216 | CONFIRM:https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/591605 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=603081 | GENTOO:GLSA-201209-02 | URL:http://security.gentoo.org/glsa/glsa-201209-02.xml | MLIST:[oss-security] 20100623 CVE requests: LibTIFF | URL:http://marc.info/?l=oss-security&m=127731610612908&w=2 | MLIST:[oss-security] 20100624 Re: CVE requests: LibTIFF | URL:http://marc.info/?l=oss-security&m=127736307002102&w=2 | MLIST:[oss-security] 20100624 Re: CVE requests: LibTIFF | URL:http://marc.info/?l=oss-security&m=127738540902757&w=2 | MLIST:[oss-security] 20100629 Re: CVE requests: LibTIFF | URL:http://marc.info/?l=oss-security&m=127781315415896&w=2 | MLIST:[oss-security] 20100630 Re: CVE requests: LibTIFF | URL:http://www.openwall.com/lists/oss-security/2010/06/30/22 | MLIST:[oss-security] 20100701 Re: CVE requests: LibTIFF | URL:http://marc.info/?l=oss-security&m=127797353202873&w=2 | REDHAT:RHSA-2010:0519 | URL:http://www.redhat.com/support/errata/RHSA-2010-0519.html | SECUNIA:40422 | URL:http://secunia.com/advisories/40422 | SECUNIA:40527 | URL:http://secunia.com/advisories/40527 | SECUNIA:50726 | URL:http://secunia.com/advisories/50726 | VUPEN:ADV-2010-1761 | URL:http://www.vupen.com/english/advisories/2010/1761",Assigned (20100628),"None (candidate not yet proposed)","" CVE-2010-2595,Candidate,"The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ImageMagick, does not properly handle invalid ReferenceBlackWhite values, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers an array index error, related to ""downsampled OJPEG input.""","CONFIRM:http://blackberry.com/btsc/KB27244 | CONFIRM:http://bugzilla.maptools.org/show_bug.cgi?id=2208 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=583081 | DEBIAN:DSA-2552 | URL:http://www.debian.org/security/2012/dsa-2552 | GENTOO:GLSA-201209-02 | URL:http://security.gentoo.org/glsa/glsa-201209-02.xml | MLIST:[oss-security] 20100623 CVE requests: LibTIFF | URL:http://marc.info/?l=oss-security&m=127731610612908&w=2 | REDHAT:RHSA-2010:0519 | URL:http://www.redhat.com/support/errata/RHSA-2010-0519.html | SECUNIA:40422 | URL:http://secunia.com/advisories/40422 | SECUNIA:40527 | URL:http://secunia.com/advisories/40527 | SECUNIA:50726 | URL:http://secunia.com/advisories/50726 | VUPEN:ADV-2010-1761 | URL:http://www.vupen.com/english/advisories/2010/1761",Assigned (20100701),"None (candidate not yet proposed)","" CVE-2010-2596,Candidate,"The OJPEGPostDecode function in tif_ojpeg.c in LibTIFF 3.9.0 and 3.9.2, as used in tiff2ps, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF image, related to ""downsampled OJPEG input.""","CONFIRM:http://bugzilla.maptools.org/show_bug.cgi?id=2209 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=583081 | GENTOO:GLSA-201209-02 | URL:http://security.gentoo.org/glsa/glsa-201209-02.xml | MLIST:[oss-security] 20100623 CVE requests: LibTIFF | URL:http://marc.info/?l=oss-security&m=127731610612908&w=2 | SECUNIA:40422 | URL:http://secunia.com/advisories/40422 | SECUNIA:50726 | URL:http://secunia.com/advisories/50726",Assigned (20100701),"None (candidate not yet proposed)","" CVE-2010-2597,Candidate,"The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 3.9.2 makes incorrect calls to the TIFFGetField function, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image, related to ""downsampled OJPEG input"" and possibly related to a compiler optimization that triggers a divide-by-zero error.","CONFIRM:http://bugzilla.maptools.org/show_bug.cgi?id=2215 | CONFIRM:https://bugs.launchpad.net/bugs/593067 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=583081 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=603703 | DEBIAN:DSA-2552 | URL:http://www.debian.org/security/2012/dsa-2552 | GENTOO:GLSA-201209-02 | URL:http://security.gentoo.org/glsa/glsa-201209-02.xml | REDHAT:RHSA-2010:0519 | URL:http://www.redhat.com/support/errata/RHSA-2010-0519.html | SECUNIA:40422 | URL:http://secunia.com/advisories/40422 | SECUNIA:40527 | URL:http://secunia.com/advisories/40527 | SECUNIA:50726 | URL:http://secunia.com/advisories/50726 | VUPEN:ADV-2010-1761 | URL:http://www.vupen.com/english/advisories/2010/1761",Assigned (20100701),"None (candidate not yet proposed)","" CVE-2010-2598,Candidate,"LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as used in tiff2rgba, attempts to process image data even when the required compression functionality is not configured, which allows remote attackers to cause a denial of service via a crafted TIFF image, related to ""downsampled OJPEG input.""","CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=583081 | REDHAT:RHSA-2010:0520 | URL:http://www.redhat.com/support/errata/RHSA-2010-0520.html | SECUNIA:40536 | URL:http://secunia.com/advisories/40536 | VUPEN:ADV-2010-1761 | URL:http://www.vupen.com/english/advisories/2010/1761",Assigned (20100701),"None (candidate not yet proposed)","" CVE-2010-2630,Candidate,"The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly validate the data types of codec-specific tags that have an out-of-order position in a TIFF file, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481.","CONFIRM:http://bugzilla.maptools.org/show_bug.cgi?id=2210 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=554371 | DEBIAN:DSA-2552 | URL:http://www.debian.org/security/2012/dsa-2552 | GENTOO:GLSA-201209-02 | URL:http://security.gentoo.org/glsa/glsa-201209-02.xml | SECUNIA:50726 | URL:http://secunia.com/advisories/50726",Assigned (20100706),"None (candidate not yet proposed)","" CVE-2010-2631,Candidate,"LibTIFF 3.9.0 ignores tags in certain situations during the first stage of TIFF file processing and does not properly handle this during the second stage, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481.","CONFIRM:http://bugzilla.maptools.org/show_bug.cgi?id=2210 | GENTOO:GLSA-201209-02 | URL:http://security.gentoo.org/glsa/glsa-201209-02.xml | SECUNIA:50726 | URL:http://secunia.com/advisories/50726",Assigned (20100706),"None (candidate not yet proposed)","" CVE-2010-3087,Candidate,"LibTIFF before 3.9.2-5.2.1 in SUSE openSUSE 11.3 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TIFF image.","CONFIRM:http://blackberry.com/btsc/KB27244 | CONFIRM:http://support.novell.com/security/cve/CVE-2010-3087.html | CONFIRM:https://bugzilla.novell.com/show_bug.cgi?id=624215 | GENTOO:GLSA-201209-02 | URL:http://security.gentoo.org/glsa/glsa-201209-02.xml | SECUNIA:50726 | URL:http://secunia.com/advisories/50726 | SUSE:SUSE-SR:2010:017 | URL:http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html",Assigned (20100820),"None (candidate not yet proposed)","" CVE-2010-4665,Candidate,"Integer overflow in the ReadDirectory function in tiffdump.c in tiffdump in LibTIFF before 3.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF file containing a directory data structure with many directory entries.","BID:47338 | URL:http://www.securityfocus.com/bid/47338 | CONFIRM:http://bugzilla.maptools.org/show_bug.cgi?id=2218 | CONFIRM:http://www.remotesensing.org/libtiff/v3.9.5.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=695887 | DEBIAN:DSA-2552 | URL:http://www.debian.org/security/2012/dsa-2552 | FEDORA:FEDORA-2011-5304 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058478.html | GENTOO:GLSA-201209-02 | URL:http://security.gentoo.org/glsa/glsa-201209-02.xml | MLIST:[oss-security] 20110412 libtiff CVE assignments | URL:http://openwall.com/lists/oss-security/2011/04/12/10 | SECUNIA:44271 | URL:http://secunia.com/advisories/44271 | SECUNIA:50726 | URL:http://secunia.com/advisories/50726 | SUSE:SUSE-SR:2011:009 | URL:http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html | UBUNTU:USN-1416-1 | URL:http://ubuntu.com/usn/usn-1416-1",Assigned (20110103),"None (candidate not yet proposed)","" CVE-2011-0191,Candidate,"Buffer overflow in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with JPEG encoding.","APPLE:APPLE-SA-2011-03-02-1 | URL:http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html | APPLE:APPLE-SA-2011-03-09-1 | URL:http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html | APPLE:APPLE-SA-2011-03-09-2 | URL:http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html | APPLE:APPLE-SA-2011-03-09-3 | URL:http://lists.apple.com/archives/security-announce/2011//Mar/msg00005.html | APPLE:APPLE-SA-2011-03-21-1 | URL:http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html | BID:46657 | URL:http://www.securityfocus.com/bid/46657 | CONFIRM:http://support.apple.com/kb/HT4554 | CONFIRM:http://support.apple.com/kb/HT4564 | CONFIRM:http://support.apple.com/kb/HT4565 | CONFIRM:http://support.apple.com/kb/HT4566 | CONFIRM:http://support.apple.com/kb/HT4581 | DEBIAN:DSA-2210 | URL:http://www.debian.org/security/2011/dsa-2210 | MANDRIVA:MDVSA-2011:064 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:064 | SECUNIA:43934 | URL:http://secunia.com/advisories/43934 | SUSE:SUSE-SR:2011:005 | URL:http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html | SUSE:SUSE-SR:2011:009 | URL:http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html | VUPEN:ADV-2011-0845 | URL:http://www.vupen.com/english/advisories/2011/0845 | VUPEN:ADV-2011-0859 | URL:http://www.vupen.com/english/advisories/2011/0859",Assigned (20101223),"None (candidate not yet proposed)","" CVE-2011-0192,Candidate,"Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF Internet Fax image file that has been compressed using CCITT Group 4 encoding, related to the EXPAND2D macro in libtiff/tif_fax3.h. NOTE: some of these details are obtained from third party information.","APPLE:APPLE-SA-2011-03-02-1 | URL:http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html | APPLE:APPLE-SA-2011-03-09-1 | URL:http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html | APPLE:APPLE-SA-2011-03-09-2 | URL:http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html | APPLE:APPLE-SA-2011-03-09-3 | URL:http://lists.apple.com/archives/security-announce/2011//Mar/msg00005.html | APPLE:APPLE-SA-2011-03-21-1 | URL:http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html | APPLE:APPLE-SA-2011-10-12-1 | URL:http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html | APPLE:APPLE-SA-2011-10-12-2 | URL:http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html | BID:46658 | URL:http://www.securityfocus.com/bid/46658 | CONFIRM:http://blackberry.com/btsc/KB27244 | CONFIRM:http://support.apple.com/kb/HT4554 | CONFIRM:http://support.apple.com/kb/HT4564 | CONFIRM:http://support.apple.com/kb/HT4565 | CONFIRM:http://support.apple.com/kb/HT4566 | CONFIRM:http://support.apple.com/kb/HT4581 | CONFIRM:http://support.apple.com/kb/HT4999 | CONFIRM:http://support.apple.com/kb/HT5001 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=678635 | DEBIAN:DSA-2210 | URL:http://www.debian.org/security/2011/dsa-2210 | FEDORA:FEDORA-2011-2498 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055683.html | FEDORA:FEDORA-2011-2540 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055240.html | FEDORA:FEDORA-2011-3827 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057840.html | FEDORA:FEDORA-2011-3836 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057763.html | GENTOO:GLSA-201209-02 | URL:http://security.gentoo.org/glsa/glsa-201209-02.xml | MANDRIVA:MDVSA-2011:043 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:043 | REDHAT:RHSA-2011:0318 | URL:http://www.redhat.com/support/errata/RHSA-2011-0318.html | SECTRACK:1025153 | URL:http://www.securitytracker.com/id?1025153 | SECUNIA:43585 | URL:http://secunia.com/advisories/43585 | SECUNIA:43593 | URL:http://secunia.com/advisories/43593 | SECUNIA:43664 | URL:http://secunia.com/advisories/43664 | SECUNIA:43934 | URL:http://secunia.com/advisories/43934 | SECUNIA:44117 | URL:http://secunia.com/advisories/44117 | SECUNIA:44135 | URL:http://secunia.com/advisories/44135 | SECUNIA:50726 | URL:http://secunia.com/advisories/50726 | SLACKWARE:SSA:2011-098-01 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.587820 | SUSE:SUSE-SR:2011:005 | URL:http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html | SUSE:SUSE-SR:2011:009 | URL:http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html | VUPEN:ADV-2011-0551 | URL:http://www.vupen.com/english/advisories/2011/0551 | VUPEN:ADV-2011-0599 | URL:http://www.vupen.com/english/advisories/2011/0599 | VUPEN:ADV-2011-0621 | URL:http://www.vupen.com/english/advisories/2011/0621 | VUPEN:ADV-2011-0845 | URL:http://www.vupen.com/english/advisories/2011/0845 | VUPEN:ADV-2011-0905 | URL:http://www.vupen.com/english/advisories/2011/0905 | VUPEN:ADV-2011-0930 | URL:http://www.vupen.com/english/advisories/2011/0930 | VUPEN:ADV-2011-0960 | URL:http://www.vupen.com/english/advisories/2011/0960",Assigned (20101223),"None (candidate not yet proposed)","" CVE-2011-1167,Candidate,"Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value.","APPLE:APPLE-SA-2012-02-01-1 | URL:http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html | APPLE:APPLE-SA-2012-05-09-1 | URL:http://lists.apple.com/archives/security-announce/2012/May/msg00001.html | APPLE:APPLE-SA-2012-09-19-1 | URL:http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html | BID:46951 | URL:http://www.securityfocus.com/bid/46951 | BUGTRAQ:20110321 ZDI-11-107: Libtiff ThunderCode Decoder THUNDER_2BITDELTAS Remote Code Execution Vulnerability | URL:http://www.securityfocus.com/archive/1/517101/100/0/threaded | CONFIRM:http://blackberry.com/btsc/KB27244 | CONFIRM:http://bugzilla.maptools.org/show_bug.cgi?id=2300 | CONFIRM:http://support.apple.com/kb/HT5130 | CONFIRM:http://support.apple.com/kb/HT5281 | CONFIRM:http://support.apple.com/kb/HT5503 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=684939 | DEBIAN:DSA-2210 | URL:http://www.debian.org/security/2011/dsa-2210 | FEDORA:FEDORA-2011-3827 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057840.html | FEDORA:FEDORA-2011-3836 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057763.html | GENTOO:GLSA-201209-02 | URL:http://security.gentoo.org/glsa/glsa-201209-02.xml | MANDRIVA:MDVSA-2011:064 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:064 | MISC:http://www.zerodayinitiative.com/advisories/ZDI-11-107 | OSVDB:71256 | URL:http://www.osvdb.org/71256 | REDHAT:RHSA-2011:0392 | URL:http://www.redhat.com/support/errata/RHSA-2011-0392.html | SECTRACK:1025257 | URL:http://www.securitytracker.com/id?1025257 | SECUNIA:43900 | URL:http://secunia.com/advisories/43900 | SECUNIA:43934 | URL:http://secunia.com/advisories/43934 | SECUNIA:43974 | URL:http://secunia.com/advisories/43974 | SECUNIA:44117 | URL:http://secunia.com/advisories/44117 | SECUNIA:44135 | URL:http://secunia.com/advisories/44135 | SECUNIA:50726 | URL:http://secunia.com/advisories/50726 | SLACKWARE:SSA:2011-098-01 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.587820 | SREASON:8165 | URL:http://securityreason.com/securityalert/8165 | SUSE:SUSE-SR:2011:009 | URL:http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html | UBUNTU:USN-1102-1 | URL:http://ubuntu.com/usn/usn-1102-1 | VUPEN:ADV-2011-0795 | URL:http://www.vupen.com/english/advisories/2011/0795 | VUPEN:ADV-2011-0845 | URL:http://www.vupen.com/english/advisories/2011/0845 | VUPEN:ADV-2011-0859 | URL:http://www.vupen.com/english/advisories/2011/0859 | VUPEN:ADV-2011-0860 | URL:http://www.vupen.com/english/advisories/2011/0860 | VUPEN:ADV-2011-0905 | URL:http://www.vupen.com/english/advisories/2011/0905 | VUPEN:ADV-2011-0930 | URL:http://www.vupen.com/english/advisories/2011/0930 | VUPEN:ADV-2011-0960 | URL:http://www.vupen.com/english/advisories/2011/0960 | XF:libtiff-thundercode-decoder-bo(66247) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/66247",Assigned (20110303),"None (candidate not yet proposed)","" CVE-2012-1173,Candidate,"Multiple integer overflows in tiff_getimage.c in LibTIFF 3.9.4 allow remote attackers to execute arbitrary code via a crafted tile size in a TIFF file, which is not properly handled by the (1) gtTileSeparate or (2) gtStripSeparate function, leading to a heap-based buffer overflow.","APPLE:APPLE-SA-2012-09-19-1 | URL:http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html | APPLE:APPLE-SA-2012-09-19-2 | URL:http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html | BID:52891 | URL:http://www.securityfocus.com/bid/52891 | CONFIRM:http://bugzilla.maptools.org/show_bug.cgi?id=2369 | CONFIRM:http://support.apple.com/kb/HT5501 | CONFIRM:http://support.apple.com/kb/HT5503 | CONFIRM:https://downloads.avaya.com/css/P8/documents/100161772 | DEBIAN:DSA-2447 | URL:http://www.debian.org/security/2012/dsa-2447 | FEDORA:FEDORA-2012-5406 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078403.html | FEDORA:FEDORA-2012-5410 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078835.html | FEDORA:FEDORA-2012-5463 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077463.html | GENTOO:GLSA-201209-02 | URL:http://security.gentoo.org/glsa/glsa-201209-02.xml | MANDRIVA:MDVSA-2012:054 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2012:054 | MISC:http://bugzilla.maptools.org/attachment.cgi?id=477&action=diff | MISC:http://home.gdal.org/private/zdi-can-1221/zdi-can-1221.txt | OSVDB:81025 | URL:http://www.osvdb.org/81025 | REDHAT:RHSA-2012:0468 | URL:http://rhn.redhat.com/errata/RHSA-2012-0468.html | SECTRACK:1026895 | URL:http://www.securitytracker.com/id?1026895 | SECUNIA:48684 | URL:http://secunia.com/advisories/48684 | SECUNIA:48722 | URL:http://secunia.com/advisories/48722 | SECUNIA:48735 | URL:http://secunia.com/advisories/48735 | SECUNIA:48757 | URL:http://secunia.com/advisories/48757 | SECUNIA:48893 | URL:http://secunia.com/advisories/48893 | SECUNIA:50726 | URL:http://secunia.com/advisories/50726 | SUSE:openSUSE-SU-2012:0539 | URL:https://hermes.opensuse.org/messages/14302713 | UBUNTU:USN-1416-1 | URL:http://ubuntu.com/usn/usn-1416-1 | XF:libtiff-gttileseparate-bo(74656) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/74656",Assigned (20120214),"None (candidate not yet proposed)","" CVE-2012-2088,Candidate,"Integer signedness error in the TIFFReadDirectory function in tif_dirread.c in libtiff 3.9.4 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a negative tile depth in a tiff image, which triggers an improper conversion between signed and unsigned types, leading to a heap-based buffer overflow.","APPLE:APPLE-SA-2013-03-14-1 | URL:http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html | BID:54270 | URL:http://www.securityfocus.com/bid/54270 | CONFIRM:http://support.apple.com/kb/HT6162 | CONFIRM:http://support.apple.com/kb/HT6163 | GENTOO:GLSA-201209-02 | URL:http://security.gentoo.org/glsa/glsa-201209-02.xml | MANDRIVA:MDVSA-2012:101 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2012:101 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=832864 | REDHAT:RHSA-2012:1054 | URL:http://rhn.redhat.com/errata/RHSA-2012-1054.html | SECUNIA:49686 | URL:http://secunia.com/advisories/49686 | SECUNIA:50726 | URL:http://secunia.com/advisories/50726 | SUSE:SUSE-SU-2012:0894 | URL:http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00010.html | SUSE:openSUSE-SU-2012:0829 | URL:https://hermes.opensuse.org/messages/15083566",Assigned (20120404),"None (candidate not yet proposed)","" CVE-2012-2113,Candidate,"Multiple integer overflows in tiff2pdf in libtiff before 4.0.2 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.","BID:54076 | URL:http://www.securityfocus.com/bid/54076 | CONFIRM:http://www.remotesensing.org/libtiff/v4.0.2.html | DEBIAN:DSA-2552 | URL:http://www.debian.org/security/2012/dsa-2552 | GENTOO:GLSA-201209-02 | URL:http://security.gentoo.org/glsa/glsa-201209-02.xml | MANDRIVA:MDVSA-2012:101 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2012:101 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=810551 | REDHAT:RHSA-2012:1054 | URL:http://rhn.redhat.com/errata/RHSA-2012-1054.html | SECUNIA:49493 | URL:http://secunia.com/advisories/49493 | SECUNIA:49686 | URL:http://secunia.com/advisories/49686 | SECUNIA:50726 | URL:http://secunia.com/advisories/50726 | SUSE:SUSE-SU-2012:0894 | URL:http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00010.html | SUSE:openSUSE-SU-2012:0829 | URL:https://hermes.opensuse.org/messages/15083566",Assigned (20120404),"None (candidate not yet proposed)","" CVE-2012-3401,Candidate,"The t2p_read_tiff_init function in tiff2pdf (tools/tiff2pdf.c) in LibTIFF 4.0.2 and earlier does not properly initialize the T2P context struct pointer in certain error conditions, which allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers a heap-based buffer overflow.","BID:54601 | URL:http://www.securityfocus.com/bid/54601 | CONFIRM:http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf | DEBIAN:DSA-2552 | URL:http://www.debian.org/security/2012/dsa-2552 | GENTOO:GLSA-201209-02 | URL:http://security.gentoo.org/glsa/glsa-201209-02.xml | MANDRIVA:MDVSA-2012:127 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2012:127 | MISC:http://libjpeg-turbo.svn.sourceforge.net/viewvc/libjpeg-turbo?view=revision&revision=830 | MISC:https://bugzilla.redhat.com/attachment.cgi?id=596457 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=837577 | MLIST:[oss-security] 20120719 Re: tiff2pdf: Heap-based buffer overflow due to improper initialization of T2P context struct pointer | URL:http://www.openwall.com/lists/oss-security/2012/07/19/4 | MLIST:[oss-security] 20120719 tiff2pdf: Heap-based buffer overflow due to improper initialization of T2P context struct pointer | URL:http://www.openwall.com/lists/oss-security/2012/07/19/1 | OSVDB:84090 | URL:http://osvdb.org/84090 | REDHAT:RHSA-2012:1590 | URL:http://rhn.redhat.com/errata/RHSA-2012-1590.html | SECUNIA:49938 | URL:http://secunia.com/advisories/49938 | SECUNIA:50007 | URL:http://secunia.com/advisories/50007 | SECUNIA:50726 | URL:http://secunia.com/advisories/50726 | SUSE:openSUSE-SU-2012:0955 | URL:http://lists.opensuse.org/opensuse-updates/2012-08/msg00011.html | UBUNTU:USN-1511-1 | URL:http://www.ubuntu.com/usn/USN-1511-1 | XF:libtiff-t2preadtiffinit-bo(77088) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/77088",Assigned (20120614),"None (candidate not yet proposed)","" CVE-2012-4447,Candidate,"Heap-based buffer overflow in tif_pixarlog.c in LibTIFF before 4.0.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF image using the PixarLog Compression format.","BID:55673 | URL:http://www.securityfocus.com/bid/55673 | DEBIAN:DSA-2561 | URL:http://www.debian.org/security/2012/dsa-2561 | MISC:http://www.remotesensing.org/libtiff/v4.0.3.html | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=860198 | MLIST:[oss-security] 20120925 CVE Request: libtiff: Heap-buffer overflow when processing a TIFF image with PixarLog Compression | URL:http://www.openwall.com/lists/oss-security/2012/09/25/9 | MLIST:[oss-security] 20120925 Re: CVE Request: libtiff: Heap-buffer overflow when processing a TIFF image with PixarLog Compression | URL:http://www.openwall.com/lists/oss-security/2012/09/25/14 | REDHAT:RHSA-2012:1590 | URL:http://rhn.redhat.com/errata/RHSA-2012-1590.html | SECUNIA:49938 | URL:http://secunia.com/advisories/49938 | SECUNIA:51049 | URL:http://secunia.com/advisories/51049 | SUSE:openSUSE-SU-2013:0187 | URL:http://lists.opensuse.org/opensuse-updates/2013-01/msg00076.html | UBUNTU:USN-1631-1 | URL:http://www.ubuntu.com/usn/USN-1631-1",Assigned (20120821),"None (candidate not yet proposed)","" CVE-2012-4564,Candidate,"ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow.","BID:56372 | URL:http://www.securityfocus.com/bid/56372 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=871700 | DEBIAN:DSA-2575 | URL:http://www.debian.org/security/2012/dsa-2575 | MLIST:[oss-security] 20121102 Re: libtiff: Missing return value check in ppm2tiff leading to heap-buffer overflow when reading a tiff file | URL:http://www.openwall.com/lists/oss-security/2012/11/02/7 | MLIST:[oss-security] 20121102 libtiff: Missing return value check in ppm2tiff leading to heap-buffer overflow when reading a tiff file | URL:http://www.openwall.com/lists/oss-security/2012/11/02/3 | OSVDB:86878 | URL:http://www.osvdb.org/86878 | REDHAT:RHSA-2012:1590 | URL:http://rhn.redhat.com/errata/RHSA-2012-1590.html | SECUNIA:51133 | URL:http://secunia.com/advisories/51133 | SUSE:openSUSE-SU-2013:0187 | URL:http://lists.opensuse.org/opensuse-updates/2013-01/msg00076.html | UBUNTU:USN-1631-1 | URL:http://www.ubuntu.com/usn/USN-1631-1 | XF:libtiff-ppm2tiff-bo(79750) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79750",Assigned (20120821),"None (candidate not yet proposed)","" CVE-2012-5581,Candidate,"Stack-based buffer overflow in tif_dir.c in LibTIFF before 4.0.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DOTRANGE tag in a TIFF image.","BID:56715 | URL:http://www.securityfocus.com/bid/56715 | DEBIAN:DSA-2589 | URL:http://www.debian.org/security/2012/dsa-2589 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=867235 | MLIST:[oss-security] 20121128 libtiff: Stack based buffer overflow when handling DOTRANGE tags | URL:http://www.openwall.com/lists/oss-security/2012/11/28/1 | REDHAT:RHSA-2012:1590 | URL:http://rhn.redhat.com/errata/RHSA-2012-1590.html | SECUNIA:51491 | URL:http://secunia.com/advisories/51491 | SUSE:openSUSE-SU-2013:0187 | URL:http://lists.opensuse.org/opensuse-updates/2013-01/msg00076.html | UBUNTU:USN-1655-1 | URL:http://www.ubuntu.com/usn/USN-1655-1 | XF:libtiff-dotrange-bo(80339) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/80339",Assigned (20121024),"None (candidate not yet proposed)","" CVE-2013-1960,Candidate,"Heap-based buffer overflow in the t2p_process_jpeg_strip function in tiff2pdf in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image file.","BID:59609 | URL:http://www.securityfocus.com/bid/59609 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=952158 | DEBIAN:DSA-2698 | URL:http://www.debian.org/security/2013/dsa-2698 | FEDORA:FEDORA-2013-7339 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104916.html | FEDORA:FEDORA-2013-7361 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105828.html | FEDORA:FEDORA-2013-7369 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105253.html | MLIST:[oss-security] 20130502 Fwd: Two libtiff (tiff2pdf flaws) | URL:http://seclists.org/oss-sec/2013/q2/254 | REDHAT:RHSA-2014:0223 | URL:http://rhn.redhat.com/errata/RHSA-2014-0223.html | SECUNIA:53237 | URL:http://secunia.com/advisories/53237 | SECUNIA:53765 | URL:http://secunia.com/advisories/53765 | SUSE:openSUSE-SU-2013:0922 | URL:http://lists.opensuse.org/opensuse-updates/2013-06/msg00058.html | SUSE:openSUSE-SU-2013:0944 | URL:http://lists.opensuse.org/opensuse-updates/2013-06/msg00080.html",Assigned (20130219),"None (candidate not yet proposed)","" CVE-2013-1961,Candidate,"Stack-based buffer overflow in the t2p_write_pdf_page function in tiff2pdf in libtiff before 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted image length and resolution in a TIFF image file.","BID:59607 | URL:http://www.securityfocus.com/bid/59607 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=952131 | DEBIAN:DSA-2698 | URL:http://www.debian.org/security/2013/dsa-2698 | FEDORA:FEDORA-2013-7339 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104916.html | FEDORA:FEDORA-2013-7361 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105828.html | FEDORA:FEDORA-2013-7369 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105253.html | MLIST:[oss-security] 20130502 Fwd: Two libtiff (tiff2pdf flaws) | URL:http://seclists.org/oss-sec/2013/q2/254 | REDHAT:RHSA-2014:0223 | URL:http://rhn.redhat.com/errata/RHSA-2014-0223.html | SECUNIA:53237 | URL:http://secunia.com/advisories/53237 | SECUNIA:53765 | URL:http://secunia.com/advisories/53765 | SUSE:openSUSE-SU-2013:0922 | URL:http://lists.opensuse.org/opensuse-updates/2013-06/msg00058.html | SUSE:openSUSE-SU-2013:0944 | URL:http://lists.opensuse.org/opensuse-updates/2013-06/msg00080.html",Assigned (20130219),"None (candidate not yet proposed)","" CVE-2013-4231,Candidate,"Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) extension block in a GIF image or (2) GIF raster image to tools/gif2tiff.c or (3) a long filename for a TIFF image to tools/rgb2ycbcr.c. NOTE: vectors 1 and 3 are disputed by Red Hat, which states that the input cannot exceed the allocated buffer size.","BID:61695 | URL:http://www.securityfocus.com/bid/61695 | CONFIRM:http://bugzilla.maptools.org/show_bug.cgi?id=2450 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=995965 | DEBIAN:DSA-2744 | URL:http://www.debian.org/security/2013/dsa-2744 | MLIST:[oss-security] 20130809 Re: CVE Request -- Four (stack-based) buffer overflows and one use-after-free in libtiff v4.0.3 reported by Pedro Ribeiro | URL:http://www.openwall.com/lists/oss-security/2013/08/10/2 | MLIST:[tiff] 20130801 Vulnerabilities in libtiff 4.0.3 | URL:http://www.asmail.be/msg0055359936.html | REDHAT:RHSA-2014:0223 | URL:http://rhn.redhat.com/errata/RHSA-2014-0223.html | SECUNIA:54543 | URL:http://secunia.com/advisories/54543 | SECUNIA:54628 | URL:http://secunia.com/advisories/54628",Assigned (20130612),"None (candidate not yet proposed)","" CVE-2013-4232,Candidate,"Use-after-free vulnerability in the t2p_readwrite_pdf_image function in tools/tiff2pdf.c in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted TIFF image.","CONFIRM:http://bugzilla.maptools.org/show_bug.cgi?id=2449 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=995975 | DEBIAN:DSA-2744 | URL:http://www.debian.org/security/2013/dsa-2744 | MLIST:[oss-security] 20130809 Re: CVE Request -- Four (stack-based) buffer overflows and one use-after-free in libtiff v4.0.3 reported by Pedro Ribeiro | URL:http://www.openwall.com/lists/oss-security/2013/08/10/2 | MLIST:[tiff] 20130801 Vulnerabilities in libtiff 4.0.3 | URL:http://www.asmail.be/msg0055359936.html | REDHAT:RHSA-2014:0223 | URL:http://rhn.redhat.com/errata/RHSA-2014-0223.html | SECUNIA:54543 | URL:http://secunia.com/advisories/54543 | SECUNIA:54628 | URL:http://secunia.com/advisories/54628",Assigned (20130612),"None (candidate not yet proposed)","" CVE-2013-4243,Candidate,"Heap-based buffer overflow in the readgifimage function in the gif2tiff tool in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted height and width values in a GIF image.","BID:62082 | URL:http://www.securityfocus.com/bid/62082 | CONFIRM:http://bugzilla.maptools.org/show_bug.cgi?id=2451 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=996052 | DEBIAN:DSA-2744 | URL:http://www.debian.org/security/2013/dsa-2744 | GENTOO:GLSA-201701-16 | URL:https://security.gentoo.org/glsa/201701-16 | REDHAT:RHSA-2014:0223 | URL:http://rhn.redhat.com/errata/RHSA-2014-0223.html | SECUNIA:54543 | URL:http://secunia.com/advisories/54543 | SECUNIA:54628 | URL:http://secunia.com/advisories/54628",Assigned (20130612),"None (candidate not yet proposed)","" CVE-2013-4244,Candidate,"The LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted GIF image.","CONFIRM:http://bugzilla.maptools.org/show_bug.cgi?id=2452 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=996468 | CONFIRM:https://github.com/vadz/libtiff/commit/ce6841d9e41d621ba23cf18b190ee6a23b2cc833 | REDHAT:RHSA-2014:0223 | URL:http://rhn.redhat.com/errata/RHSA-2014-0223.html",Assigned (20130612),"None (candidate not yet proposed)","" CVE-2014-8127,Candidate,"LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tif_getimage.c in the tiff2rgba tool, LZWPreDecode function in tif_lzw.c in the (4) tiff2ps or (5) tiffdither tool, (6) NeXTDecode function in tif_next.c in the tiffmedian tool, or (7) TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool.","BID:72323 | URL:http://www.securityfocus.com/bid/72323 | CONFIRM:http://bugzilla.maptools.org/show_bug.cgi?id=2484 | CONFIRM:http://bugzilla.maptools.org/show_bug.cgi?id=2485 | CONFIRM:http://bugzilla.maptools.org/show_bug.cgi?id=2486 | CONFIRM:http://bugzilla.maptools.org/show_bug.cgi?id=2496 | CONFIRM:http://bugzilla.maptools.org/show_bug.cgi?id=2497 | CONFIRM:http://bugzilla.maptools.org/show_bug.cgi?id=2500 | DEBIAN:DSA-3273 | URL:http://www.debian.org/security/2015/dsa-3273 | GENTOO:GLSA-201701-16 | URL:https://security.gentoo.org/glsa/201701-16 | MISC:http://www.conostix.com/pub/adv/CVE-2014-8127-LibTIFF-Out-of-bounds_Reads.txt | MLIST:[oss-security] 20150124 Multiple vulnerabilities in LibTIFF and associated tools | URL:http://www.openwall.com/lists/oss-security/2015/01/24/15 | REDHAT:RHSA-2016:1546 | URL:http://rhn.redhat.com/errata/RHSA-2016-1546.html | REDHAT:RHSA-2016:1547 | URL:http://rhn.redhat.com/errata/RHSA-2016-1547.html | SECTRACK:1032760 | URL:http://www.securitytracker.com/id/1032760 | SUSE:openSUSE-SU-2015:0450 | URL:http://lists.opensuse.org/opensuse-updates/2015-03/msg00022.html",Assigned (20141010),"None (candidate not yet proposed)","" CVE-2014-8128,Candidate,"LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before 10.10.4 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image.","MISC:http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html | MISC:http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html | MISC:http://openwall.com/lists/oss-security/2015/01/24/15 | MISC:http://support.apple.com/kb/HT204941 | MISC:http://support.apple.com/kb/HT204942 | MISC:http://www.conostix.com/pub/adv/CVE-2014-8128-LibTIFF-Out-of-bounds_Writes.txt | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1185812",Assigned (20141010),"None (candidate not yet proposed)","" CVE-2014-8129,Candidate,"LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in tiff2pdf.c.","APPLE:APPLE-SA-2015-06-30-1 | URL:http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html | APPLE:APPLE-SA-2015-06-30-2 | URL:http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html | BID:72352 | URL:http://www.securityfocus.com/bid/72352 | CONFIRM:http://support.apple.com/kb/HT204941 | CONFIRM:http://support.apple.com/kb/HT204942 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1185815 | DEBIAN:DSA-3273 | URL:https://www.debian.org/security/2015/dsa-3273 | GENTOO:GLSA-201701-16 | URL:https://security.gentoo.org/glsa/201701-16 | MISC:http://bugzilla.maptools.org/show_bug.cgi?id=2487 | MISC:http://bugzilla.maptools.org/show_bug.cgi?id=2488 | MISC:http://www.conostix.com/pub/adv/CVE-2014-8129-LibTIFF-Out-of-bounds_Reads_and_Writes.txt | MLIST:[oss-security] 20150124 Multiple vulnerabilities in LibTIFF and associated tools | URL:http://openwall.com/lists/oss-security/2015/01/24/15 | REDHAT:RHSA-2016:1546 | URL:http://rhn.redhat.com/errata/RHSA-2016-1546.html | REDHAT:RHSA-2016:1547 | URL:http://rhn.redhat.com/errata/RHSA-2016-1547.html | SECTRACK:1032760 | URL:http://www.securitytracker.com/id/1032760",Assigned (20141010),"None (candidate not yet proposed)","" CVE-2014-8130,Candidate,"The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither.","APPLE:APPLE-SA-2015-06-30-1 | URL:http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html | APPLE:APPLE-SA-2015-06-30-2 | URL:http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html | BID:72353 | URL:http://www.securityfocus.com/bid/72353 | CONFIRM:http://bugzilla.maptools.org/show_bug.cgi?id=2483 | CONFIRM:http://support.apple.com/kb/HT204941 | CONFIRM:http://support.apple.com/kb/HT204942 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1185817 | CONFIRM:https://github.com/vadz/libtiff/commit/3c5eb8b1be544e41d2c336191bc4936300ad7543 | GENTOO:GLSA-201701-16 | URL:https://security.gentoo.org/glsa/201701-16 | MISC:http://www.conostix.com/pub/adv/CVE-2014-8130-LibTIFF-Division_By_Zero.txt | MLIST:[oss-security] 20150124 Multiple vulnerabilities in LibTIFF and associated tools | URL:http://openwall.com/lists/oss-security/2015/01/24/15 | REDHAT:RHSA-2016:1546 | URL:http://rhn.redhat.com/errata/RHSA-2016-1546.html | REDHAT:RHSA-2016:1547 | URL:http://rhn.redhat.com/errata/RHSA-2016-1547.html | SECTRACK:1032760 | URL:http://www.securitytracker.com/id/1032760",Assigned (20141010),"None (candidate not yet proposed)","" CVE-2014-9330,Candidate,"Integer overflow in tif_packbits.c in bmp2tif in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) via crafted BMP image, related to dimensions, which triggers an out-of-bounds read.","BID:71789 | URL:http://www.securityfocus.com/bid/71789 | CONFIRM:http://bugzilla.maptools.org/show_bug.cgi?id=2494 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html | DEBIAN:DSA-3273 | URL:http://www.debian.org/security/2015/dsa-3273 | FULLDISC:20141222 CVE-2014-9330: Libtiff integer overflow in bmp2tiff | URL:http://seclists.org/fulldisclosure/2014/Dec/97 | GENTOO:GLSA-201701-16 | URL:https://security.gentoo.org/glsa/201701-16 | REDHAT:RHSA-2016:1546 | URL:http://rhn.redhat.com/errata/RHSA-2016-1546.html | REDHAT:RHSA-2016:1547 | URL:http://rhn.redhat.com/errata/RHSA-2016-1547.html | SECTRACK:1031442 | URL:http://www.securitytracker.com/id/1031442",Assigned (20141207),"None (candidate not yet proposed)","" CVE-2014-9655,Candidate,"The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff-cvs-1.tif and libtiff-cvs-2.tif.","CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html | DEBIAN:DSA-3273 | URL:http://www.debian.org/security/2015/dsa-3273 | DEBIAN:DSA-3467 | URL:http://www.debian.org/security/2016/dsa-3467 | GENTOO:GLSA-201701-16 | URL:https://security.gentoo.org/glsa/201701-16 | MLIST:[oss-security] 20150207 Re: Multiple vulnerabilities in LibTIFF and associated tools | URL:http://openwall.com/lists/oss-security/2015/02/07/5 | REDHAT:RHSA-2016:1546 | URL:http://rhn.redhat.com/errata/RHSA-2016-1546.html | REDHAT:RHSA-2016:1547 | URL:http://rhn.redhat.com/errata/RHSA-2016-1547.html",Assigned (20150207),"None (candidate not yet proposed)","" CVE-2015-1547,Candidate,"The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff5.tif.","BID:73438 | URL:http://www.securityfocus.com/bid/73438 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html | DEBIAN:DSA-3467 | URL:http://www.debian.org/security/2016/dsa-3467 | GENTOO:GLSA-201701-16 | URL:https://security.gentoo.org/glsa/201701-16 | MLIST:[oss-security] 20150124 Multiple vulnerabilities in LibTIFF and associated tools | URL:http://openwall.com/lists/oss-security/2015/01/24/16 | MLIST:[oss-security] 20150207 Re: Multiple vulnerabilities in LibTIFF and associated tools | URL:http://openwall.com/lists/oss-security/2015/02/07/5 | REDHAT:RHSA-2016:1546 | URL:http://rhn.redhat.com/errata/RHSA-2016-1546.html | REDHAT:RHSA-2016:1547 | URL:http://rhn.redhat.com/errata/RHSA-2016-1547.html",Assigned (20150207),"None (candidate not yet proposed)","" CVE-2015-7313,Candidate,"LibTIFF allows remote attackers to cause a denial of service (memory consumption and crash) via a crafted tiff file.","BID:76843 | URL:http://www.securityfocus.com/bid/76843 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1265998 | GENTOO:GLSA-201701-16 | URL:https://security.gentoo.org/glsa/201701-16 | MLIST:[oss-security] 20150921 DoS in libtiff | URL:http://seclists.org/oss-sec/2015/q3/601",Assigned (20150922),"None (candidate not yet proposed)","" CVE-2015-7554,Candidate,"The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via crafted field data in an extension tag in a TIFF image.","BID:79699 | URL:http://www.securityfocus.com/bid/79699 | BUGTRAQ:20151226 libtiff: invalid write (CVE-2015-7554) | URL:http://www.securityfocus.com/archive/1/537205/100/0/threaded | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html | FULLDISC:20151226 libtiff: invalid write (CVE-2015-7554) | URL:http://seclists.org/fulldisclosure/2015/Dec/119 | GENTOO:GLSA-201701-16 | URL:https://security.gentoo.org/glsa/201701-16 | MISC:http://packetstormsecurity.com/files/135078/libtiff-4.0.6-Invalid-Write.html | MLIST:[oss-security] 20151226 libtiff: invalid write (CVE-2015-7554) | URL:http://www.openwall.com/lists/oss-security/2015/12/26/7 | REDHAT:RHSA-2016:1546 | URL:http://rhn.redhat.com/errata/RHSA-2016-1546.html | REDHAT:RHSA-2016:1547 | URL:http://rhn.redhat.com/errata/RHSA-2016-1547.html | SUSE:openSUSE-SU-2016:0212 | URL:http://lists.opensuse.org/opensuse-updates/2016-01/msg00078.html | SUSE:openSUSE-SU-2016:0215 | URL:http://lists.opensuse.org/opensuse-updates/2016-01/msg00081.html | SUSE:openSUSE-SU-2016:0252 | URL:http://lists.opensuse.org/opensuse-updates/2016-01/msg00100.html",Assigned (20150929),"None (candidate not yet proposed)","" CVE-2015-8665,Candidate,"tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via the SamplesPerPixel tag in a TIFF image.","BID:79728 | URL:http://www.securityfocus.com/bid/79728 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html | DEBIAN:DSA-3467 | URL:http://www.debian.org/security/2016/dsa-3467 | GENTOO:GLSA-201701-16 | URL:https://security.gentoo.org/glsa/201701-16 | MLIST:[oss-security] 20151224 CVE request -- Out-of-bounds Read in libtiff | URL:http://www.openwall.com/lists/oss-security/2015/12/24/2 | MLIST:[oss-security] 20151224 Re: CVE request -- Out-of-bounds Read in libtiff | URL:http://www.openwall.com/lists/oss-security/2015/12/24/4 | REDHAT:RHSA-2016:1546 | URL:http://rhn.redhat.com/errata/RHSA-2016-1546.html | REDHAT:RHSA-2016:1547 | URL:http://rhn.redhat.com/errata/RHSA-2016-1547.html | SECTRACK:1035508 | URL:http://www.securitytracker.com/id/1035508 | UBUNTU:USN-2939-1 | URL:http://www.ubuntu.com/usn/USN-2939-1",Assigned (20151224),"None (candidate not yet proposed)","" CVE-2015-8668,Candidate,"Heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote attackers to execute arbitrary code or cause a denial of service via a large width field in a BMP image.","BUGTRAQ:20151228 libtiff bmp file Heap Overflow (CVE-2015-8668) | URL:http://www.securityfocus.com/archive/1/537208/100/0/threaded | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html | GENTOO:GLSA-201701-16 | URL:https://security.gentoo.org/glsa/201701-16 | MISC:http://packetstormsecurity.com/files/135080/libtiff-4.0.6-Heap-Overflow.html | REDHAT:RHSA-2016:1546 | URL:http://rhn.redhat.com/errata/RHSA-2016-1546.html | REDHAT:RHSA-2016:1547 | URL:http://rhn.redhat.com/errata/RHSA-2016-1547.html",Assigned (20151224),"None (candidate not yet proposed)","" CVE-2015-8683,Candidate,"The putcontig8bitCIELab function in tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a packed TIFF image.","BID:79718 | URL:http://www.securityfocus.com/bid/79718 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html | DEBIAN:DSA-3467 | URL:http://www.debian.org/security/2016/dsa-3467 | GENTOO:GLSA-201701-16 | URL:https://security.gentoo.org/glsa/201701-16 | MLIST:[oss-security] 20151225 CVE request libtiff: out-of-bounds read in CIE Lab image format | URL:http://www.openwall.com/lists/oss-security/2015/12/25/1 | MLIST:[oss-security] 20151225 Re: CVE request libtiff: out-of-bounds read in CIE Lab image format | URL:http://www.openwall.com/lists/oss-security/2015/12/26/1 | REDHAT:RHSA-2016:1546 | URL:http://rhn.redhat.com/errata/RHSA-2016-1546.html | REDHAT:RHSA-2016:1547 | URL:http://rhn.redhat.com/errata/RHSA-2016-1547.html | SECTRACK:1035508 | URL:http://www.securitytracker.com/id/1035508 | UBUNTU:USN-2939-1 | URL:http://www.ubuntu.com/usn/USN-2939-1",Assigned (20151225),"None (candidate not yet proposed)","" CVE-2015-8781,Candidate,"tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds write) via an invalid number of samples per pixel in a LogL compressed TIFF image, a different vulnerability than CVE-2015-8782.","BID:81730 | URL:http://www.securityfocus.com/bid/81730 | CONFIRM:http://bugzilla.maptools.org/show_bug.cgi?id=2522#c0 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html | DEBIAN:DSA-3467 | URL:http://www.debian.org/security/2016/dsa-3467 | GENTOO:GLSA-201701-16 | URL:https://security.gentoo.org/glsa/201701-16 | MLIST:[oss-security] 20160124 CVE Request: tiff: Out-of-bounds write for invalid images using LogL compression | URL:http://www.openwall.com/lists/oss-security/2016/01/24/3 | MLIST:[oss-security] 20160124 Re: CVE Request: tiff: Out-of-bounds write for invalid images using LogL compression | URL:http://www.openwall.com/lists/oss-security/2016/01/24/7 | REDHAT:RHSA-2016:1546 | URL:http://rhn.redhat.com/errata/RHSA-2016-1546.html | REDHAT:RHSA-2016:1547 | URL:http://rhn.redhat.com/errata/RHSA-2016-1547.html | SUSE:openSUSE-SU-2016:0405 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00058.html | SUSE:openSUSE-SU-2016:0414 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00064.html | UBUNTU:USN-2939-1 | URL:http://www.ubuntu.com/usn/USN-2939-1",Assigned (20160124),"None (candidate not yet proposed)","" CVE-2015-8782,Candidate,"tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds writes) via a crafted TIFF image, a different vulnerability than CVE-2015-8781.","BID:81730 | URL:http://www.securityfocus.com/bid/81730 | CONFIRM:http://bugzilla.maptools.org/show_bug.cgi?id=2522 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html | DEBIAN:DSA-3467 | URL:http://www.debian.org/security/2016/dsa-3467 | GENTOO:GLSA-201701-16 | URL:https://security.gentoo.org/glsa/201701-16 | MLIST:[oss-security] 20160124 CVE Request: tiff: Out-of-bounds write for invalid images using LogL compression | URL:http://www.openwall.com/lists/oss-security/2016/01/24/3 | MLIST:[oss-security] 20160124 Re: CVE Request: tiff: Out-of-bounds write for invalid images using LogL compression | URL:http://www.openwall.com/lists/oss-security/2016/01/24/7 | REDHAT:RHSA-2016:1546 | URL:http://rhn.redhat.com/errata/RHSA-2016-1546.html | REDHAT:RHSA-2016:1547 | URL:http://rhn.redhat.com/errata/RHSA-2016-1547.html | SUSE:openSUSE-SU-2016:0405 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00058.html | SUSE:openSUSE-SU-2016:0414 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00064.html | UBUNTU:USN-2939-1 | URL:http://www.ubuntu.com/usn/USN-2939-1",Assigned (20160124),"None (candidate not yet proposed)","" CVE-2015-8783,Candidate,"tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds reads) via a crafted TIFF image.","BID:81730 | URL:http://www.securityfocus.com/bid/81730 | CONFIRM:http://bugzilla.maptools.org/show_bug.cgi?id=2522 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html | DEBIAN:DSA-3467 | URL:http://www.debian.org/security/2016/dsa-3467 | GENTOO:GLSA-201701-16 | URL:https://security.gentoo.org/glsa/201701-16 | MLIST:[oss-security] 20160124 CVE Request: tiff: Out-of-bounds write for invalid images using LogL compression | URL:http://www.openwall.com/lists/oss-security/2016/01/24/3 | MLIST:[oss-security] 20160124 Re: CVE Request: tiff: Out-of-bounds write for invalid images using LogL compression | URL:http://www.openwall.com/lists/oss-security/2016/01/24/7 | REDHAT:RHSA-2016:1546 | URL:http://rhn.redhat.com/errata/RHSA-2016-1546.html | REDHAT:RHSA-2016:1547 | URL:http://rhn.redhat.com/errata/RHSA-2016-1547.html | SUSE:openSUSE-SU-2016:0405 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00058.html | SUSE:openSUSE-SU-2016:0414 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00064.html | UBUNTU:USN-2939-1 | URL:http://www.ubuntu.com/usn/USN-2939-1",Assigned (20160124),"None (candidate not yet proposed)","" CVE-2015-8784,Candidate,"The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image, as demonstrated by libtiff5.tif.","BID:81696 | URL:http://www.securityfocus.com/bid/81696 | CONFIRM:http://bugzilla.maptools.org/show_bug.cgi?id=2508 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html | CONFIRM:https://github.com/vadz/libtiff/commit/b18012dae552f85dcc5c57d3bf4e997a15b1cc1c | DEBIAN:DSA-3467 | URL:http://www.debian.org/security/2016/dsa-3467 | GENTOO:GLSA-201701-16 | URL:https://security.gentoo.org/glsa/201701-16 | MLIST:[oss-security] 20160124 CVE Request: tiff: potential out-of-bound write in NeXTDecode() | URL:http://www.openwall.com/lists/oss-security/2016/01/24/4 | MLIST:[oss-security] 20160124 Re: CVE Request: tiff: potential out-of-bound write in NeXTDecode() | URL:http://www.openwall.com/lists/oss-security/2016/01/24/8 | REDHAT:RHSA-2016:1546 | URL:http://rhn.redhat.com/errata/RHSA-2016-1546.html | REDHAT:RHSA-2016:1547 | URL:http://rhn.redhat.com/errata/RHSA-2016-1547.html | UBUNTU:USN-2939-1 | URL:http://www.ubuntu.com/usn/USN-2939-1",Assigned (20160124),"None (candidate not yet proposed)","" CVE-2015-8870,Candidate,"Integer overflow in tools/bmp2tiff.c in LibTIFF before 4.0.4 allows remote attackers to cause a denial of service (heap-based buffer over-read), or possibly obtain sensitive information from process memory, via crafted width and length values in RLE4 or RLE8 data in a BMP file.","BID:94717 | URL:http://www.securityfocus.com/bid/94717 | CONFIRM:http://download.osgeo.org/libtiff/tiff-4.0.4.tar.gz | MISC:http://www.floyd.ch/?p=874BMP | REDHAT:RHSA-2017:0225 | URL:http://rhn.redhat.com/errata/RHSA-2017-0225.html",Assigned (20160502),"None (candidate not yet proposed)","" CVE-2016-0740,Candidate,"Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file.","CONFIRM:https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst | CONFIRM:https://github.com/python-pillow/Pillow/commit/6dcbf5bd96b717c58d7b642949da8d323099928e | DEBIAN:DSA-3499 | URL:http://www.debian.org/security/2016/dsa-3499 | GENTOO:GLSA-201612-52 | URL:https://security.gentoo.org/glsa/201612-52",Assigned (20151216),"None (candidate not yet proposed)","" CVE-2016-10092,Candidate,"Heap-based buffer overflow in the readContigStripsIntoBuffer function in tif_unix.c in LibTIFF 4.0.7, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5 and 4.0.6 allows remote attackers to have unspecified impact via a crafted image.","BID:95218 | URL:http://www.securityfocus.com/bid/95218 | CONFIRM:http://bugzilla.maptools.org/show_bug.cgi?id=2620 | CONFIRM:http://bugzilla.maptools.org/show_bug.cgi?id=2622 | CONFIRM:https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a | DEBIAN:DSA-3762 | URL:http://www.debian.org/security/2017/dsa-3762 | MISC:https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/ | MISC:https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2016-10092 | MLIST:[oss-security] 20170101 Re: Re: libtiff: multiple heap-based buffer overflow | URL:http://www.openwall.com/lists/oss-security/2017/01/01/12 | MLIST:[oss-security] 20170101 Re: libtiff: multiple heap-based buffer overflow | URL:http://www.openwall.com/lists/oss-security/2017/01/01/10",Assigned (20170101),"None (candidate not yet proposed)","" CVE-2016-10093,Candidate,"Integer overflow in tools/tiffcp.c in LibTIFF 4.0.7, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5 and 4.0.6 allows remote attackers to have unspecified impact via a crafted image, which triggers a heap-based buffer overflow.","BID:95215 | URL:http://www.securityfocus.com/bid/95215 | CONFIRM:http://bugzilla.maptools.org/show_bug.cgi?id=2610 | CONFIRM:https://github.com/vadz/libtiff/commit/787c0ee906430b772f33ca50b97b8b5ca070faec | DEBIAN:DSA-3762 | URL:http://www.debian.org/security/2017/dsa-3762 | MISC:https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/ | MISC:https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2016-10093 | MLIST:[oss-security] 20170101 Re: Re: libtiff: multiple heap-based buffer overflow | URL:http://www.openwall.com/lists/oss-security/2017/01/01/12 | MLIST:[oss-security] 20170101 Re: libtiff: multiple heap-based buffer overflow | URL:http://www.openwall.com/lists/oss-security/2017/01/01/10",Assigned (20170101),"None (candidate not yet proposed)","" CVE-2016-10094,Candidate,"Off-by-one error in the t2p_readwrite_pdf_image_tile function in tools/tiff2pdf.c in LibTIFF 4.0.7 allows remote attackers to have unspecified impact via a crafted image.","BID:95214 | URL:http://www.securityfocus.com/bid/95214 | CONFIRM:http://bugzilla.maptools.org/show_bug.cgi?id=2640 | CONFIRM:https://github.com/vadz/libtiff/commit/c7153361a4041260719b340f73f2f76 | DEBIAN:DSA-3762 | URL:http://www.debian.org/security/2017/dsa-3762 | MISC:https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/ | MLIST:[oss-security] 20170101 Re: Re: libtiff: multiple heap-based buffer overflow | URL:http://www.openwall.com/lists/oss-security/2017/01/01/12 | MLIST:[oss-security] 20170101 Re: libtiff: multiple heap-based buffer overflow | URL:http://www.openwall.com/lists/oss-security/2017/01/01/10",Assigned (20170101),"None (candidate not yet proposed)","" CVE-2016-10095,Candidate,"Stack-based buffer overflow in the _TIFFVGetField function in tif_dir.c in LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7 and 4.0.8 allows remote attackers to cause a denial of service (crash) via a crafted TIFF file.","BID:95178 | URL:http://www.securityfocus.com/bid/95178 | CONFIRM:http://bugzilla.maptools.org/show_bug.cgi?id=2625 | DEBIAN:DSA-3903 | URL:http://www.debian.org/security/2017/dsa-3903 | MISC:https://blogs.gentoo.org/ago/2017/01/01/libtiff-stack-based-buffer-overflow-in-_tiffvgetfield-tif_dir-c/ | MLIST:[oss-security] 20170101 Re: libtiff: stack-based buffer overflow in _TIFFVGetField (tif_dir.c) | URL:http://www.openwall.com/lists/oss-security/2017/01/01/11 | MLIST:[oss-security] 20170101 libtiff: stack-based buffer overflow in _TIFFVGetField (tif_dir.c) | URL:http://www.openwall.com/lists/oss-security/2017/01/01/7",Assigned (20170101),"None (candidate not yet proposed)","" CVE-2016-10266,Candidate,"LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_read.c:351:22.","BID:97115 | URL:http://www.securityfocus.com/bid/97115 | DEBIAN:DSA-3844 | URL:http://www.debian.org/security/2017/dsa-3844 | MISC:https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-divide-by-zero | MISC:https://github.com/vadz/libtiff/commit/438274f938e046d33cb0e1230b41da32ffe223e1 | UBUNTU:USN-3602-1 | URL:https://usn.ubuntu.com/3602-1/",Assigned (20170324),"None (candidate not yet proposed)","" CVE-2016-10267,Candidate,"LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_ojpeg.c:816:8.","BID:97117 | URL:http://www.securityfocus.com/bid/97117 | DEBIAN:DSA-3844 | URL:http://www.debian.org/security/2017/dsa-3844 | GENTOO:GLSA-201709-27 | URL:https://security.gentoo.org/glsa/201709-27 | MISC:https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-divide-by-zero | MISC:https://github.com/vadz/libtiff/commit/43bc256d8ae44b92d2734a3c5bc73957a4d7c1ec | UBUNTU:USN-3602-1 | URL:https://usn.ubuntu.com/3602-1/",Assigned (20170324),"None (candidate not yet proposed)","" CVE-2016-10268,Candidate,"tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) or possibly have unspecified other impact via a crafted TIFF image, related to ""READ of size 78490"" and libtiff/tif_unix.c:115:23.","BID:97202 | URL:http://www.securityfocus.com/bid/97202 | GENTOO:GLSA-201709-27 | URL:https://security.gentoo.org/glsa/201709-27 | MISC:https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/ | MISC:https://github.com/vadz/libtiff/commit/5397a417e61258c69209904e652a1f409ec3b9df | UBUNTU:USN-3602-1 | URL:https://usn.ubuntu.com/3602-1/",Assigned (20170324),"None (candidate not yet proposed)","" CVE-2016-10269,Candidate,"LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6 and 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to ""READ of size 512"" and libtiff/tif_unix.c:340:2.","BID:97201 | URL:http://www.securityfocus.com/bid/97201 | DEBIAN:DSA-3844 | URL:http://www.debian.org/security/2017/dsa-3844 | MISC:https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/ | MISC:https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2016-10269 | MISC:https://github.com/vadz/libtiff/commit/1044b43637fa7f70fb19b93593777b78bd20da86 | UBUNTU:USN-3602-1 | URL:https://usn.ubuntu.com/3602-1/",Assigned (20170324),"None (candidate not yet proposed)","" CVE-2016-10270,Candidate,"LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to ""READ of size 8"" and libtiff/tif_read.c:523:22.","BID:97200 | URL:http://www.securityfocus.com/bid/97200 | DEBIAN:DSA-3844 | URL:http://www.debian.org/security/2017/dsa-3844 | MISC:https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/ | MISC:https://github.com/vadz/libtiff/commit/9a72a69e035ee70ff5c41541c8c61cd97990d018",Assigned (20170324),"None (candidate not yet proposed)","" CVE-2016-10271,Candidate,"tools/tiffcrop.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read and buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to ""READ of size 1"" and libtiff/tif_fax3.c:413:13.","BID:97199 | URL:http://www.securityfocus.com/bid/97199 | MISC:https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/ | MISC:https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a",Assigned (20170324),"None (candidate not yet proposed)","" CVE-2016-10272,Candidate,"LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to ""WRITE of size 2048"" and libtiff/tif_next.c:64:9.","BID:97197 | URL:http://www.securityfocus.com/bid/97197 | MISC:https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/ | MISC:https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a",Assigned (20170324),"None (candidate not yet proposed)","" CVE-2016-10371,Candidate,"The TIFFWriteDirectoryTagCheckedRational function in tif_dirwrite.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF file.","CONFIRM:http://bugzilla.maptools.org/show_bug.cgi?id=2535 | CONFIRM:http://bugzilla.maptools.org/show_bug.cgi?id=2612 | UBUNTU:USN-3602-1 | URL:https://usn.ubuntu.com/3602-1/",Assigned (20170509),"None (candidate not yet proposed)","" CVE-2016-3186,Candidate,"Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted GIF file.","CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1319503 | GENTOO:GLSA-201701-16 | URL:https://security.gentoo.org/glsa/201701-16 | REDHAT:RHSA-2019:2053 | URL:https://access.redhat.com/errata/RHSA-2019:2053 | SECTRACK:1035442 | URL:http://www.securitytracker.com/id/1035442 | SUSE:openSUSE-SU-2016:1081 | URL:http://lists.opensuse.org/opensuse-updates/2016-04/msg00064.html | SUSE:openSUSE-SU-2016:1103 | URL:http://lists.opensuse.org/opensuse-updates/2016-04/msg00075.html | UBUNTU:USN-3606-1 | URL:https://usn.ubuntu.com/3606-1/",Assigned (20160315),"None (candidate not yet proposed)","" CVE-2016-3619,Candidate,"The DumpModeEncode function in tif_dumpmode.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the ""-c none"" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image.","BID:85919 | URL:http://www.securityfocus.com/bid/85919 | GENTOO:GLSA-201701-16 | URL:https://security.gentoo.org/glsa/201701-16 | MISC:http://bugzilla.maptools.org/show_bug.cgi?id=2567 | MLIST:[oss-security] 20160407 CVE-2016-3619 libtiff: Out-of-bounds Read in the bmp2tiff tool | URL:http://www.openwall.com/lists/oss-security/2016/04/07/1 | SECTRACK:1035508 | URL:http://www.securitytracker.com/id/1035508",Assigned (20160321),"None (candidate not yet proposed)","" CVE-2016-3620,Candidate,"The ZIPEncode function in tif_zip.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the ""-c zip"" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image.","GENTOO:GLSA-201701-16 | URL:https://security.gentoo.org/glsa/201701-16 | MISC:http://bugzilla.maptools.org/show_bug.cgi?id=2570 | MLIST:[oss-security] 20160407 CVE-2016-3620 libtiff: Out-of-bounds Read in the bmp2tiff tool | URL:http://www.openwall.com/lists/oss-security/2016/04/07/2 | SECTRACK:1035508 | URL:http://www.securitytracker.com/id/1035508",Assigned (20160321),"None (candidate not yet proposed)","" CVE-2016-3621,Candidate,"The LZWEncode function in tif_lzw.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the ""-c lzw"" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image.","GENTOO:GLSA-201701-16 | URL:https://security.gentoo.org/glsa/201701-16 | MISC:http://bugzilla.maptools.org/show_bug.cgi?id=2565 | MLIST:[oss-security] 20160407 CVE-2016-3621 libtiff: Out-of-bounds Read in the bmp2tiff tool | URL:http://www.openwall.com/lists/oss-security/2016/04/07/3 | SECTRACK:1035508 | URL:http://www.securitytracker.com/id/1035508",Assigned (20160321),"None (candidate not yet proposed)","" CVE-2016-3622,Candidate,"The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted TIFF image.","BID:85917 | URL:http://www.securityfocus.com/bid/85917 | DEBIAN:DSA-3762 | URL:http://www.debian.org/security/2017/dsa-3762 | GENTOO:GLSA-201701-16 | URL:https://security.gentoo.org/glsa/201701-16 | MLIST:[oss-security] 20160407 CVE-2016-3622 libtiff: Divide By Zero in the tiff2rgba tool | URL:http://www.openwall.com/lists/oss-security/2016/04/07/4 | SECTRACK:1035508 | URL:http://www.securitytracker.com/id/1035508",Assigned (20160321),"None (candidate not yet proposed)","" CVE-2016-3623,Candidate,"The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero) by setting the (1) v or (2) h parameter to 0.","BID:85952 | URL:http://www.securityfocus.com/bid/85952 | CONFIRM:http://bugzilla.maptools.org/show_bug.cgi?id=2569 | DEBIAN:DSA-3762 | URL:http://www.debian.org/security/2017/dsa-3762 | GENTOO:GLSA-201701-16 | URL:https://security.gentoo.org/glsa/201701-16 | MLIST:[oss-security] 20160408 CVE-2016-3623 libtiff: Divide By Zero in the rgb2ycbcr tool | URL:http://www.openwall.com/lists/oss-security/2016/04/08/3 | SUSE:openSUSE-SU-2016:2275 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00039.html",Assigned (20160321),"None (candidate not yet proposed)","" CVE-2016-3624,Candidate,"The cvtClump function in the rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) by setting the ""-v"" option to -1.","BID:85956 | URL:http://www.securityfocus.com/bid/85956 | DEBIAN:DSA-3762 | URL:http://www.debian.org/security/2017/dsa-3762 | GENTOO:GLSA-201701-16 | URL:https://security.gentoo.org/glsa/201701-16 | MISC:http://bugzilla.maptools.org/show_bug.cgi?id=2568 | MLIST:[oss-security] 20160408 CVE-2016-3624 libtiff: Out-of-bounds Write in the rgb2ycbcr tool | URL:http://www.openwall.com/lists/oss-security/2016/04/08/4",Assigned (20160321),"None (candidate not yet proposed)","" CVE-2016-3625,Candidate,"tif_read.c in the tiff2bw tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image.","GENTOO:GLSA-201701-16 | URL:https://security.gentoo.org/glsa/201701-16 | MISC:http://bugzilla.maptools.org/show_bug.cgi?id=2566 | MLIST:[oss-security] 20160408 CVE-2016-3625 libtiff: Out-of-bounds Read in the tiff2bw tool | URL:http://www.openwall.com/lists/oss-security/2016/04/08/5",Assigned (20160321),"None (candidate not yet proposed)","" CVE-2016-3631,Candidate,"The (1) cpStrips and (2) cpTiles functions in the thumbnail tool in LibTIFF 4.0.6 and earlier allow remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the bytecounts[] array variable.","GENTOO:GLSA-201701-16 | URL:https://security.gentoo.org/glsa/201701-16 | MLIST:[oss-security] 20160408 CVE-2016-3631 - libtiff 4.0.6 illegel read | URL:http://www.openwall.com/lists/oss-security/2016/04/08/10 | SECTRACK:1035508 | URL:http://www.securitytracker.com/id/1035508",Assigned (20160322),"None (candidate not yet proposed)","" CVE-2016-3632,Candidate,"The _TIFFVGetField function in tif_dirinfo.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image.","BID:85953 | URL:http://www.securityfocus.com/bid/85953 | BID:85960 | URL:http://www.securityfocus.com/bid/85960 | CONFIRM:http://bugzilla.maptools.org/show_bug.cgi?id=2549 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1325095 | GENTOO:GLSA-201701-16 | URL:https://security.gentoo.org/glsa/201701-16 | MLIST:[oss-security] 20160408 CVE-2016-3632 - libtiff 4.0.6 illegel write | URL:http://www.openwall.com/lists/oss-security/2016/04/08/9 | REDHAT:RHSA-2016:1546 | URL:http://rhn.redhat.com/errata/RHSA-2016-1546.html | REDHAT:RHSA-2016:1547 | URL:http://rhn.redhat.com/errata/RHSA-2016-1547.html",Assigned (20160322),"None (candidate not yet proposed)","" CVE-2016-3633,Candidate,"The setrow function in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the src variable.","GENTOO:GLSA-201701-16 | URL:https://security.gentoo.org/glsa/201701-16 | MISC:http://bugzilla.maptools.org/show_bug.cgi?id=2548 | MLIST:[oss-security] 20160408 CVE-2016-3633 - libtiff 4.0.6 illegel read | URL:http://www.openwall.com/lists/oss-security/2016/04/08/11",Assigned (20160322),"None (candidate not yet proposed)","" CVE-2016-3634,Candidate,"The tagCompare function in tif_dirinfo.c in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to field_tag matching.","BID:93335 | URL:http://www.securityfocus.com/bid/93335 | GENTOO:GLSA-201701-16 | URL:https://security.gentoo.org/glsa/201701-16 | MISC:http://bugzilla.maptools.org/show_bug.cgi?id=2547 | MLIST:[oss-security] 20160408 CVE-2016-3634 - libtiff illegel read | URL:http://www.openwall.com/lists/oss-security/2016/04/08/13",Assigned (20160322),"None (candidate not yet proposed)","" CVE-2016-3658,Candidate,"The TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving the ma variable.","BID:93331 | URL:http://www.securityfocus.com/bid/93331 | DEBIAN:DSA-3844 | URL:http://www.debian.org/security/2017/dsa-3844 | GENTOO:GLSA-201701-16 | URL:https://security.gentoo.org/glsa/201701-16 | MISC:http://bugzilla.maptools.org/show_bug.cgi?id=2546 | MLIST:[oss-security] 20160408 CVE-2016-3658 - libtiff 4.0.6 illegel read | URL:http://www.openwall.com/lists/oss-security/2016/04/08/12",Assigned (20160324),"None (candidate not yet proposed)","" CVE-2016-3945,Candidate,"Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile functions in the tiff2rgba tool in LibTIFF 4.0.6 and earlier, when -b mode is enabled, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image, which triggers an out-of-bounds write.","BID:85960 | URL:http://www.securityfocus.com/bid/85960 | CONFIRM:http://bugzilla.maptools.org/show_bug.cgi?id=2545 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1325093 | DEBIAN:DSA-3762 | URL:http://www.debian.org/security/2017/dsa-3762 | GENTOO:GLSA-201701-16 | URL:https://security.gentoo.org/glsa/201701-16 | MLIST:[oss-security] 20160408 CVE-2016-3945 libtiff: Out-of-bounds Write in the tiff2rgba tool | URL:http://www.openwall.com/lists/oss-security/2016/04/08/6 | REDHAT:RHSA-2016:1546 | URL:http://rhn.redhat.com/errata/RHSA-2016-1546.html | REDHAT:RHSA-2016:1547 | URL:http://rhn.redhat.com/errata/RHSA-2016-1547.html | SUSE:openSUSE-SU-2016:2275 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00039.html",Assigned (20160401),"None (candidate not yet proposed)","" CVE-2016-3990,Candidate,"Heap-based buffer overflow in the horizontalDifference8 function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image to tiffcp.","BID:86000 | URL:http://www.securityfocus.com/bid/86000 | CONFIRM:http://bugzilla.maptools.org/show_bug.cgi?id=2544 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1326246 | DEBIAN:DSA-3762 | URL:http://www.debian.org/security/2017/dsa-3762 | GENTOO:GLSA-201701-16 | URL:https://security.gentoo.org/glsa/201701-16 | MLIST:[oss-security] 20160412 CVE-2016-3990 : out-of-bounds write in horizontalDifference8() in tiffcp tool | URL:http://www.openwall.com/lists/oss-security/2016/04/12/2 | REDHAT:RHSA-2016:1546 | URL:http://rhn.redhat.com/errata/RHSA-2016-1546.html | REDHAT:RHSA-2016:1547 | URL:http://rhn.redhat.com/errata/RHSA-2016-1547.html | SUSE:openSUSE-SU-2016:2275 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00039.html",Assigned (20160408),"None (candidate not yet proposed)","" CVE-2016-3991,Candidate,"Heap-based buffer overflow in the loadImage function in the tiffcrop tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image with zero tiles.","BID:85996 | URL:http://www.securityfocus.com/bid/85996 | CONFIRM:http://bugzilla.maptools.org/show_bug.cgi?id=2543 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1326249 | DEBIAN:DSA-3762 | URL:http://www.debian.org/security/2017/dsa-3762 | GENTOO:GLSA-201701-16 | URL:https://security.gentoo.org/glsa/201701-16 | MLIST:[oss-security] 20160412 CVE-2016-3991 : out-of-bounds write in loadImage() in tiffcrop tool | URL:http://www.openwall.com/lists/oss-security/2016/04/12/3 | REDHAT:RHSA-2016:1546 | URL:http://rhn.redhat.com/errata/RHSA-2016-1546.html | REDHAT:RHSA-2016:1547 | URL:http://rhn.redhat.com/errata/RHSA-2016-1547.html | SUSE:openSUSE-SU-2016:2275 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00039.html",Assigned (20160408),"None (candidate not yet proposed)","" CVE-2016-5102,Candidate,"Buffer overflow in the readgifimage function in gif2tiff.c in the gif2tiff tool in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (segmentation fault) via a crafted gif file.","BID:96049 | URL:http://www.securityfocus.com/bid/96049 | CONFIRM:http://bugzilla.maptools.org/show_bug.cgi?id=2552 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1343407 | GENTOO:GLSA-201701-16 | URL:https://security.gentoo.org/glsa/201701-16 | UBUNTU:USN-3606-1 | URL:https://usn.ubuntu.com/3606-1/",Assigned (20160526),"None (candidate not yet proposed)","" CVE-2016-5314,Candidate,"Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr.","BID:91195 | URL:http://www.securityfocus.com/bid/91195 | BID:91245 | URL:http://www.securityfocus.com/bid/91245 | CONFIRM:http://bugzilla.maptools.org/show_bug.cgi?id=2554 | CONFIRM:http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1346687 | CONFIRM:https://github.com/vadz/libtiff/commit/391e77fcd217e78b2c51342ac3ddb7100ecacdd2 | DEBIAN:DSA-3762 | URL:https://www.debian.org/security/2017/dsa-3762 | GENTOO:GLSA-201701-16 | URL:https://security.gentoo.org/glsa/201701-16 | MLIST:[oss-security] 20160615 CVE-2016-5314: libtiff 4.0.6 PixarLogDecode() out-of-bound writes | URL:http://www.openwall.com/lists/oss-security/2016/06/15/1 | MLIST:[oss-security] 20160615 CVE-2016-5320: libtiff 4.0.6 rgb2ycbcr: command excution | URL:http://www.openwall.com/lists/oss-security/2016/06/15/9 | MLIST:[oss-security] 20160630 Re: Re: CVE request: Heap-based buffer overflow in LibTIFF when using the PixarLog compression format | URL:http://www.openwall.com/lists/oss-security/2016/06/30/3 | SUSE:openSUSE-SU-2016:1889 | URL:http://lists.opensuse.org/opensuse-updates/2016-07/msg00087.html | SUSE:openSUSE-SU-2016:2321 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00060.html | SUSE:openSUSE-SU-2016:2375 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00090.html | SUSE:openSUSE-SU-2016:3035 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00017.html",Assigned (20160606),"None (candidate not yet proposed)","" CVE-2016-5315,Candidate,"The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image.","BID:91204 | URL:http://www.securityfocus.com/bid/91204 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1346694 | DEBIAN:DSA-3762 | URL:http://www.debian.org/security/2017/dsa-3762 | GENTOO:GLSA-201701-16 | URL:https://security.gentoo.org/glsa/201701-16 | MLIST:[oss-security] 20160615 CVE-2016-5315: libtiff 4.0.6 tif_dir.c: setByteArray() Read access violation | URL:http://www.openwall.com/lists/oss-security/2016/06/15/2",Assigned (20160606),"None (candidate not yet proposed)","" CVE-2016-5316,Candidate,"Out-of-bounds read in the PixarLogCleanup function in tif_pixarlog.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application by sending a crafted TIFF image to the rgb2ycbcr tool.","BID:91203 | URL:http://www.securityfocus.com/bid/91203 | DEBIAN:DSA-3762 | URL:http://www.debian.org/security/2017/dsa-3762 | GENTOO:GLSA-201701-16 | URL:https://security.gentoo.org/glsa/201701-16 | MLIST:[oss-security] 20160615 CVE-2016-5316: libtiff 4.0.6 tif_pixarlog.c: PixarLogCleanup() Segmentation fault | URL:http://www.openwall.com/lists/oss-security/2016/06/15/3 | SUSE:openSUSE-SU-2016:1889 | URL:http://lists.opensuse.org/opensuse-updates/2016-07/msg00087.html | SUSE:openSUSE-SU-2016:2321 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00060.html | SUSE:openSUSE-SU-2016:2375 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00090.html",Assigned (20160606),"None (candidate not yet proposed)","" CVE-2016-5317,Candidate,"Buffer overflow in the PixarLogDecode function in libtiff.so in the PixarLogDecode function in libtiff 4.0.6 and earlier, as used in GNOME nautilus, allows attackers to cause a denial of service attack (crash) via a crafted TIFF file.","BID:91208 | URL:http://www.securityfocus.com/bid/91208 | DEBIAN:DSA-3762 | URL:http://www.debian.org/security/2017/dsa-3762 | GENTOO:GLSA-201701-16 | URL:https://security.gentoo.org/glsa/201701-16 | MLIST:[oss-security] 20160614 CVE-2016-5317: GNOME nautilus: crash occurs when generating a thumbnail for a crafted TIFF image | URL:http://www.openwall.com/lists/oss-security/2016/06/15/10 | MLIST:[oss-security] 20160615 CVE-2016-5317: GNOME nautilus: crash occurs when generating a thumbnail for a crafted TIFF image | URL:http://www.openwall.com/lists/oss-security/2016/06/15/5 | SUSE:openSUSE-SU-2016:1889 | URL:http://lists.opensuse.org/opensuse-updates/2016-07/msg00087.html | SUSE:openSUSE-SU-2016:2321 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00060.html | SUSE:openSUSE-SU-2016:2375 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00090.html",Assigned (20160606),"None (candidate not yet proposed)","" CVE-2016-5318,Candidate,"Stack-based buffer overflow in the _TIFFVGetField function in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted tiff.","BID:88604 | URL:http://www.securityfocus.com/bid/88604 | GENTOO:GLSA-201701-16 | URL:https://security.gentoo.org/glsa/201701-16 | MLIST:[oss-security] 20160427 3 bugs refer to buffer overflow in in libtiff 4.0.6 | URL:http://www.openwall.com/lists/oss-security/2016/04/27/6 | MLIST:[oss-security] 20160606 3 bugs refer to buffer overflow in in libtiff 4.0.6 | URL:http://www.openwall.com/lists/oss-security/2016/06/07/1 | UBUNTU:USN-3606-1 | URL:https://usn.ubuntu.com/3606-1/",Assigned (20160606),"None (candidate not yet proposed)","" CVE-2016-5319,Candidate,"Heap-based buffer overflow in tif_packbits.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted bmp file.","BID:88604 | URL:http://www.securityfocus.com/bid/88604 | GENTOO:GLSA-201701-16 | URL:https://security.gentoo.org/glsa/201701-16 | MLIST:[oss-security] 20160427 3 bugs refer to buffer overflow in in libtiff 4.0.6 | URL:http://www.openwall.com/lists/oss-security/2016/04/27/6 | MLIST:[oss-security] 20160606 3 bugs refer to buffer overflow in in libtiff 4.0.6 | URL:http://www.openwall.com/lists/oss-security/2016/06/07/1",Assigned (20160606),"None (candidate not yet proposed)","" CVE-2016-5321,Candidate,"The DumpModeDecode function in libtiff 4.0.6 and earlier allows attackers to cause a denial of service (invalid read and crash) via a crafted tiff image.","BID:91209 | URL:http://www.securityfocus.com/bid/91209 | DEBIAN:DSA-3762 | URL:http://www.debian.org/security/2017/dsa-3762 | GENTOO:GLSA-201701-16 | URL:https://security.gentoo.org/glsa/201701-16 | SUSE:openSUSE-SU-2016:3035 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00017.html",Assigned (20160606),"None (candidate not yet proposed)","" CVE-2016-5322,Candidate,"The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image.","BID:91204 | URL:http://www.securityfocus.com/bid/91204 | BID:91205 | URL:http://www.securityfocus.com/bid/91205 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1346694 | DEBIAN:DSA-3762 | URL:http://www.debian.org/security/2017/dsa-3762 | GENTOO:GLSA-201701-16 | URL:https://security.gentoo.org/glsa/201701-16 | MLIST:[oss-security] 20160615 CVE-2016-5315: libtiff 4.0.6 tif_dir.c: setByteArray() Read access violation | URL:http://www.openwall.com/lists/oss-security/2016/06/15/2",Assigned (20160606),"None (candidate not yet proposed)","" CVE-2016-5323,Candidate,"The _TIFFFax3fillruns function in libtiff before 4.0.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted Tiff image.","BID:91196 | URL:http://www.securityfocus.com/bid/91196 | DEBIAN:DSA-3762 | URL:http://www.debian.org/security/2017/dsa-3762 | GENTOO:GLSA-201701-16 | URL:https://security.gentoo.org/glsa/201701-16 | MLIST:[oss-security] 20160615 CVE-2016-5323: libtiff 4.0.6 tiffcrop _TIFFFax3fillruns(): divide by zero | URL:http://www.openwall.com/lists/oss-security/2016/06/15/6 | SUSE:openSUSE-SU-2016:3035 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00017.html",Assigned (20160606),"None (candidate not yet proposed)","" CVE-2016-5652,Candidate,"An exploitable heap-based buffer overflow exists in the handling of TIFF images in LibTIFF's TIFF2PDF tool. A crafted TIFF document can lead to a heap-based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved TIFF file delivered by other means.","BID:93902 | URL:http://www.securityfocus.com/bid/93902 | DEBIAN:DSA-3762 | URL:http://www.debian.org/security/2017/dsa-3762 | GENTOO:GLSA-201701-16 | URL:https://security.gentoo.org/glsa/201701-16 | MISC:http://www.talosintelligence.com/reports/TALOS-2016-0187/ | REDHAT:RHSA-2017:0225 | URL:http://rhn.redhat.com/errata/RHSA-2017-0225.html",Assigned (20160616),"None (candidate not yet proposed)","" CVE-2016-6223,Candidate,"The TIFFReadRawStrip1 and TIFFReadRawTile1 functions in tif_read.c in libtiff before 4.0.7 allows remote attackers to cause a denial of service (crash) or possibly obtain sensitive information via a negative index in a file-content buffer.","BID:91741 | URL:http://www.securityfocus.com/bid/91741 | CONFIRM:http://libtiff.maptools.org/v4.0.7.html | DEBIAN:DSA-3762 | URL:http://www.debian.org/security/2017/dsa-3762 | GENTOO:GLSA-201701-16 | URL:https://security.gentoo.org/glsa/201701-16 | MLIST:[oss-security] 20160713 CVE request: Information leak in LibTIFF | URL:http://www.openwall.com/lists/oss-security/2016/07/13/3 | MLIST:[oss-security] 20160714 Re: CVE request: Information leak in LibTIFF | URL:http://www.openwall.com/lists/oss-security/2016/07/14/4",Assigned (20160714),"None (candidate not yet proposed)","" CVE-2016-8331,Candidate,"An exploitable remote code execution vulnerability exists in the handling of TIFF images in LibTIFF version 4.0.6. A crafted TIFF document can lead to a type confusion vulnerability resulting in remote code execution. This vulnerability can be triggered via a TIFF file delivered to the application using LibTIFF's tag extension functionality.","BID:93898 | URL:http://www.securityfocus.com/bid/93898 | GENTOO:GLSA-201701-16 | URL:https://security.gentoo.org/glsa/201701-16 | MISC:http://www.talosintelligence.com/reports/TALOS-2016-0190/",Assigned (20160928),"None (candidate not yet proposed)","" CVE-2016-9273,Candidate,"tiffsplit in libtiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file, related to changing td_nstrips in TIFF_STRIPCHOP mode.","BID:94271 | URL:http://www.securityfocus.com/bid/94271 | CONFIRM:http://bugzilla.maptools.org/show_bug.cgi?id=2587 | DEBIAN:DSA-3762 | URL:http://www.debian.org/security/2017/dsa-3762 | GENTOO:GLSA-201701-16 | URL:https://security.gentoo.org/glsa/201701-16 | MLIST:[oss-security] 20161109 CVE Request: libtiff: heap buffer overflow/read outside of array | URL:http://www.openwall.com/lists/oss-security/2016/11/09/20 | MLIST:[oss-security] 20161111 Re: CVE Request: libtiff: heap buffer overflow/read outside of array | URL:http://www.openwall.com/lists/oss-security/2016/11/11/6",Assigned (20161111),"None (candidate not yet proposed)","" CVE-2016-9297,Candidate,"The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII tag values.","BID:94419 | URL:http://www.securityfocus.com/bid/94419 | CONFIRM:http://bugzilla.maptools.org/show_bug.cgi?id=2590 | DEBIAN:DSA-3762 | URL:http://www.debian.org/security/2017/dsa-3762 | GENTOO:GLSA-201701-16 | URL:https://security.gentoo.org/glsa/201701-16 | MLIST:[oss-security] 20161111 CVE Request: libtiff: read outside buffer in _TIFFPrintField() | URL:http://www.openwall.com/lists/oss-security/2016/11/12/2 | MLIST:[oss-security] 20161114 Re: CVE Request: libtiff: read outside buffer in _TIFFPrintField() | URL:http://www.openwall.com/lists/oss-security/2016/11/14/7",Assigned (20161114),"None (candidate not yet proposed)","" CVE-2016-9448,Candidate,"The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by setting the tags TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII to values that access 0-byte arrays. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9297.","BID:94420 | URL:http://www.securityfocus.com/bid/94420 | DEBIAN:DSA-3762 | URL:http://www.debian.org/security/2017/dsa-3762 | GENTOO:GLSA-201701-16 | URL:https://security.gentoo.org/glsa/201701-16 | MISC:http://bugzilla.maptools.org/show_bug.cgi?id=2593 | MLIST:[oss-security] 20161118 Re: CVE-2016-9297 LibTIFF regression | URL:http://www.openwall.com/lists/oss-security/2016/11/18/15 | SUSE:openSUSE-SU-2016:3035 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00017.html",Assigned (20161118),"None (candidate not yet proposed)","" CVE-2016-9453,Candidate,"The t2p_readwrite_pdf_image_tile function in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a JPEG file with a TIFFTAG_JPEGTABLES of length one.","BID:94406 | URL:http://www.securityfocus.com/bid/94406 | CONFIRM:http://bugzilla.maptools.org/show_bug.cgi?id=2579 | DEBIAN:DSA-3762 | URL:http://www.debian.org/security/2017/dsa-3762 | GENTOO:GLSA-201701-16 | URL:https://security.gentoo.org/glsa/201701-16 | MLIST:[oss-security] 20161118 Re: CVE Request: libtiff: Out-of-bounds Write memcpy and less bound check in tiff2pdf | URL:http://www.openwall.com/lists/oss-security/2016/11/19/1 | SUSE:openSUSE-SU-2016:3035 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00017.html",Assigned (20161118),"None (candidate not yet proposed)","" CVE-2016-9532,Candidate,"Integer overflow in the writeBufferToSeparateStrips function in tiffcrop.c in LibTIFF before 4.0.7 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tif file.","BID:94424 | URL:http://www.securityfocus.com/bid/94424 | CONFIRM:http://bugzilla.maptools.org/show_bug.cgi?id=2592 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1397726 | DEBIAN:DSA-3762 | URL:http://www.debian.org/security/2017/dsa-3762 | GENTOO:GLSA-201701-16 | URL:https://security.gentoo.org/glsa/201701-16 | MLIST:[oss-security] 20161111 CVE request: LibTIFF tiffcrop: Heap buffer overflow via writeBufferToSeparateStrips | URL:http://www.openwall.com/lists/oss-security/2016/11/11/14 | MLIST:[oss-security] 20161121 Re: CVE request: LibTIFF tiffcrop: Heap buffer overflow via writeBufferToSeparateStrips | URL:http://www.openwall.com/lists/oss-security/2016/11/21/1 | MLIST:[oss-security] 20161121 Re: CVE request: LibTIFF tiffcrop: Heap buffer overflow via writeBufferToSeparateStrips | URL:http://www.openwall.com/lists/oss-security/2016/11/22/1",Assigned (20161121),"None (candidate not yet proposed)","" CVE-2016-9533,Candidate,"tif_pixarlog.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers. Reported as MSVR 35094, aka ""PixarLog horizontalDifference heap-buffer-overflow.""","BID:94484 | URL:http://www.securityfocus.com/bid/94484 | BID:94742 | URL:http://www.securityfocus.com/bid/94742 | CONFIRM:https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-bdc795f6afeb9558c1012b3cfae729ef | DEBIAN:DSA-3762 | URL:http://www.debian.org/security/2017/dsa-3762 | REDHAT:RHSA-2017:0225 | URL:http://rhn.redhat.com/errata/RHSA-2017-0225.html",Assigned (20161121),"None (candidate not yet proposed)","" CVE-2016-9534,Candidate,"tif_write.c in libtiff 4.0.6 has an issue in the error code path of TIFFFlushData1() that didn't reset the tif_rawcc and tif_rawcp members. Reported as MSVR 35095, aka ""TIFFFlushData1 heap-buffer-overflow.""","BID:94484 | URL:http://www.securityfocus.com/bid/94484 | BID:94743 | URL:http://www.securityfocus.com/bid/94743 | CONFIRM:https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-5be5ce02d0dea67050d5b2a10102d1ba | DEBIAN:DSA-3762 | URL:http://www.debian.org/security/2017/dsa-3762 | REDHAT:RHSA-2017:0225 | URL:http://rhn.redhat.com/errata/RHSA-2017-0225.html",Assigned (20161121),"None (candidate not yet proposed)","" CVE-2016-9535,Candidate,"tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka ""Predictor heap-buffer-overflow.""","BID:94484 | URL:http://www.securityfocus.com/bid/94484 | BID:94744 | URL:http://www.securityfocus.com/bid/94744 | CONFIRM:https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1 | CONFIRM:https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33 | DEBIAN:DSA-3844 | URL:http://www.debian.org/security/2017/dsa-3844 | REDHAT:RHSA-2017:0225 | URL:http://rhn.redhat.com/errata/RHSA-2017-0225.html",Assigned (20161121),"None (candidate not yet proposed)","" CVE-2016-9536,Candidate,"tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers in t2p_process_jpeg_strip(). Reported as MSVR 35098, aka ""t2p_process_jpeg_strip heap-buffer-overflow.""","BID:94484 | URL:http://www.securityfocus.com/bid/94484 | BID:94745 | URL:http://www.securityfocus.com/bid/94745 | CONFIRM:https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-5173a9b3b48146e4fd86d7b9b346115e | DEBIAN:DSA-3762 | URL:http://www.debian.org/security/2017/dsa-3762 | REDHAT:RHSA-2017:0225 | URL:http://rhn.redhat.com/errata/RHSA-2017-0225.html",Assigned (20161121),"None (candidate not yet proposed)","" CVE-2016-9537,Candidate,"tools/tiffcrop.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in buffers. Reported as MSVR 35093, MSVR 35096, and MSVR 35097.","BID:94484 | URL:http://www.securityfocus.com/bid/94484 | BID:94746 | URL:http://www.securityfocus.com/bid/94746 | CONFIRM:https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-c8b4b355f9b5c06d585b23138e1c185f | DEBIAN:DSA-3762 | URL:http://www.debian.org/security/2017/dsa-3762 | REDHAT:RHSA-2017:0225 | URL:http://rhn.redhat.com/errata/RHSA-2017-0225.html",Assigned (20161121),"None (candidate not yet proposed)","" CVE-2016-9538,Candidate,"tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readContigStripsIntoBuffer() because of a uint16 integer overflow. Reported as MSVR 35100.","BID:94484 | URL:http://www.securityfocus.com/bid/94484 | BID:94753 | URL:http://www.securityfocus.com/bid/94753 | CONFIRM:https://github.com/vadz/libtiff/commit/43c0b81a818640429317c80fea1e66771e85024b#diff-c8b4b355f9b5c06d585b23138e1c185f | DEBIAN:DSA-3762 | URL:http://www.debian.org/security/2017/dsa-3762",Assigned (20161121),"None (candidate not yet proposed)","" CVE-2016-9539,Candidate,"tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in readContigTilesIntoBuffer(). Reported as MSVR 35092.","BID:94484 | URL:http://www.securityfocus.com/bid/94484 | BID:94754 | URL:http://www.securityfocus.com/bid/94754 | CONFIRM:https://github.com/vadz/libtiff/commit/ae9365db1b271b62b35ce018eac8799b1d5e8a53",Assigned (20161121),"None (candidate not yet proposed)","" CVE-2016-9540,Candidate,"tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled images with odd tile width versus image width. Reported as MSVR 35103, aka ""cpStripToTile heap-buffer-overflow.""","BID:94484 | URL:http://www.securityfocus.com/bid/94484 | BID:94747 | URL:http://www.securityfocus.com/bid/94747 | CONFIRM:https://github.com/vadz/libtiff/commit/5ad9d8016fbb60109302d558f7edb2cb2a3bb8e3 | DEBIAN:DSA-3762 | URL:http://www.debian.org/security/2017/dsa-3762 | REDHAT:RHSA-2017:0225 | URL:http://rhn.redhat.com/errata/RHSA-2017-0225.html",Assigned (20161121),"None (candidate not yet proposed)","" CVE-2017-10688,Candidate,"In LibTIFF 4.0.8, there is a assertion abort in the TIFFWriteDirectoryTagCheckedLong8Array function in tif_dirwrite.c. A crafted input will lead to a remote denial of service attack.","BID:99359 | URL:http://www.securityfocus.com/bid/99359 | DEBIAN:DSA-3903 | URL:http://www.debian.org/security/2017/dsa-3903 | EXPLOIT-DB:42299 | URL:https://www.exploit-db.com/exploits/42299/ | MISC:http://bugzilla.maptools.org/show_bug.cgi?id=2712 | UBUNTU:USN-3602-1 | URL:https://usn.ubuntu.com/3602-1/",Assigned (20170629),"None (candidate not yet proposed)","" CVE-2017-11335,Candidate,"There is a heap based buffer overflow in tools/tiff2pdf.c of LibTIFF 4.0.8 via a PlanarConfig=Contig image, which causes a more than one hundred bytes out-of-bounds write (related to the ZIPDecode function in tif_zip.c). A crafted input may lead to a remote denial of service attack or an arbitrary code execution attack.","DEBIAN:DSA-4100 | URL:https://www.debian.org/security/2018/dsa-4100 | MISC:http://bugzilla.maptools.org/show_bug.cgi?id=2715 | UBUNTU:USN-3602-1 | URL:https://usn.ubuntu.com/3602-1/",Assigned (20170715),"None (candidate not yet proposed)","" CVE-2017-11613,Candidate,"In LibTIFF 4.0.8, there is a denial of service vulnerability in the TIFFOpen function. A crafted input will lead to a denial of service attack. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In the ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is called based on td_imagelength. If we set the value of td_imagelength close to the amount of system memory, it will hang the system or trigger the OOM killer.","BID:99977 | URL:http://www.securityfocus.com/bid/99977 | DEBIAN:DSA-4349 | URL:https://www.debian.org/security/2018/dsa-4349 | MISC:https://gist.github.com/dazhouzhou/1a3b7400547f23fe316db303ab9b604f | MLIST:[debian-lts-announce] 20180531 [SECURITY] [DLA 1391-1] tiff security update | URL:https://lists.debian.org/debian-lts-announce/2018/05/msg00022.html | MLIST:[debian-lts-announce] 20180702 [SECURITY] [DLA 1411-1] tiff security update | URL:https://lists.debian.org/debian-lts-announce/2018/07/msg00002.html | UBUNTU:USN-3606-1 | URL:https://usn.ubuntu.com/3606-1/",Assigned (20170725),"None (candidate not yet proposed)","" CVE-2017-12944,Candidate,"The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mishandles memory allocation for short files, which allows remote attackers to cause a denial of service (allocation failure and application crash) in the TIFFFetchStripThing function in tif_dirread.c during a tiff2pdf invocation.","CONFIRM:http://bugzilla.maptools.org/show_bug.cgi?id=2725 | DEBIAN:DSA-4100 | URL:https://www.debian.org/security/2018/dsa-4100 | UBUNTU:USN-3602-1 | URL:https://usn.ubuntu.com/3602-1/ | UBUNTU:USN-3606-1 | URL:https://usn.ubuntu.com/3606-1/",Assigned (20170818),"None (candidate not yet proposed)","" CVE-2017-13726,Candidate,"There is a reachable assertion abort in the function TIFFWriteDirectorySec() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack.","BID:100524 | URL:http://www.securityfocus.com/bid/100524 | DEBIAN:DSA-4100 | URL:https://www.debian.org/security/2018/dsa-4100 | MISC:http://bugzilla.maptools.org/show_bug.cgi?id=2727 | UBUNTU:USN-3602-1 | URL:https://usn.ubuntu.com/3602-1/",Assigned (20170829),"None (candidate not yet proposed)","" CVE-2017-13727,Candidate,"There is a reachable assertion abort in the function TIFFWriteDirectoryTagSubifd() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack.","BID:100524 | URL:http://www.securityfocus.com/bid/100524 | DEBIAN:DSA-4100 | URL:https://www.debian.org/security/2018/dsa-4100 | MISC:http://bugzilla.maptools.org/show_bug.cgi?id=2728 | UBUNTU:USN-3602-1 | URL:https://usn.ubuntu.com/3602-1/",Assigned (20170829),"None (candidate not yet proposed)","" CVE-2017-14528,Candidate,"The TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has incorrect expectations about whether LibTIFF TIFFGetField return values imply that data validation has occurred, which allows remote attackers to cause a denial of service (use-after-free after an invalid call to TIFFSetField, and application crash) via a crafted file.","BID:100875 | URL:http://www.securityfocus.com/bid/100875 | MISC:http://bugzilla.maptools.org/show_bug.cgi?id=2730 | MISC:https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32560 | MLIST:[debian-lts-announce] 20210112 [SECURITY] [DLA 2523-1] imagemagick security update | URL:https://lists.debian.org/debian-lts-announce/2021/01/msg00010.html",Assigned (20170917),"None (candidate not yet proposed)","" CVE-2017-16232,Candidate,"** DISPUTED ** LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue.","MISC:http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00036.html | MISC:http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00041.html | MISC:http://packetstormsecurity.com/files/150896/LibTIFF-4.0.8-Memory-Leak.html | MISC:http://seclists.org/fulldisclosure/2018/Dec/32 | MISC:http://seclists.org/fulldisclosure/2018/Dec/47 | MISC:http://www.openwall.com/lists/oss-security/2017/11/01/11 | MISC:http://www.openwall.com/lists/oss-security/2017/11/01/3 | MISC:http://www.openwall.com/lists/oss-security/2017/11/01/7 | MISC:http://www.openwall.com/lists/oss-security/2017/11/01/8 | MISC:http://www.securityfocus.com/bid/101696",Assigned (20171030),"None (candidate not yet proposed)","" CVE-2017-17095,Candidate,"tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file.","BID:102124 | URL:http://www.securityfocus.com/bid/102124 | DEBIAN:DSA-4349 | URL:https://www.debian.org/security/2018/dsa-4349 | EXPLOIT-DB:43322 | URL:https://www.exploit-db.com/exploits/43322/ | GENTOO:GLSA-202003-25 | URL:https://security.gentoo.org/glsa/202003-25 | MISC:http://bugzilla.maptools.org/show_bug.cgi?id=2750 | MISC:http://www.openwall.com/lists/oss-security/2017/11/30/3 | MLIST:[debian-lts-announce] 20191126 [SECURITY] [DLA 2009-1] tiff security update | URL:https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html | UBUNTU:USN-3606-1 | URL:https://usn.ubuntu.com/3606-1/",Assigned (20171202),"None (candidate not yet proposed)","" CVE-2017-17942,Candidate,"In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function PackBitsEncode in tif_packbits.c.","BID:102312 | URL:http://www.securityfocus.com/bid/102312 | MISC:http://bugzilla.maptools.org/show_bug.cgi?id=2767",Assigned (20171228),"None (candidate not yet proposed)","" CVE-2017-17973,Candidate,"** DISPUTED ** In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-party report of inability to reproduce this issue.","BID:102331 | URL:http://www.securityfocus.com/bid/102331 | MISC:http://bugzilla.maptools.org/show_bug.cgi?id=2769 | MISC:https://bugzilla.novell.com/show_bug.cgi?id=1074318 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1530912",Assigned (20171229),"None (candidate not yet proposed)","" CVE-2017-18013,Candidate,"In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash.","BID:102345 | URL:http://www.securityfocus.com/bid/102345 | CONFIRM:http://bugzilla.maptools.org/show_bug.cgi?id=2770 | CONFIRM:https://gitlab.com/libtiff/libtiff/commit/c6f41df7b581402dfba3c19a1e3df4454c551a01 | DEBIAN:DSA-4100 | URL:https://www.debian.org/security/2018/dsa-4100 | MLIST:[debian-lts-announce] 20180127 [SECURITY] [DLA 1259-1] tiff security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00033.html | MLIST:[debian-lts-announce] 20180127 [SECURITY] [DLA 1260-1] tiff3 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00034.html | UBUNTU:USN-3602-1 | URL:https://usn.ubuntu.com/3602-1/ | UBUNTU:USN-3606-1 | URL:https://usn.ubuntu.com/3606-1/",Assigned (20180101),"None (candidate not yet proposed)","" CVE-2017-5225,Candidate,"LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code execution via a crafted BitsPerSample value.","BID:95413 | URL:http://www.securityfocus.com/bid/95413 | CONFIRM:http://bugzilla.maptools.org/show_bug.cgi?id=2656 | CONFIRM:http://bugzilla.maptools.org/show_bug.cgi?id=2657 | CONFIRM:https://github.com/vadz/libtiff/commit/5c080298d59efa53264d7248bbe3a04660db6ef7 | DEBIAN:DSA-3844 | URL:http://www.debian.org/security/2017/dsa-3844 | GENTOO:GLSA-201709-27 | URL:https://security.gentoo.org/glsa/201709-27 | SECTRACK:1037911 | URL:http://www.securitytracker.com/id/1037911",Assigned (20170109),"None (candidate not yet proposed)","" CVE-2017-5563,Candidate,"LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in DoS or code execution via a crafted bmp image to tools/bmp2tiff.","BID:95705 | URL:http://www.securityfocus.com/bid/95705 | GENTOO:GLSA-201709-27 | URL:https://security.gentoo.org/glsa/201709-27 | MISC:http://bugzilla.maptools.org/show_bug.cgi?id=2664 | UBUNTU:USN-3606-1 | URL:https://usn.ubuntu.com/3606-1/",Assigned (20170122),"None (candidate not yet proposed)","" CVE-2017-5849,Candidate,"tiffttopnm in netpbm 10.47.63 does not properly use the libtiff TIFFRGBAImageGet function, which allows remote attackers to cause a denial of service (out-of-bounds read and write) via a crafted tiff image file, related to transposing width and height values.","BID:96011 | URL:http://www.securityfocus.com/bid/96011 | FEDORA:FEDORA-2017-1855c8af2c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LDK3BDMKIQL2NQ3SJZXPBEN2LSOUSSEE/ | FEDORA:FEDORA-2017-fa4e441e03 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AF42A624FXVY3BYBHMAO6F2X7EJYHQE2/ | MISC:http://bugzilla.maptools.org/show_bug.cgi?id=2654 | MISC:http://bugzilla.maptools.org/show_bug.cgi?id=2655 | MLIST:[oss-security] 20170202 Re: CVE request: Out-of-Bound read and write issues in put1bitbwtile()(tiff-4.0.7/libtiff/tif-getimage.c:1352) and putgreytile()(tiff-4.0.7/libtiff/tif-getimage.c:1288) | URL:http://www.openwall.com/lists/oss-security/2017/02/02/2",Assigned (20170201),"None (candidate not yet proposed)","" CVE-2017-7592,Candidate,"The putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.","BID:97510 | URL:http://www.securityfocus.com/bid/97510 | DEBIAN:DSA-3844 | URL:http://www.debian.org/security/2017/dsa-3844 | GENTOO:GLSA-201709-27 | URL:https://security.gentoo.org/glsa/201709-27 | MISC:http://bugzilla.maptools.org/show_bug.cgi?id=2658 | UBUNTU:USN-3602-1 | URL:https://usn.ubuntu.com/3602-1/",Assigned (20170409),"None (candidate not yet proposed)","" CVE-2017-7593,Candidate,"tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image.","BID:97502 | URL:http://www.securityfocus.com/bid/97502 | DEBIAN:DSA-3844 | URL:http://www.debian.org/security/2017/dsa-3844 | GENTOO:GLSA-201709-27 | URL:https://security.gentoo.org/glsa/201709-27 | MISC:http://bugzilla.maptools.org/show_bug.cgi?id=2651 | UBUNTU:USN-3602-1 | URL:https://usn.ubuntu.com/3602-1/",Assigned (20170409),"None (candidate not yet proposed)","" CVE-2017-7594,Candidate,"The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (memory leak) via a crafted image.","BID:97503 | URL:http://www.securityfocus.com/bid/97503 | DEBIAN:DSA-3844 | URL:http://www.debian.org/security/2017/dsa-3844 | GENTOO:GLSA-201709-27 | URL:https://security.gentoo.org/glsa/201709-27 | MISC:http://bugzilla.maptools.org/show_bug.cgi?id=2659 | UBUNTU:USN-3602-1 | URL:https://usn.ubuntu.com/3602-1/",Assigned (20170409),"None (candidate not yet proposed)","" CVE-2017-7595,Candidate,"The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.","BID:97501 | URL:http://www.securityfocus.com/bid/97501 | DEBIAN:DSA-3844 | URL:http://www.debian.org/security/2017/dsa-3844 | GENTOO:GLSA-201709-27 | URL:https://security.gentoo.org/glsa/201709-27 | MISC:https://blogs.gentoo.org/ago/2017/04/01/libtiff-divide-by-zero-in-jpegsetupencode-tiff_jpeg-c | UBUNTU:USN-3602-1 | URL:https://usn.ubuntu.com/3602-1/",Assigned (20170409),"None (candidate not yet proposed)","" CVE-2017-7596,Candidate,"LibTIFF 4.0.7 has an ""outside the range of representable values of type float"" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.","BID:97506 | URL:http://www.securityfocus.com/bid/97506 | DEBIAN:DSA-3844 | URL:http://www.debian.org/security/2017/dsa-3844 | GENTOO:GLSA-201709-27 | URL:https://security.gentoo.org/glsa/201709-27 | MISC:https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes | UBUNTU:USN-3602-1 | URL:https://usn.ubuntu.com/3602-1/",Assigned (20170409),"None (candidate not yet proposed)","" CVE-2017-7597,Candidate,"tif_dirread.c in LibTIFF 4.0.7 has an ""outside the range of representable values of type float"" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.","BID:97504 | URL:http://www.securityfocus.com/bid/97504 | DEBIAN:DSA-3844 | URL:http://www.debian.org/security/2017/dsa-3844 | GENTOO:GLSA-201709-27 | URL:https://security.gentoo.org/glsa/201709-27 | MISC:https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes | UBUNTU:USN-3602-1 | URL:https://usn.ubuntu.com/3602-1/",Assigned (20170409),"None (candidate not yet proposed)","" CVE-2017-7598,Candidate,"tif_dirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.","BID:97499 | URL:http://www.securityfocus.com/bid/97499 | DEBIAN:DSA-3844 | URL:http://www.debian.org/security/2017/dsa-3844 | GENTOO:GLSA-201709-27 | URL:https://security.gentoo.org/glsa/201709-27 | MISC:https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes | UBUNTU:USN-3602-1 | URL:https://usn.ubuntu.com/3602-1/",Assigned (20170409),"None (candidate not yet proposed)","" CVE-2017-7599,Candidate,"LibTIFF 4.0.7 has an ""outside the range of representable values of type short"" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.","BID:97505 | URL:http://www.securityfocus.com/bid/97505 | BID:97508 | URL:http://www.securityfocus.com/bid/97508 | DEBIAN:DSA-3844 | URL:http://www.debian.org/security/2017/dsa-3844 | GENTOO:GLSA-201709-27 | URL:https://security.gentoo.org/glsa/201709-27 | MISC:https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes | UBUNTU:USN-3602-1 | URL:https://usn.ubuntu.com/3602-1/",Assigned (20170409),"None (candidate not yet proposed)","" CVE-2017-7600,Candidate,"LibTIFF 4.0.7 has an ""outside the range of representable values of type unsigned char"" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.","DEBIAN:DSA-3844 | URL:http://www.debian.org/security/2017/dsa-3844 | GENTOO:GLSA-201709-27 | URL:https://security.gentoo.org/glsa/201709-27 | MISC:https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes | UBUNTU:USN-3602-1 | URL:https://usn.ubuntu.com/3602-1/",Assigned (20170409),"None (candidate not yet proposed)","" CVE-2017-7601,Candidate,"LibTIFF 4.0.7 has a ""shift exponent too large for 64-bit type long"" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.","BID:97511 | URL:http://www.securityfocus.com/bid/97511 | DEBIAN:DSA-3844 | URL:http://www.debian.org/security/2017/dsa-3844 | GENTOO:GLSA-201709-27 | URL:https://security.gentoo.org/glsa/201709-27 | MISC:https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes | UBUNTU:USN-3602-1 | URL:https://usn.ubuntu.com/3602-1/",Assigned (20170409),"None (candidate not yet proposed)","" CVE-2017-7602,Candidate,"LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.","BID:97500 | URL:http://www.securityfocus.com/bid/97500 | DEBIAN:DSA-3844 | URL:http://www.debian.org/security/2017/dsa-3844 | GENTOO:GLSA-201709-27 | URL:https://security.gentoo.org/glsa/201709-27 | MISC:https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes | UBUNTU:USN-3602-1 | URL:https://usn.ubuntu.com/3602-1/",Assigned (20170409),"None (candidate not yet proposed)","" CVE-2017-9117,Candidate,"In LibTIFF 4.0.7, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, leading to a heap-based buffer over-read in bmp2tiff.","BID:98581 | URL:http://www.securityfocus.com/bid/98581 | MISC:http://bugzilla.maptools.org/show_bug.cgi?id=2690 | UBUNTU:USN-3606-1 | URL:https://usn.ubuntu.com/3606-1/",Assigned (20170521),"None (candidate not yet proposed)","" CVE-2017-9147,Candidate,"LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField function in tif_dir.c, which might allow remote attackers to cause a denial of service (crash) via a crafted TIFF file.","BID:98594 | URL:http://www.securityfocus.com/bid/98594 | DEBIAN:DSA-3903 | URL:http://www.debian.org/security/2017/dsa-3903 | EXPLOIT-DB:42301 | URL:https://www.exploit-db.com/exploits/42301/ | MISC:http://bugzilla.maptools.org/show_bug.cgi?id=2693 | UBUNTU:USN-3606-1 | URL:https://usn.ubuntu.com/3606-1/",Assigned (20170522),"None (candidate not yet proposed)","" CVE-2017-9403,Candidate,"In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEntryLong8Array in tif_dirread.c, which allows attackers to cause a denial of service via a crafted file.","CONFIRM:http://bugzilla.maptools.org/show_bug.cgi?id=2689 | DEBIAN:DSA-3903 | URL:http://www.debian.org/security/2017/dsa-3903 | GENTOO:GLSA-201709-27 | URL:https://security.gentoo.org/glsa/201709-27 | UBUNTU:USN-3602-1 | URL:https://usn.ubuntu.com/3602-1/",Assigned (20170602),"None (candidate not yet proposed)","" CVE-2017-9404,Candidate,"In LibTIFF 4.0.7, a memory leak vulnerability was found in the function OJPEGReadHeaderInfoSecTablesQTable in tif_ojpeg.c, which allows attackers to cause a denial of service via a crafted file.","CONFIRM:http://bugzilla.maptools.org/show_bug.cgi?id=2688 | DEBIAN:DSA-3903 | URL:http://www.debian.org/security/2017/dsa-3903 | UBUNTU:USN-3602-1 | URL:https://usn.ubuntu.com/3602-1/",Assigned (20170602),"None (candidate not yet proposed)","" CVE-2017-9815,Candidate,"In LibTIFF 4.0.7, the TIFFReadDirEntryLong8Array function in libtiff/tif_dirread.c mishandles a malloc operation, which allows attackers to cause a denial of service (memory leak within the function _TIFFmalloc in tif_unix.c) via a crafted file.","BID:99235 | URL:http://www.securityfocus.com/bid/99235 | MISC:http://bugzilla.maptools.org/show_bug.cgi?id=2682 | MISC:http://somevulnsofadlab.blogspot.jp/2017/06/libtiffmemory-leak-in-tiffmalloc.html | UBUNTU:USN-3602-1 | URL:https://usn.ubuntu.com/3602-1/",Assigned (20170622),"None (candidate not yet proposed)","" CVE-2017-9935,Candidate,"In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in t2p_free. Given these possibilities, it probably could cause arbitrary code execution.","BID:99296 | URL:http://www.securityfocus.com/bid/99296 | DEBIAN:DSA-4100 | URL:https://www.debian.org/security/2018/dsa-4100 | MISC:http://bugzilla.maptools.org/show_bug.cgi?id=2704 | MLIST:[debian-lts-announce] 20171213 [SECURITY] [DLA 1206-1] tiff security update | URL:https://lists.debian.org/debian-lts-announce/2017/12/msg00008.html | UBUNTU:USN-3606-1 | URL:https://usn.ubuntu.com/3606-1/",Assigned (20170626),"None (candidate not yet proposed)","" CVE-2017-9936,Candidate,"In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF document can lead to a memory leak resulting in a remote denial of service attack.","BID:99300 | URL:http://www.securityfocus.com/bid/99300 | DEBIAN:DSA-3903 | URL:http://www.debian.org/security/2017/dsa-3903 | EXPLOIT-DB:42300 | URL:https://www.exploit-db.com/exploits/42300/ | MISC:http://bugzilla.maptools.org/show_bug.cgi?id=2706 | UBUNTU:USN-3602-1 | URL:https://usn.ubuntu.com/3602-1/",Assigned (20170626),"None (candidate not yet proposed)","" CVE-2017-9937,Candidate,"In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted TIFF document can lead to an abort resulting in a remote denial of service attack.","BID:99304 | URL:http://www.securityfocus.com/bid/99304 | MISC:http://bugzilla.maptools.org/show_bug.cgi?id=2707 | MLIST:[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar | URL:https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",Assigned (20170626),"None (candidate not yet proposed)","" CVE-2018-10126,Candidate,"LibTIFF 4.0.9 has a NULL pointer dereference in the jpeg_fdct_16x16 function in jfdctint.c.","MISC:http://bugzilla.maptools.org/show_bug.cgi?id=2786 | MLIST:[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar | URL:https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",Assigned (20180416),"None (candidate not yet proposed)","" CVE-2018-10779,Candidate,"TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff.","BID:104089 | URL:http://www.securityfocus.com/bid/104089 | MISC:http://bugzilla.maptools.org/show_bug.cgi?id=2788 | REDHAT:RHSA-2019:2053 | URL:https://access.redhat.com/errata/RHSA-2019:2053 | UBUNTU:USN-3906-1 | URL:https://usn.ubuntu.com/3906-1/ | UBUNTU:USN-3906-2 | URL:https://usn.ubuntu.com/3906-2/",Assigned (20180507),"None (candidate not yet proposed)","" CVE-2018-10801,Candidate,"TIFFClientOpen in tif_unix.c in LibTIFF 3.8.2 has memory leaks, as demonstrated by bmp2tiff.","MISC:http://bugzilla.maptools.org/show_bug.cgi?id=2790",Assigned (20180508),"None (candidate not yet proposed)","" CVE-2018-10963,Candidate,"The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726.","DEBIAN:DSA-4349 | URL:https://www.debian.org/security/2018/dsa-4349 | MISC:http://bugzilla.maptools.org/show_bug.cgi?id=2795 | MLIST:[debian-lts-announce] 20180702 [SECURITY] [DLA 1411-1] tiff security update | URL:https://lists.debian.org/debian-lts-announce/2018/07/msg00002.html | REDHAT:RHSA-2019:2053 | URL:https://access.redhat.com/errata/RHSA-2019:2053 | UBUNTU:USN-3864-1 | URL:https://usn.ubuntu.com/3864-1/",Assigned (20180509),"None (candidate not yet proposed)","" CVE-2018-11555,Candidate,"** DISPUTED ** tificc in Little CMS 2.9 has an out-of-bounds write in the PrecalculatedXFORM function in cmsxform.c in liblcms2.a via a crafted TIFF file. NOTE: Little CMS developers do consider this a vulnerability because the issue is based on an sample program using LIBTIFF and do not apply to the lcms2 library, lcms2 does not depends on LIBTIFF other than to build sample programs, and the issue cannot be reproduced on the lcms2 library.”.","MISC:https://github.com/mm2/Little-CMS/issues/167 | MISC:https://github.com/xiaoqx/pocs/tree/master/cms",Assigned (20180529),"None (candidate not yet proposed)","" CVE-2018-11556,Candidate,"** DISPUTED ** tificc in Little CMS 2.9 has an out-of-bounds write in the cmsPipelineCheckAndRetreiveStages function in cmslut.c in liblcms2.a via a crafted TIFF file. NOTE: Little CMS developers do consider this a vulnerability because the issue is based on an sample program using LIBTIFF and do not apply to the lcms2 library, lcms2 does not depends on LIBTIFF other than to build sample programs, and the issue cannot be reproduced on the lcms2 library.”.","MISC:https://github.com/mm2/Little-CMS/issues/167 | MISC:https://github.com/xiaoqx/pocs/tree/master/cms",Assigned (20180529),"None (candidate not yet proposed)","" CVE-2018-12900,Candidate,"Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file.","DEBIAN:DSA-4670 | URL:https://www.debian.org/security/2020/dsa-4670 | MISC:http://bugzilla.maptools.org/show_bug.cgi?id=2798 | MISC:https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2018-12900 | MLIST:[debian-lts-announce] 20191126 [SECURITY] [DLA 2009-1] tiff security update | URL:https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html | REDHAT:RHSA-2019:2053 | URL:https://access.redhat.com/errata/RHSA-2019:2053 | REDHAT:RHSA-2019:3419 | URL:https://access.redhat.com/errata/RHSA-2019:3419 | UBUNTU:USN-3906-1 | URL:https://usn.ubuntu.com/3906-1/ | UBUNTU:USN-3906-2 | URL:https://usn.ubuntu.com/3906-2/",Assigned (20180626),"None (candidate not yet proposed)","" CVE-2018-15209,Candidate,"ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf.","BID:105092 | URL:http://www.securityfocus.com/bid/105092 | DEBIAN:DSA-4349 | URL:https://www.debian.org/security/2018/dsa-4349 | MISC:http://bugzilla.maptools.org/show_bug.cgi?id=2808",Assigned (20180807),"None (candidate not yet proposed)","" CVE-2018-16335,Candidate,"newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. This is a different vulnerability than CVE-2018-15209.","DEBIAN:DSA-4349 | URL:https://www.debian.org/security/2018/dsa-4349 | MISC:http://bugzilla.maptools.org/show_bug.cgi?id=2809",Assigned (20180901),"None (candidate not yet proposed)","" CVE-2018-17000,Candidate,"A NULL pointer dereference in the function _TIFFmemcmp at tif_unix.c (called from TIFFWriteDirectoryTagTransferfunction) in LibTIFF 4.0.9 allows an attacker to cause a denial-of-service through a crafted tiff file. This vulnerability can be triggered by the executable tiffcp.","BID:105342 | URL:http://www.securityfocus.com/bid/105342 | DEBIAN:DSA-4670 | URL:https://www.debian.org/security/2020/dsa-4670 | MISC:http://bugzilla.maptools.org/show_bug.cgi?id=2811 | MLIST:[debian-lts-announce] 20190218 [SECURITY] [DLA 1680-1] tiff security update | URL:https://lists.debian.org/debian-lts-announce/2019/02/msg00026.html | SUSE:openSUSE-SU-2019:1161 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00041.html | UBUNTU:USN-3906-1 | URL:https://usn.ubuntu.com/3906-1/",Assigned (20180913),"None (candidate not yet proposed)","" CVE-2018-17100,Candidate,"An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file.","DEBIAN:DSA-4670 | URL:https://www.debian.org/security/2020/dsa-4670 | MISC:http://bugzilla.maptools.org/show_bug.cgi?id=2810 | MISC:https://gitlab.com/libtiff/libtiff/merge_requests/33/diffs?commit_id=6da1fb3f64d43be37e640efbec60400d1f1ac39e | MLIST:[debian-lts-announce] 20181028 [SECURITY] [DLA 1557-1] tiff security update | URL:https://lists.debian.org/debian-lts-announce/2018/10/msg00019.html | REDHAT:RHSA-2019:2053 | URL:https://access.redhat.com/errata/RHSA-2019:2053 | UBUNTU:USN-3864-1 | URL:https://usn.ubuntu.com/3864-1/ | UBUNTU:USN-3906-2 | URL:https://usn.ubuntu.com/3906-2/",Assigned (20180916),"None (candidate not yet proposed)","" CVE-2018-17101,Candidate,"An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file.","BID:105370 | URL:http://www.securityfocus.com/bid/105370 | DEBIAN:DSA-4349 | URL:https://www.debian.org/security/2018/dsa-4349 | MISC:http://bugzilla.maptools.org/show_bug.cgi?id=2807 | MISC:https://gitlab.com/libtiff/libtiff/merge_requests/33/diffs?commit_id=f1b94e8a3ba49febdd3361c0214a1d1149251577 | MLIST:[debian-lts-announce] 20181028 [SECURITY] [DLA 1557-1] tiff security update | URL:https://lists.debian.org/debian-lts-announce/2018/10/msg00019.html | REDHAT:RHSA-2019:2053 | URL:https://access.redhat.com/errata/RHSA-2019:2053 | UBUNTU:USN-3864-1 | URL:https://usn.ubuntu.com/3864-1/ | UBUNTU:USN-3906-2 | URL:https://usn.ubuntu.com/3906-2/",Assigned (20180916),"None (candidate not yet proposed)","" CVE-2018-17795,Candidate,"The function t2p_write_pdf in tiff2pdf.c in LibTIFF 4.0.9 and earlier allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935.","BID:105445 | URL:http://www.securityfocus.com/bid/105445 | MISC:http://bugzilla.maptools.org/show_bug.cgi?id=2816 | MISC:https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2018-17795",Assigned (20180930),"None (candidate not yet proposed)","" CVE-2018-18557,Candidate,"LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write.","DEBIAN:DSA-4349 | URL:https://www.debian.org/security/2018/dsa-4349 | EXPLOIT-DB:45694 | URL:https://www.exploit-db.com/exploits/45694/ | GENTOO:GLSA-201904-15 | URL:https://security.gentoo.org/glsa/201904-15 | MISC:https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2018-18557 | MISC:https://gitlab.com/libtiff/libtiff/commit/681748ec2f5ce88da5f9fa6831e1653e46af8a66 | MISC:https://gitlab.com/libtiff/libtiff/merge_requests/38 | MLIST:[debian-lts-announce] 20181028 [SECURITY] [DLA 1557-1] tiff security update | URL:https://lists.debian.org/debian-lts-announce/2018/10/msg00019.html | REDHAT:RHSA-2019:2053 | URL:https://access.redhat.com/errata/RHSA-2019:2053 | UBUNTU:USN-3864-1 | URL:https://usn.ubuntu.com/3864-1/ | UBUNTU:USN-3906-2 | URL:https://usn.ubuntu.com/3906-2/",Assigned (20181022),"None (candidate not yet proposed)","" CVE-2018-18661,Candidate,"An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c.","BID:105762 | URL:http://www.securityfocus.com/bid/105762 | MISC:http://bugzilla.maptools.org/show_bug.cgi?id=2819 | MLIST:[debian-lts-announce] 20191126 [SECURITY] [DLA 2009-1] tiff security update | URL:https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html | REDHAT:RHSA-2019:2053 | URL:https://access.redhat.com/errata/RHSA-2019:2053 | UBUNTU:USN-3864-1 | URL:https://usn.ubuntu.com/3864-1/",Assigned (20181026),"None (candidate not yet proposed)","" CVE-2018-19210,Candidate,"In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by tiffset.","BID:105932 | URL:http://www.securityfocus.com/bid/105932 | BUGTRAQ:20191104 [slackware-security] libtiff (SSA:2019-308-01) | URL:https://seclists.org/bugtraq/2019/Nov/5 | DEBIAN:DSA-4670 | URL:https://www.debian.org/security/2020/dsa-4670 | FEDORA:FEDORA-2019-70d89f8806 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C6IL2QFKE6MGVUTOPU2UUWITTE36KRDF/ | FEDORA:FEDORA-2019-fa3e40f00a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TX5UEYHGMTNEHJB4FHE7HCJ75UQDNKGB/ | GENTOO:GLSA-202003-25 | URL:https://security.gentoo.org/glsa/202003-25 | MISC:http://bugzilla.maptools.org/show_bug.cgi?id=2820 | MISC:http://packetstormsecurity.com/files/155095/Slackware-Security-Advisory-libtiff-Updates.html | MLIST:[debian-lts-announce] 20190218 [SECURITY] [DLA 1680-1] tiff security update | URL:https://lists.debian.org/debian-lts-announce/2019/02/msg00026.html | SUSE:openSUSE-SU-2019:1161 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00041.html | UBUNTU:USN-3906-1 | URL:https://usn.ubuntu.com/3906-1/",Assigned (20181112),"None (candidate not yet proposed)","" CVE-2018-5360,Candidate,"LibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstrated by a heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c in GraphicsMagick 1.3.27.","CONFIRM:https://gitlab.com/libtiff/libtiff/commit/739dcd28a061738b317c1e9f91029d9cbc157159 | MISC:http://bugzilla.maptools.org/show_bug.cgi?id=2500 | MISC:https://sourceforge.net/p/graphicsmagick/bugs/540/",Assigned (20180112),"None (candidate not yet proposed)","" CVE-2018-5784,Candidate,"In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file. This occurs because the declared number of directory entries is not validated against the actual number of directory entries.","CONFIRM:https://gitlab.com/libtiff/libtiff/commit/473851d211cf8805a161820337ca74cc9615d6ef | DEBIAN:DSA-4349 | URL:https://www.debian.org/security/2018/dsa-4349 | MISC:http://bugzilla.maptools.org/show_bug.cgi?id=2772 | MLIST:[debian-lts-announce] 20180531 [SECURITY] [DLA 1391-1] tiff security update | URL:https://lists.debian.org/debian-lts-announce/2018/05/msg00022.html | MLIST:[debian-lts-announce] 20180702 [SECURITY] [DLA 1411-1] tiff security update | URL:https://lists.debian.org/debian-lts-announce/2018/07/msg00002.html | UBUNTU:USN-3602-1 | URL:https://usn.ubuntu.com/3602-1/ | UBUNTU:USN-3606-1 | URL:https://usn.ubuntu.com/3606-1/",Assigned (20180119),"None (candidate not yet proposed)","" CVE-2018-7456,Candidate,"A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch.)","CONFIRM:https://gitlab.com/libtiff/libtiff/commit/be4c85b16e8801a16eec25e80eb9f3dd6a96731b | DEBIAN:DSA-4349 | URL:https://www.debian.org/security/2018/dsa-4349 | MISC:http://bugzilla.maptools.org/show_bug.cgi?id=2778 | MISC:https://github.com/xiaoqx/pocs/tree/master/libtiff | MLIST:[debian-lts-announce] 20180416 [SECURITY] [DLA 1346-1] tiff security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00010.html | MLIST:[debian-lts-announce] 20180416 [SECURITY] [DLA 1347-1] tiff3 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00011.html | MLIST:[debian-lts-announce] 20180702 [SECURITY] [DLA 1411-1] tiff security update | URL:https://lists.debian.org/debian-lts-announce/2018/07/msg00002.html | REDHAT:RHSA-2019:2051 | URL:https://access.redhat.com/errata/RHSA-2019:2051 | REDHAT:RHSA-2019:2053 | URL:https://access.redhat.com/errata/RHSA-2019:2053 | UBUNTU:USN-3864-1 | URL:https://usn.ubuntu.com/3864-1/",Assigned (20180223),"None (candidate not yet proposed)","" CVE-2018-8905,Candidate,"In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps.","CONFIRM:https://gitlab.com/libtiff/libtiff/commit/58a898cb4459055bb488ca815c23b880c242a27d | DEBIAN:DSA-4349 | URL:https://www.debian.org/security/2018/dsa-4349 | MISC:http://bugzilla.maptools.org/show_bug.cgi?id=2780 | MISC:https://github.com/halfbitteam/POCs/tree/master/libtiff-4.08_tiff2ps_heap_overflow | MLIST:[debian-lts-announce] 20180514 [SECURITY] [DLA 1377-1] tiff security update | URL:https://lists.debian.org/debian-lts-announce/2018/05/msg00008.html | MLIST:[debian-lts-announce] 20180514 [SECURITY] [DLA 1378-1] tiff3 security update | URL:https://lists.debian.org/debian-lts-announce/2018/05/msg00009.html | MLIST:[debian-lts-announce] 20180702 [SECURITY] [DLA 1411-1] tiff security update | URL:https://lists.debian.org/debian-lts-announce/2018/07/msg00002.html | REDHAT:RHSA-2019:2053 | URL:https://access.redhat.com/errata/RHSA-2019:2053 | UBUNTU:USN-3864-1 | URL:https://usn.ubuntu.com/3864-1/",Assigned (20180321),"None (candidate not yet proposed)","" CVE-2019-14973,Candidate,"_TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards. This can, for example, lead to an application crash.","BUGTRAQ:20191104 [slackware-security] libtiff (SSA:2019-308-01) | URL:https://seclists.org/bugtraq/2019/Nov/5 | BUGTRAQ:20200121 [SECURITY] [DSA 4608-1] tiff security update | URL:https://seclists.org/bugtraq/2020/Jan/32 | CONFIRM:https://gitlab.com/libtiff/libtiff/merge_requests/90 | DEBIAN:DSA-4608 | URL:https://www.debian.org/security/2020/dsa-4608 | DEBIAN:DSA-4670 | URL:https://www.debian.org/security/2020/dsa-4670 | FEDORA:FEDORA-2019-6eeff0f801 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ADNPG7JJTRRK22GUVTAFH3GJ6WGKUZJB/ | FEDORA:FEDORA-2019-e45019c690 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63BVT6N5KQPHWOWM4B3I7Z3ODBXUVNPS/ | MISC:http://packetstormsecurity.com/files/155095/Slackware-Security-Advisory-libtiff-Updates.html | MLIST:[debian-lts-announce] 20190825 [SECURITY] [DLA 1897-1] tiff security update | URL:https://lists.debian.org/debian-lts-announce/2019/08/msg00031.html | SUSE:openSUSE-SU-2020:1561 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00102.html | SUSE:openSUSE-SU-2020:1840 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00023.html",Assigned (20190812),"None (candidate not yet proposed)","" CVE-2019-15141,Candidate,"WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows attackers to cause a denial-of-service (application crash resulting from a heap-based buffer over-read) via a crafted TIFF image file, related to TIFFRewriteDirectory, TIFFWriteDirectory, TIFFWriteDirectorySec, and TIFFWriteDirectoryTagColormap in tif_dirwrite.c of LibTIFF. NOTE: this occurs because of an incomplete fix for CVE-2019-11597.","MISC:https://github.com/ImageMagick/ImageMagick/issues/1560 | MISC:https://github.com/ImageMagick/ImageMagick6/commit/3c53413eb544cc567309b4c86485eae43e956112 | SUSE:openSUSE-SU-2019:2515 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00040.html | SUSE:openSUSE-SU-2019:2519 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00042.html",Assigned (20190818),"None (candidate not yet proposed)","" CVE-2019-17546,Candidate,"tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a ""Negative-size-param"" condition.","BUGTRAQ:20200121 [SECURITY] [DSA 4608-1] tiff security update | URL:https://seclists.org/bugtraq/2020/Jan/32 | DEBIAN:DSA-4608 | URL:https://www.debian.org/security/2020/dsa-4608 | DEBIAN:DSA-4670 | URL:https://www.debian.org/security/2020/dsa-4670 | FEDORA:FEDORA-2020-2e9bd06377 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LM5ZW7E3IEW7LT2BPJP7D3RN6OUOE3MX/ | FEDORA:FEDORA-2020-6f1209bb45 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M3S4WNIMZ7XSLY2LD5FPRPZMGNUBVKOG/ | GENTOO:GLSA-202003-25 | URL:https://security.gentoo.org/glsa/202003-25 | MISC:https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16443 | MISC:https://github.com/OSGeo/gdal/commit/21674033ee246f698887604c7af7ba1962a40ddf | MISC:https://gitlab.com/libtiff/libtiff/commit/4bb584a35f87af42d6cf09d15e9ce8909a839145 | MLIST:[debian-lts-announce] 20191126 [SECURITY] [DLA 2009-1] tiff security update | URL:https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html | MLIST:[debian-lts-announce] 20200318 [SECURITY] [DLA 2147-1] gdal security update | URL:https://lists.debian.org/debian-lts-announce/2020/03/msg00020.html",Assigned (20191014),"None (candidate not yet proposed)","" CVE-2019-6128,Candidate,"The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb.","BUGTRAQ:20191104 [slackware-security] libtiff (SSA:2019-308-01) | URL:https://seclists.org/bugtraq/2019/Nov/5 | CONFIRM:https://gitlab.com/libtiff/libtiff/commit/0c74a9f49b8d7a36b17b54a7428b3526d20f88a8 | GENTOO:GLSA-202003-25 | URL:https://security.gentoo.org/glsa/202003-25 | MISC:http://bugzilla.maptools.org/show_bug.cgi?id=2836 | MISC:http://packetstormsecurity.com/files/155095/Slackware-Security-Advisory-libtiff-Updates.html | MLIST:[debian-lts-announce] 20191126 [SECURITY] [DLA 2009-1] tiff security update | URL:https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html | SUSE:openSUSE-SU-2019:1161 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00041.html | UBUNTU:USN-3906-1 | URL:https://usn.ubuntu.com/3906-1/ | UBUNTU:USN-3906-2 | URL:https://usn.ubuntu.com/3906-2/",Assigned (20190110),"None (candidate not yet proposed)","" CVE-2019-7663,Candidate,"An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted tiff file. This is different from CVE-2018-12900.","CONFIRM:https://gitlab.com/libtiff/libtiff/commit/802d3cbf3043be5dce5317e140ccb1c17a6a2d39 | DEBIAN:DSA-4670 | URL:https://www.debian.org/security/2020/dsa-4670 | GENTOO:GLSA-202003-25 | URL:https://security.gentoo.org/glsa/202003-25 | MISC:http://bugzilla.maptools.org/show_bug.cgi?id=2833 | MLIST:[debian-lts-announce] 20190218 [SECURITY] [DLA 1680-1] tiff security update | URL:https://lists.debian.org/debian-lts-announce/2019/02/msg00026.html | SUSE:openSUSE-SU-2019:1161 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00041.html | UBUNTU:USN-3906-1 | URL:https://usn.ubuntu.com/3906-1/ | UBUNTU:USN-3906-2 | URL:https://usn.ubuntu.com/3906-2/",Assigned (20190209),"None (candidate not yet proposed)","" CVE-2020-35521,Candidate,"A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service.","MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1932034 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=1932034",Assigned (20201217),"None (candidate not yet proposed)","" CVE-2020-35522,Candidate,"In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack.","MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1932037 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=1932037",Assigned (20201217),"None (candidate not yet proposed)","" CVE-2020-35523,Candidate,"An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.","DEBIAN:DSA-4869 | URL:https://www.debian.org/security/2021/dsa-4869 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1932040 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=1932040 | MISC:https://gitlab.com/libtiff/libtiff/-/commit/c8d613ef497058fe653c467fc84c70a62a4a71b2 | URL:https://gitlab.com/libtiff/libtiff/-/commit/c8d613ef497058fe653c467fc84c70a62a4a71b2 | MISC:https://gitlab.com/libtiff/libtiff/-/merge_requests/160 | URL:https://gitlab.com/libtiff/libtiff/-/merge_requests/160",Assigned (20201217),"None (candidate not yet proposed)","" CVE-2020-35524,Candidate,"A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.","DEBIAN:DSA-4869 | URL:https://www.debian.org/security/2021/dsa-4869 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1932044 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=1932044 | MISC:https://gitlab.com/libtiff/libtiff/-/merge_requests/159 | URL:https://gitlab.com/libtiff/libtiff/-/merge_requests/159 | MISC:https://gitlab.com/rzkn/libtiff/-/commit/7be2e452ddcf6d7abca88f41d3761e6edab72b22 | URL:https://gitlab.com/rzkn/libtiff/-/commit/7be2e452ddcf6d7abca88f41d3761e6edab72b22",Assigned (20201217),"None (candidate not yet proposed)","" CVE-2020-35654,Candidate,"In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode.","FEDORA:FEDORA-2021-0ece308612 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/ | FEDORA:FEDORA-2021-15845d3abe | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/ | FEDORA:FEDORA-2021-880aa7bd27 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/ | FEDORA:FEDORA-2021-a8ddc1ce70 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/ | MISC:https://pillow.readthedocs.io/en/stable/releasenotes/index.html",Assigned (20201223),"None (candidate not yet proposed)","" CVE-2021-25289,Candidate,"An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654.","MISC:https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html",Assigned (20210117),"None (candidate not yet proposed)","" CVE-1999-0317,Candidate,"Buffer overflow in Linux su command gives root access to local users.","BUGTRAQ:19990818 slackware-3.5 /bin/su buffer overflow | XF:su-bo",Modified (19991216)," ACCEPT(3) Frech, Hill, Northcutt | NOOP(1) Prosser | RECAST(1) Baker | REVIEWING(1) Christey","Christey> DUPE CVE-1999-0845? | Also, ADDREF XF:unixware-su-username-bo | A report summary by Aleph One states that nobody was able to | confirm this problem on any Linux distribution. | Baker> If this is the same as the unixware, the n it is a dupe of 1999-0845. There is about a two and half month difference in the bugtraq reporting of these. | Sounds like the same bug however... | Christey> XF:su-bo no longer seems to exist. | How about XF:linux-subo(734) ? | http://xforce.iss.net/static/734.php | | BID:475 also seems to describe the same problem | (http://www.securityfocus.com/bid/475) in which case, | vsyslog is blamed in: | BUGTRAQ:19971220 Linux vsyslog() overflow | http://www.securityfocus.com/archive/1/8274" CVE-1999-0710,Entry,"The Squid package in Red Hat Linux 5.2 and 6.0, and other distributions, installs cachemgr.cgi in a public web directory, which allows remote attackers to use it as an intermediary to connect to other systems.","BID:2059 | URL:http://www.securityfocus.com/bid/2059 | BUGTRAQ:19990725 Redhat 6.0 cachemgr.cgi lameness | CONFIRM:http://www.redhat.com/support/errata/archives/rh52-errata-general.html#squid | DEBIAN:DSA-576 | URL:http://www.debian.org/security/2004/dsa-576 | FEDORA:FEDORA-2005-373 | URL:http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html | FEDORA:FLSA-2006:152809 | URL:http://fedoranews.org/updates/FEDORA--.shtml | REDHAT:RHSA-1999:025 | URL:http://www.redhat.com/support/errata/RHSA-1999-025.html | REDHAT:RHSA-2005:489 | URL:http://www.redhat.com/support/errata/RHSA-2005-489.html | XF:http-cgi-cachemgr(2385) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/2385",,"","" CVE-1999-1132,Entry,"Windows NT 4.0 allows remote attackers to cause a denial of service (crash) via extra source routing data such as (1) a Routing Information Field (RIF) field with a hop count greater than 7, or (2) a list containing duplicate Token Ring IDs.","BUGTRAQ:19981005 NMRC Advisory - Lame NT Token Ring DoS | URL:http://marc.info/?l=bugtraq&m=90763508011966&w=2 | MSKB:Q179157 | URL:http://support.microsoft.com/support/kb/articles/Q179/1/57.asp | NTBUGTRAQ:19981002 NMRC Advisory - Lame NT Token Ring DoS | URL:http://marc.info/?l=ntbugtraq&m=90760603030452&w=2 | XF:token-ring-dos(1399) | URL:http://www.iss.net/security_center/static/1399.php",,"","" CVE-1999-1284,Entry,"NukeNabber allows remote attackers to cause a denial of service by connecting to the NukeNabber port (1080) without sending any data, which causes the CPU usage to rise to 100% from the report.exe program that is executed upon the connection.","BUGTRAQ:19981105 various *lame* DoS attacks | URL:http://www.securityfocus.com/archive/1/11131 | BUGTRAQ:19981107 Re: various *lame* DoS attacks | URL:http://marc.info/?l=bugtraq&m=91063407332594&w=2 | MISC:http://www.dynamsol.com/puppet/text/new.txt | XF:nukenabber-timeout-dos(1540) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1540",,"","" CVE-2000-0642,Entry,"The default configuration of WebActive HTTP Server 1.00 stores the web access log active.log in the document root, which allows remote attackers to view the logs by directly requesting the page.","BID:1497 | URL:http://www.securityfocus.com/bid/1497 | BUGTRAQ:20000711 Lame DoS in WEBactive win65/NT server | URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200007130827.BAA32671@Rage.Resentment.org | XF:webactive-active-log(5184) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5184",,"","" CVE-2000-0643,Entry,"Buffer overflow in WebActive HTTP Server 1.00 allows remote attackers to cause a denial of service via a long URL.","BID:1470 | URL:http://www.securityfocus.com/bid/1470 | BUGTRAQ:20000711 Lame DoS in WEBactive win65/NT server | URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200007130827.BAA32671@Rage.Resentment.org | XF:webactive-long-get-dos(4949) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4949",,"","" CVE-2002-0980,Candidate,"The Web Folder component for Internet Explorer 5.5 and 6.0 writes an error message to a known location in the temporary folder, which allows remote attackers to execute arbitrary code by injecting it into the error message, then referring to the error message file via a mhtml: URL.","BID:5473 | URL:http://www.securityfocus.com/bid/5473 | BUGTRAQ:20020815 SILLY BEHAVIOR : Internet Explorer 5.5 - 6.0 | URL:http://marc.info/?l=bugtraq&m=102942234427691&w=2 | MS:MS03-014 | URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-014 | NTBUGTRAQ:20020815 SILLY BEHAVIOR : Internet Explorer 5.5 - 6.0 | URL:http://marc.info/?l=ntbugtraq&m=102937705527922&w=2 | VULN-DEV:20020815 SILLY BEHAVIOR : Internet Explorer 5.5 - 6.0 | URL:http://marc.info/?l=vuln-dev&m=102943486811091&w=2 | XF:ie-webfolder-script-injection(9881) | URL:http://www.iss.net/security_center/static/9881.php",Modified (20050609)," ACCEPT(1) Baker | MODIFY(1) Frech | NOOP(5) Armstrong, Christey, Cole, Cox, Foat | REVIEWING(1) Wall","Christey> ADDREF MS:MS03-014 | URL:http://www.microsoft.com/technet/security/bulletin/ms03-014.asp | (it explicitly mentions this CAN). | | Note: MS03-014 places the blame on Outlook, not IE. | Frech> XF:ie-webfolder-script-injection(9881) | Christey> MS:MS03-014 | URL:http://www.microsoft.com/technet/security/bulletin/ms03-014.asp | | The following Bugtraq post appears to involve a different | attack vector than is currently described: | | BUGTRAQ:20030225 Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part II | URL:http://www.securityfocus.com/archive/1/313174 | | *** FROM THE CVE PERSPECTIVE, THERE IS INSUFFICIENT PUBLIC | *** INFORMATION TO BE CERTAIN WHETHER THE ABOVE POST IS TRULY | *** ADDRESSED BY MS:MS03-014 OR NOT. THEREFORE IT IS NOT | *** CERTAIN WHETHER THE ABOVE REFERENCE SHOULD BE ADDED TO | *** THIS ENTRY OR NOT. | | The exploit from this Bugtraq post is being used in the | ""W32/Mimail@MM"" mail worm of July/August 2003. | | Also see: http://www.microsoft.com/security/incident/mimail.asp | | Also see: http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.a@mm.html" CVE-2003-0154,Candidate,"Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query tool allow remote attackers to execute arbitrary web script via (1) the file, root, or rev parameters to cvslog.cgi, (2) the file or root parameters to cvsblame.cgi, (3) various parameters to cvsquery.cgi, (4) the person parameter to showcheckins.cgi, (5) the module parameter to cvsqueryform.cgi, and (6) possibly other attack vectors as identified by Mozilla bug #146244.","BID:5516 | URL:http://www.securityfocus.com/bid/5516 | BUGTRAQ:20020819 Advisory: Bonsai XSS and Physical Path Revealing Vulnerabilities | URL:http://marc.info/?l=bugtraq&m=102980129101054&w=2 | CONFIRM:http://bugzilla.mozilla.org/attachment.cgi?id=95950&action=view | CONFIRM:http://bugzilla.mozilla.org/attachment.cgi?id=95985&action=view | CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=163573 | DEBIAN:DSA-265 | URL:http://www.debian.org/security/2003/dsa-265 | MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=146244 | XF:bonsai-error-message-xss(9920) | URL:http://www.iss.net/security_center/static/9920.php",Assigned (20030319),"None (candidate not yet proposed)","" CVE-2003-0793,Candidate,"GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not restrict the size of input, which allows attackers to cause a denial of service (memory consumption).","BID:8846 | URL:http://www.securityfocus.com/bid/8846 | CONECTIVA:CLA-2003:766 | URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000766 | CONFIRM:http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS&rev=&root=/cvs/gnome | MANDRAKE:MDKSA-2003:100 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:100 | XF:gdm-dos(13447) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/13447",Assigned (20030917),"None (candidate not yet proposed)","" CVE-2003-0794,Candidate,"GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit the number or duration of commands and uses a blocking socket connection, which allows attackers to cause a denial of service (resource exhaustion) by sending commands and not reading the results.","BID:8846 | URL:http://www.securityfocus.com/bid/8846 | CONECTIVA:CLA-2003:766 | URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000766 | CONFIRM:http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS&rev=&root=/cvs/gnome | MANDRAKE:MDKSA-2003:100 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:100 | XF:gdm-command-dos(13448) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/13448",Assigned (20030917),"None (candidate not yet proposed)","" CVE-2004-0749,Candidate,"The mod_authz_svn module in Subversion 1.0.7 and earlier does not properly restrict access to all metadata on unreadable paths, which could allow remote attackers to gain sensitive information via (1) svn log -v, (2) svn propget, or (3) svn blame, and other commands that follow renames.","BID:11243 | URL:http://www.securityfocus.com/bid/11243 | CONFIRM:http://subversion.tigris.org/security/CAN-2004-0749-advisory.txt | FEDORA:FEDORA-2004-318 | URL:http://fedoranews.org/updates/FEDORA-2004-318.shtml | GENTOO:GLSA-200409-35 | URL:http://www.gentoo.org/security/en/glsa/glsa-200409-35.xml | XF:subversion-information-disclosure(17472) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/17472",Assigned (20040726),"None (candidate not yet proposed)","" CVE-2005-4028,Candidate,"Multiple cross-site scripting (XSS) vulnerabilities in aMember allow remote attackers to inject arbitrary web script or HTML via the (1) lamember_login parameter to sendpass.php and (2) login parameter to member.php.","OSVDB:21012 | URL:http://www.osvdb.org/21012 | OSVDB:21013 | URL:http://www.osvdb.org/21013 | SECTRACK:1015208 | URL:http://securitytracker.com/id?1015208",Assigned (20051205),"None (candidate not yet proposed)","" CVE-2005-4581,Candidate,"Buffer overflow in Electric Sheep 2.6.3 client allows local users to execute arbitrary code via a long window-id parameter. NOTE: because the program is not setuid and not normally called from remote programs, there may not be a typical attack vector for the issue that crosses privilege boundaries. Therefore this may not be a vulnerability.","BUGTRAQ:20051223 Electric Sheep window-id stack overflow | URL:http://www.securityfocus.com/archive/1/420160/100/0/threaded | CONFIRM:http://draves.org/HyperNews/get.cgi/flame/1478.html | CONFIRM:http://draves.org/HyperNews/get.cgi/flame/1478/1.html | CONFIRM:http://electricsheep.org/index.cgi?&menu=talk | MISC:http://electricsheep.org/release_notes.html | XF:electric-sheep-windowid-bo(23893) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/23893",Assigned (20051229),"None (candidate not yet proposed)","" CVE-2006-3086,Candidate,"Stack-based buffer overflow in the HrShellOpenWithMonikerDisplayName function in Microsoft Hyperlink Object Library (hlink.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hyperlink, as demonstrated using an Excel worksheet with a long link in Unicode, aka ""Hyperlink COM Object Buffer Overflow Vulnerability."" NOTE: this is a different issue than CVE-2006-3059.","BID:18500 | URL:http://www.securityfocus.com/bid/18500 | BUGTRAQ:20060622 MS Excel Remote Code Execution POC Exploit | URL:http://www.securityfocus.com/archive/1/438057/100/0/threaded | BUGTRAQ:20060622 RE: MS Excel Remote Code Execution POC Exploit | URL:http://www.securityfocus.com/archive/1/438093/100/0/threaded | BUGTRAQ:20060622 Re: MS Excel Remote Code Execution POC Exploit | URL:http://www.securityfocus.com/archive/1/438096/100/0/threaded | BUGTRAQ:20060623 Re: MS Excel Remote Code Execution POC Exploit | URL:http://www.securityfocus.com/archive/1/438373/100/0/threaded | BUGTRAQ:20060623 Re: Re: MS Excel Remote Code Execution POC Exploit | URL:http://www.securityfocus.com/archive/1/438156/100/0/threaded | BUGTRAQ:20060808 TSRT-06-10: Microsoft HLINK.DLL Hyperlink Object Library Buffer Overflow Vulnerability | URL:http://www.securityfocus.com/archive/1/442724/100/0/threaded | CERT-VN:VU#394444 | URL:http://www.kb.cert.org/vuls/id/394444 | EXPLOIT-DB:1927 | FULLDISC:20060618 ***ULTRALAME*** Microsoft Excel Unicode Overflow | URL:http://marc.info/?l=full-disclosure&m=115067840426070&w=2 | MISC:http://blogs.technet.com/msrc/archive/2006/06/20/437826.aspx | MISC:http://www.tippingpoint.com/security/advisories/TSRT-06-10.html | MS:MS06-050 | URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-050 | OSVDB:26666 | URL:http://www.osvdb.org/26666 | OVAL:oval:org.mitre.oval:def:999 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A999 | SECTRACK:1016339 | URL:http://securitytracker.com/id?1016339 | SECUNIA:20748 | URL:http://secunia.com/advisories/20748 | VUPEN:ADV-2006-2431 | URL:http://www.vupen.com/english/advisories/2006/2431 | XF:excel-hlink-bo(27224) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/27224",Assigned (20060619),"None (candidate not yet proposed)","" CVE-2006-5550,Candidate,"The kernel in FreeBSD 6.1 and OpenBSD 4.0 allows local users to cause a denial of service via unspecified vectors involving certain ioctl requests to /dev/crypto.","BID:20713 | URL:http://www.securityfocus.com/bid/20713 | MISC:http://elegerov.blogspot.com/2006/10/here-is-lame-proof-of-concept-code-for.html | SECUNIA:22543 | URL:http://secunia.com/advisories/22543",Assigned (20061026),"None (candidate not yet proposed)","" CVE-2007-4429,Candidate,"Unspecified vulnerability in Skype allows remote attackers to cause a denial of service (server hang) via unknown vectors related to sending long URIs, as claimed to be actively exploited on 20070817 using a ""call to a specific number."" NOTE: this identifier is for the en.securitylab.ru disclosure. According to the vendor, this issue is separate from the ""sign-on issues"" that reduced Skype service on 20070817, which appears to be a site-specific problem. As of 20070821, it is not clear whether this issue is simply a symptom of the larger sign-on problem.","BUGTRAQ:20070817 Skype Network Remote DoS Exploit | URL:http://www.securityfocus.com/archive/1/476942/100/0/threaded | BUGTRAQ:20070820 RE: Skype Network Remote DoS Exploit | URL:http://www.securityfocus.com/archive/1/477178/100/0/threaded | BUGTRAQ:20070820 Re: Skype Network Remote DoS Exploit | URL:http://www.securityfocus.com/archive/1/477156/100/0/threaded | BUGTRAQ:20070820 Re[2]: Skype Network Remote DoS Exploit | URL:http://www.securityfocus.com/archive/1/477240/100/0/threaded | MISC:http://blogs.csoonline.com/the_skype_mystery_why_blame_the_august_windows_updates | MISC:http://en.securitylab.ru/poc/301420.php | MISC:http://en.securitylab.ru/poc/extra/301419.php | MISC:http://heartbeat.skype.com/2007/08/what_happened_on_august_16.html | MISC:http://heartbeat.skype.com/2007/08/where_we_are_at_1100_gmt.html | MISC:http://www.securitylab.ru/news/301422.php | SREASON:3032 | URL:http://securityreason.com/securityalert/3032",Assigned (20070820),"None (candidate not yet proposed)","" CVE-2008-5141,Candidate,"flamethrower in flamethrower 0.1.8 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/multicast.tar.##### temporary file.","BID:32386 | URL:http://www.securityfocus.com/bid/32386 | DEBIAN:DSA-1676 | URL:http://www.debian.org/security/2008/dsa-1676 | MISC:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506350 | MLIST:[debian-devel] 20080811 Re: Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages | URL:http://lists.debian.org/debian-devel/2008/08/msg00285.html | SECUNIA:32891 | URL:http://secunia.com/advisories/32891 | SECUNIA:32961 | URL:http://secunia.com/advisories/32961 | XF:flamethrower-flamethrower-symlink(46717) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/46717",Assigned (20081118),"None (candidate not yet proposed)","" CVE-2009-1848,Candidate,"SQL injection vulnerability in the JoomlaMe AgoraGroups (aka AG or com_agoragroup) component 0.3.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a groupdetail action to index.php.","BID:35118 | URL:http://www.securityfocus.com/bid/35118 | EXPLOIT-DB:8814 | URL:https://www.exploit-db.com/exploits/8814",Assigned (20090601),"None (candidate not yet proposed)","" CVE-2010-1600,Candidate,"SQL injection vulnerability in the Media Mall Factory (com_mediamall) component 1.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the category parameter to index.php.","BID:39488 | URL:http://www.securityfocus.com/bid/39488 | CONFIRM:http://www.thefactory.ro/shop/joomla-components/media-mall.html | EXPLOIT-DB:12234 | URL:http://www.exploit-db.com/exploits/12234 | MISC:http://www.packetstormsecurity.com/1004-exploits/joomlamediamallfactory-bsql.txt | OSVDB:63940 | URL:http://www.osvdb.org/63940 | SECUNIA:39546 | URL:http://secunia.com/advisories/39546 | XF:mediamall-category-sql-injection(57906) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/57906",Assigned (20100429),"None (candidate not yet proposed)","" CVE-2010-2621,Candidate,"The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request.","BID:41250 | URL:http://www.securityfocus.com/bid/41250 | CONFIRM:http://qt.gitorious.org/qt/qt/commit/c25c7c9bdfade6b906f37ac8bad44f6f0de57597 | MISC:http://aluigi.org/adv/qtsslame-adv.txt | MISC:http://aluigi.org/poc/qtsslame.zip | OSVDB:65860 | URL:http://osvdb.org/65860 | SECUNIA:40389 | URL:http://secunia.com/advisories/40389 | SECUNIA:46410 | URL:http://secunia.com/advisories/46410 | SUSE:SUSE-SU-2011:1113 | URL:https://hermes.opensuse.org/messages/12056605 | VUPEN:ADV-2010-1657 | URL:http://www.vupen.com/english/advisories/2010/1657",Assigned (20100702),"None (candidate not yet proposed)","" CVE-2010-4644,Candidate,"Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.","BID:45655 | URL:http://www.securityfocus.com/bid/45655 | CONFIRM:http://svn.apache.org/repos/asf/subversion/tags/1.6.15/CHANGES | CONFIRM:http://svn.apache.org/viewvc?view=revision&revision=1032808 | FEDORA:FEDORA-2011-0099 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053230.html | MANDRIVA:MDVSA-2011:006 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:006 | MLIST:[dev] 20101104 ""svn blame -g"" causing svnserve to hang & mem usage to hit 2GB | URL:http://svn.haxx.se/dev/archive-2010-11/0102.shtml | MLIST:[oss-security] 20110102 CVE request for subversion | URL:http://openwall.com/lists/oss-security/2011/01/02/1 | MLIST:[oss-security] 20110104 Re: CVE request for subversion | URL:http://openwall.com/lists/oss-security/2011/01/04/10 | MLIST:[oss-security] 20110104 Re: CVE request for subversion | URL:http://openwall.com/lists/oss-security/2011/01/04/8 | MLIST:[oss-security] 20110105 Re: CVE request for subversion | URL:http://openwall.com/lists/oss-security/2011/01/05/4 | MLIST:[subversion-users] 20101104 svnserve.exe (Win32) using 2GB of memory and then crashing? | URL:http://mail-archives.apache.org/mod_mbox/subversion-users/201011.mbox/%3C4CD33B61.7030203@thepond.com%3E | MLIST:[www-announce] 20101124 Apache Subversion 1.6.15 Released | URL:http://mail-archives.apache.org/mod_mbox/www-announce/201011.mbox/%3CAANLkTi=5+NOi-Cp=fKCx6mAW-TofFVW=ikEQkXgQB8Bt@mail.gmail.com%3E | REDHAT:RHSA-2011:0257 | URL:http://www.redhat.com/support/errata/RHSA-2011-0257.html | REDHAT:RHSA-2011:0258 | URL:http://www.redhat.com/support/errata/RHSA-2011-0258.html | SECTRACK:1024935 | URL:http://www.securitytracker.com/id?1024935 | SECUNIA:42780 | URL:http://secunia.com/advisories/42780 | SECUNIA:42969 | URL:http://secunia.com/advisories/42969 | SECUNIA:43115 | URL:http://secunia.com/advisories/43115 | SECUNIA:43139 | URL:http://secunia.com/advisories/43139 | SECUNIA:43346 | URL:http://secunia.com/advisories/43346 | SUSE:SUSE-SR:2011:005 | URL:http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html | UBUNTU:USN-1053-1 | URL:http://www.ubuntu.com/usn/USN-1053-1 | VUPEN:ADV-2011-0015 | URL:http://www.vupen.com/english/advisories/2011/0015 | VUPEN:ADV-2011-0103 | URL:http://www.vupen.com/english/advisories/2011/0103 | VUPEN:ADV-2011-0162 | URL:http://www.vupen.com/english/advisories/2011/0162 | VUPEN:ADV-2011-0264 | URL:http://www.vupen.com/english/advisories/2011/0264 | XF:subversion-blameg-dos(64473) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64473",Assigned (20110103),"None (candidate not yet proposed)","" CVE-2011-5112,Candidate,"SQL injection vulnerability in Alameda (com_alameda) component before 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the storeid parameter to index.php.","CONFIRM:http://www.blueflyingfish.com/alameda/index.php?option=com_content&view=article&id=7:security-releases&catid=5:security-releases&Itemid=28 | EXPLOIT-DB:18058 | URL:http://www.exploit-db.com/exploits/18058",Assigned (20120823),"None (candidate not yet proposed)","" CVE-2012-5619,Candidate,"The Sleuth Kit (TSK) 4.0.1 does not properly handle ""."" (dotfile) file system entries in FAT file systems and other file systems for which . is not a reserved name, which allows local users to hide activities it more difficult to conduct forensics activities, as demonstrated by Flame.","CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=883330 | FEDORA:FEDORA-2013-0320 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097289.html | FEDORA:FEDORA-2013-0336 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097293.html | MANDRIVA:MDVSA-2013:125 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:125 | MISC:http://labs.bitdefender.com/2012/06/flame-the-story-of-leaked-data-carried-by-human-vector/ | MLIST:[oss-security] 20121201 CVE request: TSK misrepresents ""."" files on FAT filesystems | URL:http://www.openwall.com/lists/oss-security/2012/12/01/2 | MLIST:[oss-security] 20121203 Re: CVE request: TSK misrepresents ""."" files on FAT filesystems | URL:http://www.openwall.com/lists/oss-security/2012/12/04/2",Assigned (20121024),"None (candidate not yet proposed)","" CVE-2014-2913,Candidate,"** DISPUTED ** Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor (NRPE) 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to libexec/check_nrpe. NOTE: this issue is disputed by multiple parties. It has been reported that the vendor allows newlines as ""expected behavior."" Also, this issue can only occur when the administrator enables the ""dont_blame_nrpe"" option in nrpe.conf despite the ""HIGH security risk"" warning within the comments.","BID:66969 | URL:http://www.securityfocus.com/bid/66969 | FEDORA:FEDORA-2015-15398 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166528.html | FULLDISC:20140417 NRPE - Nagios Remote Plugin Executor <= 2.15 Remote Command Execution | URL:http://seclists.org/fulldisclosure/2014/Apr/240 | FULLDISC:20140418 Re: NRPE - Nagios Remote Plugin Executor <= 2.15 Remote Command Execution | URL:http://seclists.org/fulldisclosure/2014/Apr/242 | MLIST:[oss-security] 20140422 Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution | URL:http://seclists.org/oss-sec/2014/q2/154 | MLIST:[oss-security] 20140422 Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution | URL:http://seclists.org/oss-sec/2014/q2/155 | SUSE:SUSE-SU-2014:0682 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00011.html | SUSE:openSUSE-SU-2014:0594 | URL:http://lists.opensuse.org/opensuse-updates/2014-05/msg00005.html | SUSE:openSUSE-SU-2014:0603 | URL:http://lists.opensuse.org/opensuse-updates/2014-05/msg00014.html",Assigned (20140418),"None (candidate not yet proposed)","" CVE-2014-4511,Candidate,"Gitlist before 0.5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name in the URI of a request for a (1) blame, (2) file, or (3) stats page, as demonstrated by requests to blame/master/, master/, and stats/master/.","CONFIRM:https://groups.google.com/forum/#!topic/gitlist/Hw_KdZfA4js | EXPLOIT-DB:33929 | URL:http://www.exploit-db.com/exploits/33929 | EXPLOIT-DB:33990 | URL:http://www.exploit-db.com/exploits/33990 | MISC:http://hatriot.github.io/blog/2014/06/29/gitlist-rce/ | MISC:http://packetstormsecurity.com/files/127281/Gitlist-0.4.0-Remote-Code-Execution.html | MISC:http://packetstormsecurity.com/files/127364/Gitlist-Unauthenticated-Remote-Command-Execution.html",Assigned (20140622),"None (candidate not yet proposed)","" CVE-2014-5644,Candidate,"The Brightest LED Flashlight (aka com.intellectualflame.ledflashlight.washer) application 1.2.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.","CERT-VN:VU#272385 | URL:http://www.kb.cert.org/vuls/id/272385 | CERT-VN:VU#582497 | URL:http://www.kb.cert.org/vuls/id/582497 | MISC:https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",Assigned (20140830),"None (candidate not yet proposed)","" CVE-2014-9390,Candidate,"Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.","MISC:http://article.gmane.org/gmane.linux.kernel/1853266 | MISC:http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html | MISC:http://mercurial.selenic.com/wiki/WhatsNew | MISC:http://securitytracker.com/id?1031404 | MISC:http://support.apple.com/kb/HT204147 | MISC:https://github.com/blog/1938-git-client-vulnerability-announced | MISC:https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915 | MISC:https://libgit2.org/security/ | MISC:https://news.ycombinator.com/item?id=8769667",Assigned (20141217),"None (candidate not yet proposed)","" CVE-2015-9099,Candidate,"The lame_init_params function in lame.c in libmp3lame.a in LAME 3.99.5 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file with a negative sample rate.","BID:99279 | URL:http://www.securityfocus.com/bid/99279 | MISC:https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775959",Assigned (20170625),"None (candidate not yet proposed)","" CVE-2015-9100,Candidate,"The fill_buffer_resample function in util.c in libmp3lame.a in LAME 3.99.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted audio file.","BID:99278 | URL:http://www.securityfocus.com/bid/99278 | MISC:https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777160",Assigned (20170625),"None (candidate not yet proposed)","" CVE-2015-9101,Candidate,"The fill_buffer_resample function in util.c in libmp3lame.a in LAME 3.98.4, 3.98.2, 3.98, 3.99, 3.99.1, 3.99.2, 3.99.3, 3.99.4 and 3.99.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file.","BID:99269 | URL:http://www.securityfocus.com/bid/99269 | MISC:https://blogs.gentoo.org/ago/2017/06/17/lame-heap-based-buffer-overflow-in-fill_buffer_resample-util-c/ | MISC:https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777161 | MISC:https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2015-9101",Assigned (20170625),"None (candidate not yet proposed)","" CVE-2017-11720,Candidate,"There is a division-by-zero vulnerability in LAME 3.99.5, caused by a malformed input file.","MISC:https://blogs.gentoo.org/ago/2017/06/17/lame-divide-by-zero-in-parse_wave_header-get_audio-c/ | MISC:https://bugs.debian.org/777159 | MISC:https://sourceforge.net/p/lame/bugs/460/",Assigned (20170727),"None (candidate not yet proposed)","" CVE-2017-13712,Candidate,"NULL Pointer Dereference in the id3v2AddAudioDuration function in libmp3lame/id3tag.c in LAME 3.99.5 allows attackers to perform Denial of Service by triggering a NULL first argument.","BID:100525 | URL:http://www.securityfocus.com/bid/100525 | MISC:https://sourceforge.net/p/lame/bugs/472/",Assigned (20170828),"None (candidate not yet proposed)","" CVE-2017-15018,Candidate,"LAME 3.99.5, 3.99.4, 3.99.3, 3.99.2, 3.99.1, 3.99, 3.98.4, 3.98.2 and 3.98 have a heap-based buffer over-read when handling a malformed file in k_34_4 in vbrquantize.c.","MISC:https://sourceforge.net/p/lame/bugs/480/",Assigned (20171003),"None (candidate not yet proposed)","" CVE-2017-15019,Candidate,"LAME 3.99.5 has a NULL Pointer Dereference in the hip_decode_init function within libmp3lame/mpglib_interface.c via a malformed mpg file, because of an incorrect calloc call.","MISC:https://sourceforge.net/p/lame/bugs/477/",Assigned (20171003),"None (candidate not yet proposed)","" CVE-2017-15045,Candidate,"LAME 3.99, 3.99.1, 3.99.2, 3.99.3, 3.99.4, 3.99.5, 3.98.4, 3.98.2 and 3.98 has a heap-based buffer over-read in fill_buffer in libmp3lame/util.c, related to lame_encode_buffer_sample_t in libmp3lame/lame.c, a different vulnerability than CVE-2017-9410.","MISC:https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2017-15045 | MISC:https://sourceforge.net/p/lame/bugs/478/",Assigned (20171005),"None (candidate not yet proposed)","" CVE-2017-15046,Candidate,"LAME 3.99.5, 3.99.4, 3.98.4, 3.98.2, 3.98 and 3.97 have a stack-based buffer overflow in unpack_read_samples in frontend/get_audio.c, a different vulnerability than CVE-2017-9412.","MISC:https://sourceforge.net/p/lame/bugs/479/",Assigned (20171005),"None (candidate not yet proposed)","" CVE-2017-8419,Candidate,"LAME through 3.99.5 relies on the signed integer data type for values in a WAV or AIFF header, which allows remote attackers to cause a denial of service (stack-based buffer overflow or heap-based buffer overflow) or possibly have unspecified other impact via a crafted file, as demonstrated by mishandling of num_channels.","MISC:https://sourceforge.net/p/lame/bugs/458/",Assigned (20170502),"None (candidate not yet proposed)","" CVE-2017-9412,Candidate,"The unpack_read_samples function in frontend/get_audio.c in LAME 3.99.5 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted wav file.","EXPLOIT-DB:42390 | URL:https://www.exploit-db.com/exploits/42390/ | MISC:http://seclists.org/fulldisclosure/2017/Jul/63",Assigned (20170602),"None (candidate not yet proposed)","" CVE-2017-9869,Candidate,"The II_step_one function in layer2.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file.","BID:99272 | URL:http://www.securityfocus.com/bid/99272 | EXPLOIT-DB:42258 | URL:https://www.exploit-db.com/exploits/42258/ | MISC:https://blogs.gentoo.org/ago/2017/06/17/lame-global-buffer-overflow-in-ii_step_one-layer2-c/",Assigned (20170625),"None (candidate not yet proposed)","" CVE-2017-9870,Candidate,"The III_i_stereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file that is mishandled in the code for the ""block_type == 2"" case, a similar issue to CVE-2017-11126.","BID:99287 | URL:http://www.securityfocus.com/bid/99287 | MISC:https://blogs.gentoo.org/ago/2017/06/17/lame-global-buffer-overflow-in-iii_i_stereo-layer3-c/",Assigned (20170625),"None (candidate not yet proposed)","" CVE-2017-9871,Candidate,"The III_i_stereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file.","BID:99289 | URL:http://www.securityfocus.com/bid/99289 | MISC:https://blogs.gentoo.org/ago/2017/06/17/lame-stack-based-buffer-overflow-in-iii_i_stereo-layer3-c/",Assigned (20170625),"None (candidate not yet proposed)","" CVE-2017-9872,Candidate,"The III_dequantize_sample function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file.","BID:99270 | URL:http://www.securityfocus.com/bid/99270 | EXPLOIT-DB:42259 | URL:https://www.exploit-db.com/exploits/42259/ | MISC:https://blogs.gentoo.org/ago/2017/06/17/lame-stack-based-buffer-overflow-in-iii_dequantize_sample-layer3-c/",Assigned (20170625),"None (candidate not yet proposed)","" CVE-2019-10807,Candidate,"Blamer versions prior to 1.0.1 allows execution of arbitrary commands. It is possible to inject arbitrary commands as part of the arguments provided to blamer.","MISC:https://github.com/kucherenko/blamer/commit/5fada8c9b6986ecd28942b724fa682e77ce1e11c, | MISC:https://snyk.io/vuln/SNYK-JS-BLAMER-559541",Assigned (20190403),"None (candidate not yet proposed)","" CVE-2019-11556,Candidate,"Pagure before 5.6 allows XSS via the templates/blame.html blame view.","CONFIRM:https://docs.pagure.org/pagure/changelog.html | CONFIRM:https://pagure.io/pagure/c/31a0d2950ed409550074ca52ba492f9b87ec3318?branch=ab39e95ed4dc8367e5e146e6d9a9fa6925b75618 | MISC:https://pagure.io/pagure/commits/master | SUSE:openSUSE-SU-2020:1765 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00066.html | SUSE:openSUSE-SU-2020:1810 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00007.html",Assigned (20190426),"None (candidate not yet proposed)","" CVE-2019-16309,Candidate,"FlameCMS 3.3.5 has SQL injection in account/login.php via accountName.","MISC:http://www.iwantacve.cn/index.php/archives/317/",Assigned (20190914),"None (candidate not yet proposed)","" CVE-2020-0261,Candidate,"In C2 flame devices, there is a possible bypass of seccomp due to a missing configuration file. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-146059841","MISC:https://source.android.com/security/bulletin/pixel/2020-08-01 | URL:https://source.android.com/security/bulletin/pixel/2020-08-01",Assigned (20191017),"None (candidate not yet proposed)","" CVE-2020-29651,Candidate,"A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality.","FEDORA:FEDORA-2020-8371993b6b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHDTINIBJZ67T3W74QTBIY5LPKAXEOGR/ | FEDORA:FEDORA-2020-db0eb54982 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYWNYEV3FGDHPIHX4DDUDMFZ6NLCQRC4/ | MISC:https://github.com/pytest-dev/py/issues/256 | MISC:https://github.com/pytest-dev/py/pull/257 | MISC:https://github.com/pytest-dev/py/pull/257/commits/4a9017dc6199d2a564b6e4b0aa39d6d8870e4144",Assigned (20201209),"None (candidate not yet proposed)","" CVE-2020-8137,Candidate,"Code injection vulnerability in blamer 1.0.0 and earlier may result in remote code execution when the input can be controlled by an attacker.","MISC:https://hackerone.com/reports/772448",Assigned (20200128),"None (candidate not yet proposed)","" CVE-2017-12911,Candidate,"The ""apetag.c"" file in MP3Gain 1.5.2.r2 has a vulnerability which results in a stack memory corruption when opening a crafted MP3 file.","MISC:https://drive.google.com/open?id=0B9DojFnTUSNGeS1hZlJkeGVkYlU | SUSE:openSUSE-SU-2020:0522 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00025.html | SUSE:openSUSE-SU-2020:0539 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00030.html",Assigned (20170817),"None (candidate not yet proposed)","" CVE-2017-12912,Candidate,"The ""mpglibDBL/layer3.c"" file in MP3Gain 1.5.2.r2 has a vulnerability which results in a read access violation when opening a crafted MP3 file.","MISC:https://drive.google.com/open?id=0B9DojFnTUSNGeS1hZlJkeGVkYlU",Assigned (20170817),"None (candidate not yet proposed)","" CVE-2017-14406,Candidate,"A NULL pointer dereference was discovered in sync_buffer in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service.","MISC:https://blogs.gentoo.org/ago/2017/09/08/mp3gain-null-pointer-dereference-in-sync_buffer-mpglibdblinterface-c/",Assigned (20170912),"None (candidate not yet proposed)","" CVE-2017-14407,Candidate,"A stack-based buffer over-read was discovered in filterYule in gain_analysis.c in MP3Gain version 1.5.2. The vulnerability causes an application crash, which leads to remote denial of service.","MISC:https://blogs.gentoo.org/ago/2017/09/08/mp3gain-stack-based-buffer-overflow-in-filteryule-gain_analysis-c/",Assigned (20170912),"None (candidate not yet proposed)","" CVE-2017-14408,Candidate,"A stack-based buffer over-read was discovered in dct36 in layer3.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an application crash, which leads to remote denial of service.","MISC:https://blogs.gentoo.org/ago/2017/09/08/mp3gain-stack-based-buffer-overflow-in-dct36-mpglibdbllayer3-c/",Assigned (20170912),"None (candidate not yet proposed)","" CVE-2017-14409,Candidate,"A buffer overflow was discovered in III_dequantize_sample in layer3.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution.","MISC:https://blogs.gentoo.org/ago/2017/09/08/mp3gain-global-buffer-overflow-in-iii_dequantize_sample-mpglibdbllayer3-c/",Assigned (20170912),"None (candidate not yet proposed)","" CVE-2017-14410,Candidate,"A buffer over-read was discovered in III_i_stereo in layer3.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an application crash, which leads to remote denial of service.","MISC:https://blogs.gentoo.org/ago/2017/09/08/mp3gain-global-buffer-overflow-in-iii_i_stereo-mpglibdbllayer3-c/",Assigned (20170912),"None (candidate not yet proposed)","" CVE-2017-14411,Candidate,"A stack-based buffer overflow was discovered in copy_mp in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution.","MISC:https://blogs.gentoo.org/ago/2017/09/08/mp3gain-stack-based-buffer-overflow-in-copy_mp-mpglibdblinterface-c/",Assigned (20170912),"None (candidate not yet proposed)","" CVE-2017-14412,Candidate,"An invalid memory write was discovered in copy_mp in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes a denial of service (segmentation fault and application crash) or possibly unspecified other impact.","MISC:https://blogs.gentoo.org/ago/2017/09/08/mp3gain-invalid-memory-write-in-copy_mp-mpglibdblinterface-c/",Assigned (20170912),"None (candidate not yet proposed)","" CVE-2018-10776,Candidate,"The getbits function in mpglibDBL/common.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service (segmentation fault and application crash) or possibly have unspecified other impact.","MISC:https://docs.google.com/document/d/1gkHfRWO9f-FTBhZ3ZT3RMZZ_JbJ18ZIkH2GlVTV35cQ/edit",Assigned (20180506),"None (candidate not yet proposed)","" CVE-2018-10777,Candidate,"Buffer overflow in the WriteMP3GainAPETag function in apetag.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.","MISC:https://docs.google.com/document/d/11Ms9j82hpH8iA0oc4QH0qUG6gq-ZOiqI0YroAFMrcD8/edit",Assigned (20180506),"None (candidate not yet proposed)","" CVE-2018-10778,Candidate,"Read access violation in the III_dequantize_sample function in mpglibDBL/layer3.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact, a different vulnerability than CVE-2017-9872 and CVE-2017-14409.","MISC:https://docs.google.com/document/d/11qVnW4frI-9PGRVkSOGb9IaF3ylzrc32bJXyO1OsfQM/edit",Assigned (20180506),"None (candidate not yet proposed)","" CVE-2019-18359,Candidate,"A buffer over-read was discovered in ReadMP3APETag in apetag.c in MP3Gain 1.6.2. The vulnerability causes an application crash, which leads to remote denial of service.","MISC:https://sourceforge.net/p/mp3gain/bugs/46/ | SUSE:openSUSE-SU-2020:0522 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00025.html | SUSE:openSUSE-SU-2020:0539 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00030.html",Assigned (20191023),"None (candidate not yet proposed)","" CVE-2010-1516,Candidate,"Multiple integer overflows in SWFTools 0.9.1 allow remote attackers to execute arbitrary code via (1) a crafted PNG file, related to the getPNG function in lib/png.c; or (2) a crafted JPEG file, related to the jpeg_load function in lib/jpeg.c.","BUGTRAQ:20100813 Secunia Research: SWFTools Two Integer Overflow Vulnerabilities | URL:http://www.securityfocus.com/archive/1/513102/100/0/threaded | GENTOO:GLSA-201204-05 | URL:http://security.gentoo.org/glsa/glsa-201204-05.xml | MISC:http://secunia.com/secunia_research/2010-80/ | SECUNIA:39970 | URL:http://secunia.com/advisories/39970 | SECUNIA:48821 | URL:http://secunia.com/advisories/48821",Assigned (20100426),"None (candidate not yet proposed)","" CVE-2017-1000174,Candidate,"In SWFTools, an address access exception was found in swfdump swf_GetBits().","MISC:https://github.com/matthiaskramm/swftools/issues/21",Assigned (20171116),"None (candidate not yet proposed)","" CVE-2017-1000176,Candidate,"In SWFTools, a memcpy buffer overflow was found in swfc.","MISC:https://github.com/matthiaskramm/swftools/issues/23",Assigned (20171116),"None (candidate not yet proposed)","" CVE-2017-1000182,Candidate,"In SWFTools, a memory leak was found in wav2swf.","MISC:https://github.com/matthiaskramm/swftools/issues/30",Assigned (20171116),"None (candidate not yet proposed)","" CVE-2017-1000185,Candidate,"In SWFTools, a memcpy buffer overflow was found in gif2swf.","MISC:https://github.com/matthiaskramm/swftools/issues/33",Assigned (20171116),"None (candidate not yet proposed)","" CVE-2017-1000186,Candidate,"In SWFTools, a stack overflow was found in pdf2swf.","MISC:https://github.com/matthiaskramm/swftools/issues/34",Assigned (20171116),"None (candidate not yet proposed)","" CVE-2017-1000187,Candidate,"In SWFTools, an address access exception was found in pdf2swf. FoFiTrueType::writeTTF()","MISC:https://github.com/matthiaskramm/swftools/issues/36",Assigned (20171116),"None (candidate not yet proposed)","" CVE-2017-10976,Candidate,"When SWFTools 0.9.2 processes a crafted file in ttftool, it can lead to a heap-based buffer over-read in the readBlock() function in lib/ttf.c.","MISC:https://github.com/matthiaskramm/swftools/issues/28",Assigned (20170706),"None (candidate not yet proposed)","" CVE-2017-11096,Candidate,"When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swf_DeleteFilter() function in lib/modules/swffilter.c.","MISC:https://github.com/matthiaskramm/swftools/issues/25",Assigned (20170707),"None (candidate not yet proposed)","" CVE-2017-11097,Candidate,"When SWFTools 0.9.2 processes a crafted file in swfc, it can lead to a NULL Pointer Dereference in the dict_lookup() function in lib/q.c.","MISC:https://github.com/matthiaskramm/swftools/issues/24",Assigned (20170707),"None (candidate not yet proposed)","" CVE-2017-11098,Candidate,"When SWFTools 0.9.2 processes a crafted file in png2swf, it can lead to a Segmentation Violation in the png_load() function in lib/png.c.","MISC:https://github.com/matthiaskramm/swftools/issues/32",Assigned (20170707),"None (candidate not yet proposed)","" CVE-2017-11099,Candidate,"When SWFTools 0.9.2 processes a crafted file in wav2swf, it can lead to a Segmentation Violation in the wav_convert2mono() function in lib/wav.c.","MISC:https://github.com/matthiaskramm/swftools/issues/31",Assigned (20170707),"None (candidate not yet proposed)","" CVE-2017-11100,Candidate,"When SWFTools 0.9.2 processes a crafted file in swfextract, it can lead to a NULL Pointer Dereference in the swf_FoldSprite() function in lib/rxfswf.c.","MISC:https://github.com/matthiaskramm/swftools/issues/27",Assigned (20170707),"None (candidate not yet proposed)","" CVE-2017-11101,Candidate,"When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swf_Relocate() function in lib/modules/swftools.c.","MISC:https://github.com/matthiaskramm/swftools/issues/26",Assigned (20170707),"None (candidate not yet proposed)","" CVE-2017-16711,Candidate,"The swf_DefineLosslessBitsTagToImage function in lib/modules/swfbits.c in SWFTools 0.9.2 mishandles an uncompress failure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) because of extractDefinitions in lib/readers/swf.c and fill_line_bitmap in lib/devices/render.c, as demonstrated by swfrender.","BID:101797 | URL:http://www.securityfocus.com/bid/101797 | MISC:https://github.com/matthiaskramm/swftools/issues/46",Assigned (20171109),"None (candidate not yet proposed)","" CVE-2017-16793,Candidate,"The wav_convert2mono function in lib/wav.c in SWFTools 0.9.2 does not properly validate WAV data, which allows remote attackers to cause a denial of service (incorrect malloc and heap-based buffer overflow) or possibly have unspecified other impact via a crafted file.","MISC:https://github.com/matthiaskramm/swftools/issues/47",Assigned (20171111),"None (candidate not yet proposed)","" CVE-2017-16794,Candidate,"The png_load function in lib/png.c in SWFTools 0.9.2 does not properly validate a multiplication of width and bits-per-pixel values, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file, as demonstrated by an erroneous png_load call that occurs because of incorrect integer data types in png2swf.","MISC:https://github.com/matthiaskramm/swftools/issues/50",Assigned (20171111),"None (candidate not yet proposed)","" CVE-2017-16796,Candidate,"In SWFTools 0.9.2, the png_load function in lib/png.c does not check the return value of a realloc call, which allows remote attackers to cause a denial of service (invalid write and application crash) or possibly have unspecified other impact via vectors involving an IDAT tag in a crafted PNG file.","MISC:https://github.com/matthiaskramm/swftools/issues/51",Assigned (20171112),"None (candidate not yet proposed)","" CVE-2017-16797,Candidate,"In SWFTools 0.9.2, the png_load function in lib/png.c does not properly validate an alloclen_64 multiplication of width and height values, which allows remote attackers to cause a denial of service (integer overflow, heap-based buffer overflow, and application crash) or possibly have unspecified other impact via a crafted PNG file.","MISC:https://github.com/matthiaskramm/swftools/issues/51",Assigned (20171112),"None (candidate not yet proposed)","" CVE-2017-16868,Candidate,"In SWFTools 0.9.2, the wav_convert2mono function in lib/wav.c does not properly restrict a multiplication within a malloc call, which allows remote attackers to cause a denial of service (integer overflow and NULL pointer dereference) via a crafted WAV file.","MISC:https://github.com/matthiaskramm/swftools/issues/52",Assigned (20171117),"None (candidate not yet proposed)","" CVE-2017-16890,Candidate,"SWFTools 0.9.2 has a divide-by-zero error in the wav_convert2mono function in lib/wav.c because the align value may be zero.","MISC:https://github.com/matthiaskramm/swftools/issues/57",Assigned (20171119),"None (candidate not yet proposed)","" CVE-2017-7698,Candidate,"A Use After Free in the pdf2swf part of swftools 0.9.2 and earlier allows remote attackers to execute arbitrary code via a malformed PDF document, possibly a consequence of an error in Gfx.cc in Xpdf 3.02.","CONFIRM:https://github.com/matthiaskramm/swftools/pull/19",Assigned (20170411),"None (candidate not yet proposed)","" CVE-2017-8400,Candidate,"In SWFTools 0.9.2, an out-of-bounds write of heap data can occur in the function png_load() in lib/png.c:755. This issue can be triggered by a malformed PNG file that is mishandled by png2swf. Attackers could exploit this issue for DoS; it might cause arbitrary code execution.","CONFIRM:https://github.com/matthiaskramm/swftools/issues/13",Assigned (20170501),"None (candidate not yet proposed)","" CVE-2017-8401,Candidate,"In SWFTools 0.9.2, an out-of-bounds read of heap data can occur in the function png_load() in lib/png.c:724. This issue can be triggered by a malformed PNG file that is mishandled by png2swf. Attackers could exploit this issue for DoS.","CONFIRM:https://github.com/matthiaskramm/swftools/issues/14",Assigned (20170501),"None (candidate not yet proposed)","" CVE-2017-8420,Candidate,"SWFTools 2013-04-09-1007 on Windows has a ""Data from Faulting Address controls Branch Selection starting at image00000000_00400000+0x0000000000003e71"" issue. This issue can be triggered by a malformed TTF file that is mishandled by font2swf. Attackers could exploit this issue for DoS (Access Violation).","MISC:https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8420",Assigned (20170502),"None (candidate not yet proposed)","" CVE-2017-9924,Candidate,"In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers to execute arbitrary code or cause a denial of service via a crafted file, related to a ""User Mode Write AV starting at image00000000_00400000+0x000000000001b72a.""","MISC:https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9924",Assigned (20170625),"None (candidate not yet proposed)","" CVE-2017-9925,Candidate,"In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers to execute arbitrary code or cause a denial of service via a crafted file, related to a ""User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d.""","MISC:https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9925",Assigned (20170625),"None (candidate not yet proposed)","" CVE-2017-9926,Candidate,"In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file, related to a ""Read Access Violation starting at image00000000_00400000+0x000000000001b596.""","MISC:https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9926",Assigned (20170625),"None (candidate not yet proposed)","" CVE-2017-9927,Candidate,"In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file, related to a ""Read Access Violation starting at image00000000_00400000+0x000000000001b5fe.""","MISC:https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9927",Assigned (20170625),"None (candidate not yet proposed)","" CVE-2005-4048,Candidate,"Heap-based buffer overflow in the avcodec_default_get_buffer function (utils.c) in FFmpeg libavcodec 0.4.9-pre1 and earlier, as used in products such as (1) mplayer, (2) xine-lib, (3) Xmovie, and (4) GStreamer, allows remote attackers to execute arbitrary commands via small PNG images with palettes.","BID:15743 | URL:http://www.securityfocus.com/bid/15743 | CONFIRM:http://cvs.freedesktop.org/gstreamer/gst-ffmpeg/ChangeLog?rev=1.239&view=markup | CONFIRM:http://www1.mplayerhq.hu/cgi-bin/cvsweb.cgi/ffmpeg/libavcodec/utils.c.diff?r1=1.161&r2=1.162&cvsroot=FFMpeg | CONFIRM:http://www1.mplayerhq.hu/cgi-bin/cvsweb.cgi/ffmpeg/libavcodec/utils.c?rev=1.162&content-type=text/x-cvsweb-markup&cvsroot=FFMpeg | DEBIAN:DSA-1004 | URL:http://www.debian.org/security/2006/dsa-1004 | DEBIAN:DSA-1005 | URL:http://www.debian.org/security/2006/dsa-1005 | DEBIAN:DSA-992 | URL:http://www.us.debian.org/security/2006/dsa-992 | GENTOO:GLSA-200601-06 | URL:http://www.gentoo.org/security/en/glsa/glsa-200601-06.xml | GENTOO:GLSA-200602-01 | URL:http://www.gentoo.org/security/en/glsa/glsa-200602-01.xml | GENTOO:GLSA-200603-03 | URL:http://www.gentoo.org/security/en/glsa/glsa-200603-03.xml | MANDRIVA:MDKSA-2005:228 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:228 | MANDRIVA:MDKSA-2005:229 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:229 | MANDRIVA:MDKSA-2005:230 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:230 | MANDRIVA:MDKSA-2005:231 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:231 | MANDRIVA:MDKSA-2005:232 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:232 | MISC:http://article.gmane.org/gmane.comp.video.ffmpeg.devel/26558 | SECUNIA:17892 | URL:http://secunia.com/advisories/17892 | SECUNIA:18066 | URL:http://secunia.com/advisories/18066 | SECUNIA:18087 | URL:http://secunia.com/advisories/18087 | SECUNIA:18107 | URL:http://secunia.com/advisories/18107 | SECUNIA:18400 | URL:http://secunia.com/advisories/18400 | SECUNIA:18739 | URL:http://secunia.com/advisories/18739 | SECUNIA:18746 | URL:http://secunia.com/advisories/18746 | SECUNIA:19114 | URL:http://secunia.com/advisories/19114 | SECUNIA:19192 | URL:http://secunia.com/advisories/19192 | SECUNIA:19272 | URL:http://secunia.com/advisories/19272 | SECUNIA:19279 | URL:http://secunia.com/advisories/19279 | UBUNTU:USN-230-1 | URL:https://usn.ubuntu.com/230-1/ | UBUNTU:USN-230-2 | URL:https://usn.ubuntu.com/230-2/ | VUPEN:ADV-2005-2770 | URL:http://www.vupen.com/english/advisories/2005/2770",Assigned (20051207),"None (candidate not yet proposed)","" CVE-2006-4799,Candidate,"Buffer overflow in ffmpeg for xine-lib before 1.1.2 might allow context-dependent attackers to execute arbitrary code via a crafted AVI file and ""bad indexes"", a different vulnerability than CVE-2005-4048 and CVE-2006-2802.","CONFIRM:http://xinehq.de/index.php/news | DEBIAN:DSA-1215 | URL:http://www.us.debian.org/security/2006/dsa-1215 | GENTOO:GLSA-200609-09 | URL:http://www.gentoo.org/security/en/glsa/glsa-200609-09.xml | SECUNIA:22230 | URL:http://secunia.com/advisories/22230 | SECUNIA:23010 | URL:http://secunia.com/advisories/23010 | SECUNIA:23213 | URL:http://secunia.com/advisories/23213 | SUSE:SUSE-SA:2006:073 | URL:http://www.novell.com/linux/security/advisories/2006_73_mono.html | UBUNTU:USN-358-1 | URL:http://www.ubuntu.com/usn/usn-358-1",Assigned (20060914),"None (candidate not yet proposed)","" CVE-2006-4800,Candidate,"Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to cause a denial of service or possibly execute arbitrary code via multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c, (4) sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9) cook.c, (10) shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c. NOTE: it is likely that this is a different vulnerability than CVE-2005-4048 and CVE-2006-2802.","BID:20009 | URL:http://www.securityfocus.com/bid/20009 | DEBIAN:DSA-1215 | URL:http://www.us.debian.org/security/2006/dsa-1215 | GENTOO:GLSA-200609-09 | URL:http://security.gentoo.org/glsa/glsa-200609-09.xml | MANDRIVA:MDKSA-2006:173 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:173 | MANDRIVA:MDKSA-2006:174 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:174 | MANDRIVA:MDKSA-2006:175 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:175 | MANDRIVA:MDKSA-2006:176 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:176 | MISC:http://bugs.gentoo.org/show_bug.cgi?id=133520 | SECUNIA:21921 | URL:http://secunia.com/advisories/21921 | SECUNIA:22180 | URL:http://secunia.com/advisories/22180 | SECUNIA:22181 | URL:http://secunia.com/advisories/22181 | SECUNIA:22182 | URL:http://secunia.com/advisories/22182 | SECUNIA:22198 | URL:http://secunia.com/advisories/22198 | SECUNIA:22200 | URL:http://secunia.com/advisories/22200 | SECUNIA:22201 | URL:http://secunia.com/advisories/22201 | SECUNIA:22202 | URL:http://secunia.com/advisories/22202 | SECUNIA:22203 | URL:http://secunia.com/advisories/22203 | SECUNIA:22230 | URL:http://secunia.com/advisories/22230 | SECUNIA:23010 | URL:http://secunia.com/advisories/23010 | SECUNIA:23213 | URL:http://secunia.com/advisories/23213 | SUSE:SUSE-SA:2006:073 | URL:http://www.novell.com/linux/security/advisories/2006_73_mono.html | UBUNTU:USN-358-1 | URL:http://www.ubuntu.com/usn/usn-358-1",Assigned (20060914),"None (candidate not yet proposed)","" CVE-2008-3162,Candidate,"Stack-based buffer overflow in the str_read_packet function in libavformat/psxstr.c in FFmpeg before r13993 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted STR file that interleaves audio and video sectors.","BID:30154 | URL:http://www.securityfocus.com/bid/30154 | CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=489965 | CONFIRM:http://svn.mplayerhq.hu/ffmpeg?view=rev&revision=13993 | CONFIRM:https://roundup.mplayerhq.hu/roundup/ffmpeg/issue311 | DEBIAN:DSA-1781 | URL:http://www.debian.org/security/2009/dsa-1781 | GENTOO:GLSA-200903-33 | URL:http://security.gentoo.org/glsa/glsa-200903-33.xml | MANDRIVA:MDVSA-2008:157 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:157 | MLIST:[oss-security] 20080710 CVE id request: libavformat | URL:http://www.openwall.com/lists/oss-security/2008/07/09/9 | MLIST:[oss-security] 20080716 Re: CVE id request: libavformat | URL:http://www.openwall.com/lists/oss-security/2008/07/16/4 | SECUNIA:30994 | URL:http://secunia.com/advisories/30994 | SECUNIA:31268 | URL:http://secunia.com/advisories/31268 | SECUNIA:34385 | URL:http://secunia.com/advisories/34385 | SECUNIA:34905 | URL:http://secunia.com/advisories/34905 | UBUNTU:USN-630-1 | URL:http://www.ubuntu.com/usn/usn-630-1 | VUPEN:ADV-2008-2031 | URL:http://www.vupen.com/english/advisories/2008/2031/references",Assigned (20080714),"None (candidate not yet proposed)","" CVE-2008-3230,Candidate,"The ffmpeg lavf demuxer allows user-assisted attackers to cause a denial of service (application crash) via a crafted GIF file, possibly related to gstreamer, as demonstrated by lol-giftopnm.gif.","BID:31234 | URL:http://www.securityfocus.com/bid/31234 | CONFIRM:http://bugzilla.gnome.org/show_bug.cgi?id=542643 | MANDRIVA:MDVSA-2009:297 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:297 | MISC:https://roundup.mplayerhq.hu/roundup/ffmpeg/issue530 | MLIST:[oss-security] 20080713 CVE requests: crashers by zzuf | URL:http://www.openwall.com/lists/oss-security/2008/07/13/3 | SECUNIA:31899 | URL:http://secunia.com/advisories/31899 | XF:ffmpeg-demuxer-dos(44210) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/44210",Assigned (20080718),"None (candidate not yet proposed)","" CVE-2008-4866,Candidate,"Multiple buffer overflows in libavformat/utils.c in FFmpeg 0.4.9 before r14715, as used by MPlayer, allow context-dependent attackers to have an unknown impact via vectors related to execution of DTS generation code with a delay greater than MAX_REORDER_DELAY.","BID:33308 | URL:http://www.securityfocus.com/bid/33308 | DEBIAN:DSA-1782 | URL:http://www.debian.org/security/2009/dsa-1782 | FULLDISC:20080905 [PLSA 2008-36] Ffmpeg: Multiple vulnerabilities | URL:http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0103.html | GENTOO:GLSA-200903-33 | URL:http://security.gentoo.org/glsa/glsa-200903-33.xml | MANDRIVA:MDVSA-2009:013 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:013 | MANDRIVA:MDVSA-2009:015 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:015 | MLIST:[ffmpeg-cvslog] 20080812 r14714 - trunk/libavformat/utils.c | URL:http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016011.html | MLIST:[ffmpeg-cvslog] 20080812 r14715 - trunk/libavformat/avformat.h | URL:http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016012.html | MLIST:[oss-security] 20081029 Fwd: [Full-disclosure] [PLSA 2008-36] Ffmpeg: Multiple vulnerabilities | URL:http://www.openwall.com/lists/oss-security/2008/10/29/6 | SECUNIA:34296 | URL:http://secunia.com/advisories/34296 | SECUNIA:34385 | URL:http://secunia.com/advisories/34385 | SECUNIA:34845 | URL:http://secunia.com/advisories/34845 | UBUNTU:USN-734-1 | URL:http://www.ubuntu.com/usn/USN-734-1 | XF:ffmpeg-utils-multiple-bo(46322) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/46322",Assigned (20081031),"None (candidate not yet proposed)","" CVE-2008-4867,Candidate,"Buffer overflow in libavcodec/dca.c in FFmpeg 0.4.9 before r14917, as used by MPlayer, allows context-dependent attackers to have an unknown impact via vectors related to an incorrect DCA_MAX_FRAME_SIZE value.","BID:33308 | URL:http://www.securityfocus.com/bid/33308 | FULLDISC:20080905 [PLSA 2008-36] Ffmpeg: Multiple vulnerabilities | URL:http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0103.html | GENTOO:GLSA-200903-33 | URL:http://security.gentoo.org/glsa/glsa-200903-33.xml | MANDRIVA:MDVSA-2009:013 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:013 | MANDRIVA:MDVSA-2009:014 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:014 | MANDRIVA:MDVSA-2009:015 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:015 | MLIST:[ffmpeg-cvslog] 20080823 r14917 - trunk/libavcodec/dca.c | URL:http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016352.html | MLIST:[oss-security] 20081029 Fwd: [Full-disclosure] [PLSA 2008-36] Ffmpeg: Multiple vulnerabilities | URL:http://www.openwall.com/lists/oss-security/2008/10/29/6 | SECUNIA:34296 | URL:http://secunia.com/advisories/34296 | SECUNIA:34385 | URL:http://secunia.com/advisories/34385 | UBUNTU:USN-734-1 | URL:http://www.ubuntu.com/usn/USN-734-1 | XF:ffmpeg-dca-bo(46324) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/46324",Assigned (20081031),"None (candidate not yet proposed)","" CVE-2008-4868,Candidate,"Unspecified vulnerability in the avcodec_close function in libavcodec/utils.c in FFmpeg 0.4.9 before r14787, as used by MPlayer, has unknown impact and attack vectors, related to a free ""on random pointers.""","FULLDISC:20080905 [PLSA 2008-36] Ffmpeg: Multiple vulnerabilities | URL:http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0103.html | GENTOO:GLSA-200903-33 | URL:http://security.gentoo.org/glsa/glsa-200903-33.xml | MLIST:[ffmpeg-cvslog] 20080816 r14787 - trunk/libavcodec/utils.c | URL:http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016136.html | MLIST:[oss-security] 20081029 Fwd: [Full-disclosure] [PLSA 2008-36] Ffmpeg: Multiple vulnerabilities | URL:http://www.openwall.com/lists/oss-security/2008/10/29/6 | SECUNIA:34385 | URL:http://secunia.com/advisories/34385 | XF:ffmpeg-avcodecclose-unspecified(46325) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/46325",Assigned (20081031),"None (candidate not yet proposed)","" CVE-2008-4869,Candidate,"FFmpeg 0.4.9, as used by MPlayer, allows context-dependent attackers to cause a denial of service (memory consumption) via unknown vectors, aka a ""Tcp/udp memory leak.""","FULLDISC:20080905 [PLSA 2008-36] Ffmpeg: Multiple vulnerabilities | URL:http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0103.html | GENTOO:GLSA-200903-33 | URL:http://security.gentoo.org/glsa/glsa-200903-33.xml | MANDRIVA:MDVSA-2009:297 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:297 | MLIST:[oss-security] 20081029 Fwd: [Full-disclosure] [PLSA 2008-36] Ffmpeg: Multiple vulnerabilities | URL:http://www.openwall.com/lists/oss-security/2008/10/29/6 | SECUNIA:34385 | URL:http://secunia.com/advisories/34385 | XF:ffmpeg-tcpudp-dos(46326) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/46326",Assigned (20081031),"None (candidate not yet proposed)","" CVE-2009-0385,Candidate,"Integer signedness error in the fourxm_read_header function in libavformat/4xm.c in FFmpeg before revision 16846 allows remote attackers to execute arbitrary code via a malformed 4X movie file with a large current_track value, which triggers a NULL pointer dereference.","BID:33502 | URL:http://www.securityfocus.com/bid/33502 | BUGTRAQ:20090128 [TKADV2009-004] FFmpeg Type Conversion Vulnerability | URL:http://www.securityfocus.com/archive/1/500514/100/0/threaded | CONFIRM:http://git.ffmpeg.org/?p=ffmpeg;a=commitdiff;h=72e715fb798f2cb79fd24a6d2eaeafb7c6eeda17 | CONFIRM:http://svn.mplayerhq.hu/ffmpeg/trunk/libavformat/4xm.c?r1=16838&r2=16846&pathrev=16846 | CONFIRM:http://svn.mplayerhq.hu/ffmpeg?view=rev&revision=16846 | DEBIAN:DSA-1781 | URL:http://www.debian.org/security/2009/dsa-1781 | DEBIAN:DSA-1782 | URL:http://www.debian.org/security/2009/dsa-1782 | FEDORA:FEDORA-2009-3428 | URL:https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00210.html | FEDORA:FEDORA-2009-3433 | URL:https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00215.html | GENTOO:GLSA-200903-33 | URL:http://security.gentoo.org/glsa/glsa-200903-33.xml | MANDRIVA:MDVSA-2009:297 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:297 | MISC:http://www.trapkit.de/advisories/TKADV2009-004.txt | OSVDB:51643 | URL:http://osvdb.org/51643 | SECUNIA:33711 | URL:http://secunia.com/advisories/33711 | SECUNIA:34296 | URL:http://secunia.com/advisories/34296 | SECUNIA:34385 | URL:http://secunia.com/advisories/34385 | SECUNIA:34712 | URL:http://secunia.com/advisories/34712 | SECUNIA:34845 | URL:http://secunia.com/advisories/34845 | SECUNIA:34905 | URL:http://secunia.com/advisories/34905 | UBUNTU:USN-734-1 | URL:http://www.ubuntu.com/usn/USN-734-1 | VUPEN:ADV-2009-0277 | URL:http://www.vupen.com/english/advisories/2009/0277 | XF:ffmpeg-fourxmreadheader-code-execution(48330) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/48330",Assigned (20090202),"None (candidate not yet proposed)","" CVE-2009-0698,Candidate,"Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib 1.1.16.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a 4X movie file with a large current_track value, a similar issue to CVE-2009-0385.","BUGTRAQ:20090128 [TKADV2009-004] FFmpeg Type Conversion Vulnerability | URL:http://www.securityfocus.com/archive/1/500514/100/0/threaded | CONFIRM:http://bugs.xine-project.org/show_bug.cgi?id=205 | CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=660071 | MANDRIVA:MDVSA-2009:298 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:298 | MANDRIVA:MDVSA-2009:299 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:299 | MISC:http://www.trapkit.de/advisories/TKADV2009-004.txt | SUSE:SUSE-SR:2009:009 | URL:http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html | UBUNTU:USN-746-1 | URL:http://www.ubuntu.com/usn/USN-746-1 | XF:xinelib-4xmdemuxer-code-execution(48954) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/48954",Assigned (20090223),"None (candidate not yet proposed)","" CVE-2009-4631,Candidate,"Off-by-one error in the VP3 decoder (vp3.c) in FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted VP3 file that triggers an out-of-bounds read and possibly memory corruption.","BID:36465 | URL:http://www.securityfocus.com/bid/36465 | DEBIAN:DSA-2000 | URL:http://www.debian.org/security/2010/dsa-2000 | MISC:http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html | MISC:https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240 | MISC:https://roundup.ffmpeg.org/roundup/ffmpeg/issue1483 | SECUNIA:36805 | URL:http://secunia.com/advisories/36805 | SECUNIA:38643 | URL:http://secunia.com/advisories/38643",Assigned (20100209),"None (candidate not yet proposed)","" CVE-2009-4632,Candidate,"oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain pointer arithmetic, which might allow remote attackers to obtain sensitive memory contents and cause a denial of service via a crafted file that triggers an out-of-bounds read.","BID:36465 | URL:http://www.securityfocus.com/bid/36465 | DEBIAN:DSA-2000 | URL:http://www.debian.org/security/2010/dsa-2000 | MANDRIVA:MDVSA-2011:060 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:060 | MANDRIVA:MDVSA-2011:061 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:061 | MANDRIVA:MDVSA-2011:088 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:088 | MANDRIVA:MDVSA-2011:112 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:112 | MANDRIVA:MDVSA-2011:114 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:114 | MISC:http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html | MISC:https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240 | SECUNIA:36805 | URL:http://secunia.com/advisories/36805 | SECUNIA:38643 | URL:http://secunia.com/advisories/38643 | SECUNIA:39482 | URL:http://secunia.com/advisories/39482 | UBUNTU:USN-931-1 | URL:http://www.ubuntu.com/usn/USN-931-1 | VUPEN:ADV-2010-0935 | URL:http://www.vupen.com/english/advisories/2010/0935 | VUPEN:ADV-2011-1241 | URL:http://www.vupen.com/english/advisories/2011/1241",Assigned (20100209),"None (candidate not yet proposed)","" CVE-2009-4633,Candidate,"vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a comparison operator was intended, which might allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that modifies a loop counter and triggers a heap-based buffer overflow.","BID:36465 | URL:http://www.securityfocus.com/bid/36465 | DEBIAN:DSA-2000 | URL:http://www.debian.org/security/2010/dsa-2000 | MANDRIVA:MDVSA-2011:060 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:060 | MANDRIVA:MDVSA-2011:061 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:061 | MANDRIVA:MDVSA-2011:088 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:088 | MANDRIVA:MDVSA-2011:112 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:112 | MANDRIVA:MDVSA-2011:114 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:114 | MISC:http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html | MISC:https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240 | SECUNIA:36805 | URL:http://secunia.com/advisories/36805 | SECUNIA:38643 | URL:http://secunia.com/advisories/38643 | SECUNIA:39482 | URL:http://secunia.com/advisories/39482 | UBUNTU:USN-931-1 | URL:http://www.ubuntu.com/usn/USN-931-1 | VUPEN:ADV-2010-0935 | URL:http://www.vupen.com/english/advisories/2010/0935 | VUPEN:ADV-2011-1241 | URL:http://www.vupen.com/english/advisories/2011/1241",Assigned (20100209),"None (candidate not yet proposed)","" CVE-2009-4634,Candidate,"Multiple integer underflows in FFmpeg 0.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that (1) bypasses a validation check in vorbis_dec.c and triggers a wraparound of the stack pointer, or (2) access a pointer from out-of-bounds memory in mov.c, related to an elst tag that appears before a tag that creates a stream.","BID:36465 | URL:http://www.securityfocus.com/bid/36465 | DEBIAN:DSA-2000 | URL:http://www.debian.org/security/2010/dsa-2000 | MANDRIVA:MDVSA-2011:059 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:059 | MANDRIVA:MDVSA-2011:060 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:060 | MANDRIVA:MDVSA-2011:061 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:061 | MANDRIVA:MDVSA-2011:088 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:088 | MANDRIVA:MDVSA-2011:112 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:112 | MANDRIVA:MDVSA-2011:114 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:114 | MISC:http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html | MISC:https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240 | SECUNIA:36805 | URL:http://secunia.com/advisories/36805 | SECUNIA:38643 | URL:http://secunia.com/advisories/38643 | SECUNIA:39482 | URL:http://secunia.com/advisories/39482 | UBUNTU:USN-931-1 | URL:http://www.ubuntu.com/usn/USN-931-1 | VUPEN:ADV-2010-0935 | URL:http://www.vupen.com/english/advisories/2010/0935 | VUPEN:ADV-2011-1241 | URL:http://www.vupen.com/english/advisories/2011/1241",Assigned (20100209),"None (candidate not yet proposed)","" CVE-2009-4635,Candidate,"FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted MOV container with improperly ordered tags that cause (1) mov.c and (2) utils.c to use inconsistent codec types and identifiers, leading to processing of a video-structure pointer by the mp3 decoder, and a stack-based buffer overflow.","BID:36465 | URL:http://www.securityfocus.com/bid/36465 | DEBIAN:DSA-2000 | URL:http://www.debian.org/security/2010/dsa-2000 | MANDRIVA:MDVSA-2011:059 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:059 | MANDRIVA:MDVSA-2011:060 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:060 | MANDRIVA:MDVSA-2011:061 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:061 | MANDRIVA:MDVSA-2011:088 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:088 | MANDRIVA:MDVSA-2011:112 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:112 | MANDRIVA:MDVSA-2011:114 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:114 | MISC:http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html | MISC:https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240 | SECUNIA:36805 | URL:http://secunia.com/advisories/36805 | SECUNIA:38643 | URL:http://secunia.com/advisories/38643 | SECUNIA:39482 | URL:http://secunia.com/advisories/39482 | UBUNTU:USN-931-1 | URL:http://www.ubuntu.com/usn/USN-931-1 | VUPEN:ADV-2010-0935 | URL:http://www.vupen.com/english/advisories/2010/0935 | VUPEN:ADV-2011-1241 | URL:http://www.vupen.com/english/advisories/2011/1241",Assigned (20100209),"None (candidate not yet proposed)","" CVE-2009-4636,Candidate,"FFmpeg 0.5 allows remote attackers to cause a denial of service (hang) via a crafted file that triggers an infinite loop.","BID:36465 | URL:http://www.securityfocus.com/bid/36465 | DEBIAN:DSA-2000 | URL:http://www.debian.org/security/2010/dsa-2000 | MANDRIVA:MDVSA-2011:061 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:061 | MANDRIVA:MDVSA-2011:062 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:062 | MANDRIVA:MDVSA-2011:088 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:088 | MANDRIVA:MDVSA-2011:089 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:089 | MANDRIVA:MDVSA-2011:112 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:112 | MANDRIVA:MDVSA-2011:114 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:114 | MISC:http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html | MISC:https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240 | SECUNIA:36805 | URL:http://secunia.com/advisories/36805 | SECUNIA:38643 | URL:http://secunia.com/advisories/38643 | VUPEN:ADV-2011-1241 | URL:http://www.vupen.com/english/advisories/2011/1241",Assigned (20100209),"None (candidate not yet proposed)","" CVE-2009-4637,Candidate,"FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a stack-based buffer overflow.","BID:36465 | URL:http://www.securityfocus.com/bid/36465 | DEBIAN:DSA-2000 | URL:http://www.debian.org/security/2010/dsa-2000 | MISC:http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html | MISC:https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240 | SECUNIA:36805 | URL:http://secunia.com/advisories/36805 | SECUNIA:38643 | URL:http://secunia.com/advisories/38643 | SECUNIA:39482 | URL:http://secunia.com/advisories/39482 | UBUNTU:USN-931-1 | URL:http://www.ubuntu.com/usn/USN-931-1 | VUPEN:ADV-2010-0935 | URL:http://www.vupen.com/english/advisories/2010/0935",Assigned (20100209),"None (candidate not yet proposed)","" CVE-2009-4638,Candidate,"Integer overflow in FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.","BID:36465 | URL:http://www.securityfocus.com/bid/36465 | DEBIAN:DSA-2000 | URL:http://www.debian.org/security/2010/dsa-2000 | MISC:http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html | MISC:https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240 | SECUNIA:36805 | URL:http://secunia.com/advisories/36805 | SECUNIA:38643 | URL:http://secunia.com/advisories/38643",Assigned (20100209),"None (candidate not yet proposed)","" CVE-2009-4639,Candidate,"The av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) via a crafted AVI file that triggers a divide-by-zero error.","BID:36465 | URL:http://www.securityfocus.com/bid/36465 | CONFIRM:https://roundup.ffmpeg.org/roundup/ffmpeg/issue1245 | MANDRIVA:MDVSA-2011:059 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:059 | MANDRIVA:MDVSA-2011:060 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:060 | MANDRIVA:MDVSA-2011:061 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:061 | MANDRIVA:MDVSA-2011:088 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:088 | MANDRIVA:MDVSA-2011:112 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:112 | MISC:http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html | MISC:https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240 | SECUNIA:36805 | URL:http://secunia.com/advisories/36805 | SECUNIA:39482 | URL:http://secunia.com/advisories/39482 | UBUNTU:USN-931-1 | URL:http://www.ubuntu.com/usn/USN-931-1 | VUPEN:ADV-2010-0935 | URL:http://www.vupen.com/english/advisories/2010/0935 | VUPEN:ADV-2011-1241 | URL:http://www.vupen.com/english/advisories/2011/1241",Assigned (20100209),"None (candidate not yet proposed)","" CVE-2009-4640,Candidate,"Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Vorbis file that triggers an out-of-bounds read.","BID:36465 | URL:http://www.securityfocus.com/bid/36465 | DEBIAN:DSA-2000 | URL:http://www.debian.org/security/2010/dsa-2000 | MANDRIVA:MDVSA-2011:060 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:060 | MANDRIVA:MDVSA-2011:061 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:061 | MANDRIVA:MDVSA-2011:088 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:088 | MANDRIVA:MDVSA-2011:112 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:112 | MANDRIVA:MDVSA-2011:114 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:114 | MISC:http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html | MISC:https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240 | SECUNIA:36805 | URL:http://secunia.com/advisories/36805 | SECUNIA:38643 | URL:http://secunia.com/advisories/38643 | SECUNIA:39482 | URL:http://secunia.com/advisories/39482 | UBUNTU:USN-931-1 | URL:http://www.ubuntu.com/usn/USN-931-1 | VUPEN:ADV-2010-0935 | URL:http://www.vupen.com/english/advisories/2010/0935 | VUPEN:ADV-2011-1241 | URL:http://www.vupen.com/english/advisories/2011/1241",Assigned (20100209),"None (candidate not yet proposed)","" CVE-2010-3429,Candidate,"flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer and other products, allows remote attackers to execute arbitrary code via a crafted flic file, related to an ""arbitrary offset dereference vulnerability.""","BUGTRAQ:20100928 [oCERT-2010-004] FFmpeg/libavcodec arbitrary offset dereference | URL:http://www.securityfocus.com/archive/1/514009/100/0/threaded | CONFIRM:http://git.ffmpeg.org/?p=ffmpeg;a=commit;h=16c592155f117ccd7b86006c45aacc692a81c23b | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=635775 | DEBIAN:DSA-2165 | URL:http://www.debian.org/security/2011/dsa-2165 | MANDRIVA:MDVSA-2011:060 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:060 | MANDRIVA:MDVSA-2011:061 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:061 | MANDRIVA:MDVSA-2011:062 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:062 | MANDRIVA:MDVSA-2011:088 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:088 | MANDRIVA:MDVSA-2011:089 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:089 | MANDRIVA:MDVSA-2011:112 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:112 | MANDRIVA:MDVSA-2011:114 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:114 | MISC:http://www.ocert.org/advisories/ocert-2010-004.html | MLIST:[oss-security] 20100928 [oCERT-2010-004] FFmpeg/libavcodec arbitrary offset dereference | URL:http://www.openwall.com/lists/oss-security/2010/09/28/4 | SECUNIA:41626 | URL:http://secunia.com/advisories/41626 | SECUNIA:43323 | URL:http://secunia.com/advisories/43323 | UBUNTU:USN-1104-1 | URL:http://www.ubuntu.com/usn/usn-1104-1/ | VUPEN:ADV-2010-2517 | URL:http://www.vupen.com/english/advisories/2010/2517 | VUPEN:ADV-2010-2518 | URL:http://www.vupen.com/english/advisories/2010/2518 | VUPEN:ADV-2011-1241 | URL:http://www.vupen.com/english/advisories/2011/1241",Assigned (20100917),"None (candidate not yet proposed)","" CVE-2010-3908,Candidate,"FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed WMV file.","CONFIRM:http://ffmpeg.mplayerhq.hu/ | DEBIAN:DSA-2306 | URL:http://www.debian.org/security/2011/dsa-2306 | MANDRIVA:MDVSA-2011:061 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:061 | UBUNTU:USN-1104-1 | URL:http://www.ubuntu.com/usn/usn-1104-1/",Assigned (20101012),"None (candidate not yet proposed)","" CVE-2010-4704,Candidate,"libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function. NOTE: this might overlap CVE-2011-0480.","BID:46294 | URL:http://www.securityfocus.com/bid/46294 | CONFIRM:http://ffmpeg.mplayerhq.hu/ | CONFIRM:http://git.ffmpeg.org/?p=ffmpeg.git;a=commit;h=3dde66752d59dfdd0f3727efd66e7202b3c75078 | CONFIRM:https://roundup.ffmpeg.org/issue2322 | DEBIAN:DSA-2165 | URL:http://www.debian.org/security/2011/dsa-2165 | DEBIAN:DSA-2306 | URL:http://www.debian.org/security/2011/dsa-2306 | MANDRIVA:MDVSA-2011:060 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:060 | MANDRIVA:MDVSA-2011:061 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:061 | MANDRIVA:MDVSA-2011:062 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:062 | MANDRIVA:MDVSA-2011:088 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:088 | MANDRIVA:MDVSA-2011:089 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:089 | MANDRIVA:MDVSA-2011:112 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:112 | MANDRIVA:MDVSA-2011:114 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:114 | SECUNIA:43323 | URL:http://secunia.com/advisories/43323 | UBUNTU:USN-1104-1 | URL:http://www.ubuntu.com/usn/usn-1104-1/ | VUPEN:ADV-2011-1241 | URL:http://www.vupen.com/english/advisories/2011/1241",Assigned (20110122),"None (candidate not yet proposed)","" CVE-2010-4705,Candidate,"Integer overflow in the vorbis_residue_decode_internal function in libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg, possibly 0.6, has unspecified impact and remote attack vectors, related to the sizes of certain integer data types. NOTE: this might overlap CVE-2011-0480.","BID:46294 | URL:http://www.securityfocus.com/bid/46294 | CONFIRM:http://git.ffmpeg.org/?p=ffmpeg.git;a=commit;h=366d919016a679d3955f6fe5278fa7ce4f47b81e | DEBIAN:DSA-2165 | URL:http://www.debian.org/security/2011/dsa-2165 | SECUNIA:43323 | URL:http://secunia.com/advisories/43323",Assigned (20110122),"None (candidate not yet proposed)","" CVE-2011-0480,Candidate,"Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder in FFmpeg, as used in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted WebM file, related to buffers for (1) the channel floor and (2) the channel residue.","BID:45788 | URL:http://www.securityfocus.com/bid/45788 | CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610550 | CONFIRM:http://code.google.com/p/chromium/issues/detail?id=68115 | CONFIRM:http://codereview.chromium.org/5964011 | CONFIRM:http://codereview.chromium.org/6069005 | CONFIRM:http://ffmpeg.mplayerhq.hu/ | CONFIRM:http://git.ffmpeg.org/?p=ffmpeg.git;a=commit;h=13184036a6b1b1d4b61c91118c0896e9ad4634c3 | CONFIRM:http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html | CONFIRM:http://roundup.ffmpeg.org/issue2548 | CONFIRM:http://roundup.ffmpeg.org/issue2550 | CONFIRM:http://src.chromium.org/viewvc/chrome?view=rev&revision=70200 | CONFIRM:http://www.srware.net/forum/viewtopic.php?f=18&t=2054 | DEBIAN:DSA-2306 | URL:http://www.debian.org/security/2011/dsa-2306 | MANDRIVA:MDVSA-2011:061 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:061 | MLIST:[ffmpeg-devel] 20101229 [PATCH] Fix a couple of errors with bad Vorbis headers | URL:http://article.gmane.org/gmane.comp.video.ffmpeg.devel/122703 | OSVDB:70463 | URL:http://osvdb.org/70463 | OVAL:oval:org.mitre.oval:def:14380 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14380 | SECUNIA:42951 | URL:http://secunia.com/advisories/42951 | UBUNTU:USN-1104-1 | URL:http://www.ubuntu.com/usn/usn-1104-1/ | XF:chrome-vorbis-bo(64671) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64671",Assigned (20110114),"None (candidate not yet proposed)","" CVE-2011-0722,Candidate,"FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a malformed RealMedia file.","BID:47149 | URL:http://www.securityfocus.com/bid/47149 | CONFIRM:http://ffmpeg.mplayerhq.hu/ | DEBIAN:DSA-2306 | URL:http://www.debian.org/security/2011/dsa-2306 | MANDRIVA:MDVSA-2011:061 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:061 | MANDRIVA:MDVSA-2011:062 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:062 | MANDRIVA:MDVSA-2011:089 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:089 | MANDRIVA:MDVSA-2011:114 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:114 | UBUNTU:USN-1104-1 | URL:http://www.ubuntu.com/usn/usn-1104-1/ | VUPEN:ADV-2011-1241 | URL:http://www.vupen.com/english/advisories/2011/1241",Assigned (20110201),"None (candidate not yet proposed)","" CVE-2011-0723,Candidate,"FFmpeg 0.5.x, as used in MPlayer and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed VC-1 file.","BID:47151 | URL:http://www.securityfocus.com/bid/47151 | DEBIAN:DSA-2306 | URL:http://www.debian.org/security/2011/dsa-2306 | MANDRIVA:MDVSA-2011:061 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:061 | MANDRIVA:MDVSA-2011:062 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:062 | MANDRIVA:MDVSA-2011:089 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:089 | MANDRIVA:MDVSA-2011:112 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:112 | MANDRIVA:MDVSA-2011:114 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:114 | MISC:http://ffmpeg.mplayerhq.hu/ | UBUNTU:USN-1104-1 | URL:http://www.ubuntu.com/usn/usn-1104-1/ | VUPEN:ADV-2011-1241 | URL:http://www.vupen.com/english/advisories/2011/1241",Assigned (20110201),"None (candidate not yet proposed)","" CVE-2011-1931,Candidate,"sp5xdec.c in the Sunplus SP5X JPEG decoder in libavcodec in FFmpeg before 0.6.3 and libav through 0.6.2, as used in VideoLAN VLC media player 1.1.9 and earlier and other products, performs a write operation outside the bounds of an unspecified array, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a malformed AMV file.","BID:47602 | URL:http://www.securityfocus.com/bid/47602 | BUGTRAQ:20110427 NGS00068 Patch Notification: LibAVCodec AMV Out of Array Write | URL:http://www.securityfocus.com/archive/1/517706 | CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624339 | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=89f903b3d5ec38c9c5d90fba7e626fa0eda61a32 | SREASON:8299 | URL:http://securityreason.com/securityalert/8299",Assigned (20110509),"None (candidate not yet proposed)","" CVE-2011-1933,Candidate,"SQL injection vulnerability in Jifty::DBI before 0.68.","CONFIRM:https://metacpan.org/changes/distribution/Jifty-DBI | MISC:https://access.redhat.com/security/cve/cve-2011-1933 | MISC:https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622919 | MISC:https://security-tracker.debian.org/tracker/CVE-2011-1933 | MLIST:[jifty-devel] 20110415 Security weaknesses in Jifty::DBI | URL:http://lists.jifty.org/pipermail/jifty-devel/2011-April/002426.html | MLIST:[oss-security] 20110519 Re: CVE requests: ffmpeg/widelands/jifty::db/lilo/libpcap | URL:https://seclists.org/oss-sec/2011/q2/464",Assigned (20110509),"None (candidate not yet proposed)","" CVE-2011-1934,Candidate,"lilo-uuid-diskid causes lilo.conf to be world-readable in lilo 23.1.","CONFIRM:https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615103 | MISC:https://access.redhat.com/security/cve/cve-2011-1934 | MISC:https://security-tracker.debian.org/tracker/CVE-2011-1934 | MLIST:[oss-security] 20110519 Re: CVE requests: ffmpeg/widelands/jifty::db/lilo/libpcap | URL:https://seclists.org/oss-sec/2011/q2/464",Assigned (20110509),"None (candidate not yet proposed)","" CVE-2011-1935,Candidate,"pcap-linux.c in libpcap 1.1.1 before commit ea9432fabdf4b33cbc76d9437200e028f1c47c93 when snaplen is set may truncate packets, which might allow remote attackers to send arbitrary data while avoiding detection via crafted packets.","CONFIRM:http://thread.gmane.org/gmane.network.tcpdump.devel/5018 | MISC:http://article.gmane.org/gmane.network.tcpdump.devel/4968 | MISC:https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=623868;filename=0001-Fix-the-calculation-of-the-frame-size-in-memory-mapp.patch;msg=10 | MISC:https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=623868 | MISC:https://security-tracker.debian.org/tracker/CVE-2011-1935/ | MLIST:[oss-security] 20140208 Fwd: Old CVE ids, public, but still | URL:http://www.openwall.com/lists/oss-security/2014/02/08/5 | MLIST:[oss-security] 20171019 CVE requests: ffmpeg/widelands/jifty::db/lilo/libpcap | URL:http://www.openwall.com/lists/oss-security/2011/05/19/11",Assigned (20110509),"None (candidate not yet proposed)","" CVE-2011-2160,Candidate,"The VC-1 decoding functionality in FFmpeg before 0.5.4, as used in MPlayer and other products, does not properly restrict read operations, which allows remote attackers to have an unspecified impact via a crafted VC-1 file, a related issue to CVE-2011-0723.","BID:47956 | URL:http://www.securityfocus.com/bid/47956 | CONFIRM:http://ffmpeg.mplayerhq.hu/",Assigned (20110520),"None (candidate not yet proposed)","" CVE-2011-2161,Candidate,"The ape_read_header function in ape.c in libavformat in FFmpeg before 0.5.4, as used in MPlayer, VideoLAN VLC media player, and other products, allows remote attackers to cause a denial of service (application crash) via an APE (aka Monkey's Audio) file that contains a header but no frames.","CONFIRM:http://ffmpeg.mplayerhq.hu/ | CONFIRM:https://github.com/FFmpeg/FFmpeg/commit/8312e3fc9041027a33c8bc667bb99740fdf41dd5 | MISC:http://packetstorm.linuxsecurity.com/1103-exploits/vlc105-dos.txt",Assigned (20110520),"None (candidate not yet proposed)","" CVE-2011-2162,Candidate,"Multiple unspecified vulnerabilities in FFmpeg 0.4.x through 0.6.x, as used in MPlayer 1.0 and other products, in Mandriva Linux 2009.0, 2010.0, and 2010.1; Corporate Server 4.0 (aka CS4.0); and Mandriva Enterprise Server 5 (aka MES5) have unknown impact and attack vectors, related to issues ""originally discovered by Google Chrome developers.""","MANDRIVA:MDVSA-2011:059 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:059 | MANDRIVA:MDVSA-2011:060 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:060 | MANDRIVA:MDVSA-2011:061 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:061 | MANDRIVA:MDVSA-2011:062 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:062 | MANDRIVA:MDVSA-2011:088 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:088 | MANDRIVA:MDVSA-2011:089 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:089",Assigned (20110520),"None (candidate not yet proposed)","" CVE-2011-3362,Candidate,"Integer signedness error in the decode_residual_block function in cavsdec.c in libavcodec in FFmpeg before 0.7.3 and 0.8.x before 0.8.2, and libav through 0.7.1, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Chinese AVS video (aka CAVS) file.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=91d5da9321c52e8197fb14046ebb335f3e6ff4a0 | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=c5cbda50793e311aa73489d12184ffd6761c9fbf | CONFIRM:http://www.ffmpeg.org/releases/ffmpeg-0.7.5.changelog | CONFIRM:http://www.ffmpeg.org/releases/ffmpeg-0.8.4.changelog | MISC:http://www.ocert.org/advisories/ocert-2011-002.html | MLIST:[oss-security] 20110913 CVE request: ffmpeg/libav insufficuent boundary check in CAVS decoding | URL:http://www.openwall.com/lists/oss-security/2011/09/13/4 | MLIST:[oss-security] 20110914 Re: CVE request: ffmpeg/libav insufficuent boundary check in CAVS decoding | URL:http://www.openwall.com/lists/oss-security/2011/09/14/8 | SECUNIA:45532 | URL:http://secunia.com/advisories/45532",Assigned (20110830),"None (candidate not yet proposed)","" CVE-2011-3504,Candidate,"The Matroska format decoder in FFmpeg before 0.8.3 does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file.","MANDRIVA:MDVSA-2012:074 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2012:074 | MANDRIVA:MDVSA-2012:075 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2012:075 | MANDRIVA:MDVSA-2012:076 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2012:076 | MISC:http://technet.microsoft.com/en-us/security/msvr/msvr11-011 | MISC:http://www.ffmpeg.org/releases/ffmpeg-0.7.5.changelog | MISC:http://www.ffmpeg.org/releases/ffmpeg-0.8.4.changelog | OSVDB:75621 | URL:http://www.osvdb.org/75621 | SECUNIA:45532 | URL:http://secunia.com/advisories/45532 | UBUNTU:USN-1320-1 | URL:http://ubuntu.com/usn/usn-1320-1 | UBUNTU:USN-1333-1 | URL:http://ubuntu.com/usn/usn-1333-1",Assigned (20110916),"None (candidate not yet proposed)","" CVE-2011-3929,Candidate,"The avpriv_dv_produce_packet function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly execute arbitrary code via a crafted DV file.","CONFIRM:http://ffmpeg.org/ | CONFIRM:http://git.libav.org/?p=libav.git;a=commit;h=635bcfccd439480003b74a665b5aa7c872c1ad6b | CONFIRM:http://git.libav.org/?p=libav.git;a=commitdiff;h=5a396bb3a66a61a68b80f2369d0249729bf85e04 | CONFIRM:http://libav.org/ | DEBIAN:DSA-2471 | URL:http://www.debian.org/security/2012/dsa-2471 | SECUNIA:49089 | URL:http://secunia.com/advisories/49089 | UBUNTU:USN-1479-1 | URL:http://www.ubuntu.com/usn/USN-1479-1",Assigned (20111001),"None (candidate not yet proposed)","" CVE-2011-3934,Candidate,"Double free vulnerability in the vp3_update_thread_context function in libavcodec/vp3.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted vp3 data.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=247d30a7dba6684ccce4508424f35fd58465e535 | CONFIRM:http://www.ffmpeg.org/security.html",Assigned (20111001),"None (candidate not yet proposed)","" CVE-2011-3935,Candidate,"The codec_get_buffer function in ffmpeg.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via vectors related to a crafted image size.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=668494acd8b20f974c7722895d4a6a14c1005f1e | CONFIRM:http://www.ffmpeg.org/security.html",Assigned (20111001),"None (candidate not yet proposed)","" CVE-2011-3936,Candidate,"The dv_extract_audio function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DV file.","CONFIRM:http://ffmpeg.org/ | CONFIRM:http://git.libav.org/?p=libav.git;a=commit;h=635bcfccd439480003b74a665b5aa7c872c1ad6b | CONFIRM:http://git.libav.org/?p=libav.git;a=commitdiff;h=2d1c0dea5f6b91bec7f5fa53ec050913d851e366 | CONFIRM:http://libav.org/ | DEBIAN:DSA-2471 | URL:http://www.debian.org/security/2012/dsa-2471 | SECUNIA:49089 | URL:http://secunia.com/advisories/49089 | UBUNTU:USN-1479-1 | URL:http://www.ubuntu.com/usn/USN-1479-1",Assigned (20111001),"None (candidate not yet proposed)","" CVE-2011-3937,Candidate,"The H.263 codec (libavcodec/h263dec.c) in FFmpeg 0.7.x before 0.7.12, 0.8.x before 0.8.11, and unspecified versions before 0.10, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 has unspecified impact and attack vectors related to ""width/height changing with frame threads.""","CONFIRM:http://ffmpeg.org/security.html | CONFIRM:http://git.libav.org/?p=libav.git;a=commit;h=71db86d53b5c6872cea31bf714a1a38ec78feaba | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=71db86d53b5c6872cea31bf714a1a38ec78feaba | CONFIRM:http://libav.org/news.html | MANDRIVA:MDVSA-2013:079 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:079",Assigned (20111001),"None (candidate not yet proposed)","" CVE-2011-3940,Candidate,"nsvdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (out-of-bounds read and write) via a crafted NSV file that triggers ""use of uninitialized streams.""","CONFIRM:http://ffmpeg.org/ | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=5c011706bc752d34bc6ada31d7df2ca0c9af7c6b | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=8fd8a48263ff1437f9d02d7e78dc63efb9b5ed3a | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c898431ca5ef2a997fe9388b650f658fb60783e5 | CONFIRM:http://libav.org/ | DEBIAN:DSA-2471 | URL:http://www.debian.org/security/2012/dsa-2471 | SECUNIA:49089 | URL:http://secunia.com/advisories/49089 | UBUNTU:USN-1479-1 | URL:http://www.ubuntu.com/usn/USN-1479-1",Assigned (20111001),"None (candidate not yet proposed)","" CVE-2011-3941,Candidate,"The decode_mb function in libavcodec/error_resilience.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via vectors related to an uninitialized block index, which triggers an out-of-bounds write.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c77be3a35a0160d6af88056b0899f120f2eef38e | CONFIRM:http://www.ffmpeg.org/security.html",Assigned (20111001),"None (candidate not yet proposed)","" CVE-2011-3944,Candidate,"The smacker_decode_header_tree function in libavcodec/smacker.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Smacker data.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=1285baaab550e3e761590ef6dfb1d9bd9d1332e4 | CONFIRM:http://www.ffmpeg.org/security.html | DEBIAN:DSA-2855 | URL:http://www.debian.org/security/2014/dsa-2855",Assigned (20111001),"None (candidate not yet proposed)","" CVE-2011-3945,Candidate,"The decode_frame function in the KVG1 decoder (kgv1dec.c) in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted media file.","CONFIRM:http://ffmpeg.org/ | CONFIRM:http://git.libav.org/?p=libav.git;a=commit;h=a02e8df973f5478ec82f4c507f5b5b191a5ecb6b | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=807a045ab7f51993a2c1b3116016cbbd4f3d20d6 | CONFIRM:http://libav.org/ | MANDRIVA:MDVSA-2012:076 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2012:076",Assigned (20111001),"None (candidate not yet proposed)","" CVE-2011-3946,Candidate,"The ff_h264_decode_sei function in libavcodec/h264_sei.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Supplemental enhancement information (SEI) data, which triggers an infinite loop.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9decfc17bb76da34734296048d390b176abf404c | CONFIRM:http://www.ffmpeg.org/security.html",Assigned (20111001),"None (candidate not yet proposed)","" CVE-2011-3947,Candidate,"Buffer overflow in mjpegbdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MJPEG-B file.","CONFIRM:http://ffmpeg.org/ | CONFIRM:http://git.libav.org/?p=libav.git;a=commit;h=b57d262412204e54a7ef8fa1b23ff4dcede622e5 | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=b57d262412204e54a7ef8fa1b23ff4dcede622e5 | CONFIRM:http://libav.org/ | DEBIAN:DSA-2471 | URL:http://www.debian.org/security/2012/dsa-2471 | SECUNIA:49089 | URL:http://secunia.com/advisories/49089 | UBUNTU:USN-1479-1 | URL:http://www.ubuntu.com/usn/USN-1479-1",Assigned (20111001),"None (candidate not yet proposed)","" CVE-2011-3949,Candidate,"The dirac_unpack_idwt_params function in libavcodec/diracdec.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Dirac data.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e2291ea1534d17306f685b8c8abc8585bbed87bf | CONFIRM:http://www.ffmpeg.org/security.html",Assigned (20111001),"None (candidate not yet proposed)","" CVE-2011-3950,Candidate,"The dirac_decode_data_unit function in libavcodec/diracdec.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via a crafted value in the reference pictures number.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ddf0c1d86ad8e1df5ab3265206aef493a1bdc813 | CONFIRM:http://www.ffmpeg.org/security.html",Assigned (20111001),"None (candidate not yet proposed)","" CVE-2011-3951,Candidate,"The dpcm_decode_frame function in dpcm.c in libavcodec in FFmpeg before 0.10 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted stereo stream in a media file.","CONFIRM:http://ffmpeg.org/ | CONFIRM:http://git.libav.org/?p=libav.git;a=commit;h=ce7aee9b733134649a6ce2fa743e51733f33e67e | CONFIRM:http://libav.org/ | DEBIAN:DSA-2494 | URL:http://www.debian.org/security/2012/dsa-2494 | UBUNTU:USN-1479-1 | URL:http://www.ubuntu.com/usn/USN-1479-1",Assigned (20111001),"None (candidate not yet proposed)","" CVE-2011-3952,Candidate,"The decode_init function in kmvc.c in libavcodec in FFmpeg before 0.10 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large palette size in a KMVC encoded file.","CONFIRM:http://ffmpeg.org/ | CONFIRM:http://git.libav.org/?p=libav.git;a=commit;h=386741f887714d3e46c9e8fe577e326a7964037b | CONFIRM:http://libav.org/ | DEBIAN:DSA-2494 | URL:http://www.debian.org/security/2012/dsa-2494 | UBUNTU:USN-1479-1 | URL:http://www.ubuntu.com/usn/USN-1479-1",Assigned (20111001),"None (candidate not yet proposed)","" CVE-2011-3973,Candidate,"cavsdec.c in libavcodec in FFmpeg before 0.7.4 and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video (aka CAVS) file, related to the decode_residual_block, check_for_slice, and cavs_decode_frame functions, a different vulnerability than CVE-2011-3362.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=bd968d260aef322fb32e254a3de0d2036c57bd56 | CONFIRM:http://www.ffmpeg.org/releases/ffmpeg-0.7.5.changelog | CONFIRM:http://www.ffmpeg.org/releases/ffmpeg-0.8.4.changelog | MANDRIVA:MDVSA-2012:074 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2012:074 | MANDRIVA:MDVSA-2012:075 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2012:075 | MANDRIVA:MDVSA-2012:076 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2012:076",Assigned (20111002),"None (candidate not yet proposed)","" CVE-2011-3974,Candidate,"Integer signedness error in the decode_residual_inter function in cavsdec.c in libavcodec in FFmpeg before 0.7.4 and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video (aka CAVS) file, a different vulnerability than CVE-2011-3362.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=bd968d260aef322fb32e254a3de0d2036c57bd56 | CONFIRM:http://www.ffmpeg.org/releases/ffmpeg-0.7.5.changelog | CONFIRM:http://www.ffmpeg.org/releases/ffmpeg-0.8.4.changelog | MANDRIVA:MDVSA-2012:074 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2012:074 | MANDRIVA:MDVSA-2012:075 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2012:075 | MANDRIVA:MDVSA-2012:076 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2012:076",Assigned (20111002),"None (candidate not yet proposed)","" CVE-2011-4031,Candidate,"Integer underflow in the asfrtp_parse_packet function in libavformat/rtpdec_asf.c in FFmpeg before 0.8.3 allows remote attackers to execute arbitrary code via a crafted ASF packet.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=c2a2ad133eb9d42361804a568dee336992349a5e | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=shortlog;h=n0.8.3 | MISC:http://technet.microsoft.com/en-us/security/msvr/msvr11-012",Assigned (20111011),"None (candidate not yet proposed)","" CVE-2011-4351,Candidate,"Buffer overflow in FFmpeg before 0.5.6, 0.6.x before 0.6.4, 0.7.x before 0.7.8, and 0.8.x before 0.8.8 allows remote attackers to execute arbitrary code via unspecified vectors.","BUGTRAQ:20111123 NGS00144 Patch Notification: FFmpeg Libavcodec buffer overflow remote code execution | URL:http://seclists.org/bugtraq/2011/Nov/145 | CONFIRM:http://www.ffmpeg.org/security.html",Assigned (20111104),"None (candidate not yet proposed)","" CVE-2011-4352,Candidate,"Integer overflow in the vp3_dequant function in the VP3 decoder (vp3.c) in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VP3 stream, which triggers a buffer overflow.","BUGTRAQ:20111123 NGS00145 Patch Notification: FFmpeg Libavcodec out of bounds write remote code execution | URL:http://www.securityfocus.com/archive/1/520622 | CONFIRM:http://ffmpeg.org/ | CONFIRM:http://git.libav.org/?p=libav.git;a=commit;h=8b94df0f2047e9728cb872adc9e64557b7a5152f | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=eef5c35b4352ec49ca41f6198bee8a976b1f81e5 | CONFIRM:http://libav.org/ | CONFIRM:http://libav.org/releases/libav-0.5.6.changelog | CONFIRM:http://libav.org/releases/libav-0.6.4.changelog | CONFIRM:http://libav.org/releases/libav-0.7.3.changelog | MANDRIVA:MDVSA-2012:074 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2012:074 | MANDRIVA:MDVSA-2012:075 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2012:075 | MANDRIVA:MDVSA-2012:076 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2012:076 | UBUNTU:USN-1320-1 | URL:http://ubuntu.com/usn/usn-1320-1 | UBUNTU:USN-1333-1 | URL:http://ubuntu.com/usn/usn-1333-1",Assigned (20111104),"None (candidate not yet proposed)","" CVE-2011-4353,Candidate,"The (1) av_image_fill_pointers, (2) vp5_parse_coeff, and (3) vp6_parse_coeff functions in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allow remote attackers to cause a denial of service (out-of-bounds read) via a crafted VP5 or VP6 stream.","CONFIRM:http://ffmpeg.org/ | CONFIRM:http://libav.org/ | CONFIRM:http://libav.org/releases/libav-0.5.6.changelog | CONFIRM:http://libav.org/releases/libav-0.6.4.changelog | CONFIRM:http://libav.org/releases/libav-0.7.3.changelog | MANDRIVA:MDVSA-2012:074 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2012:074 | MANDRIVA:MDVSA-2012:075 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2012:075 | MANDRIVA:MDVSA-2012:076 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2012:076 | UBUNTU:USN-1320-1 | URL:http://ubuntu.com/usn/usn-1320-1 | UBUNTU:USN-1333-1 | URL:http://ubuntu.com/usn/usn-1333-1",Assigned (20111104),"None (candidate not yet proposed)","" CVE-2011-4364,Candidate,"Buffer overflow in the Sierra VMD decoder in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9 and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VMD file, related to corrupted streams.","CONFIRM:http://ffmpeg.org/ | CONFIRM:http://git.libav.org/?p=libav.git;a=commit;h=c0cbe36b18ab3eb13a53fe684ec1f63a00df2c86 | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=c0cbe36b18ab3eb13a53fe684ec1f63a00df2c86 | CONFIRM:http://libav.org/ | CONFIRM:http://libav.org/releases/libav-0.5.6.changelog | CONFIRM:http://libav.org/releases/libav-0.6.4.changelog | CONFIRM:http://libav.org/releases/libav-0.7.3.changelog | MANDRIVA:MDVSA-2012:074 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2012:074 | MANDRIVA:MDVSA-2012:075 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2012:075 | MANDRIVA:MDVSA-2012:076 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2012:076 | UBUNTU:USN-1320-1 | URL:http://ubuntu.com/usn/usn-1320-1 | UBUNTU:USN-1333-1 | URL:http://ubuntu.com/usn/usn-1333-1",Assigned (20111104),"None (candidate not yet proposed)","" CVE-2011-4579,Candidate,"The svq1_decode_frame function in the SVQ1 decoder (svq1dec.c) in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial of service (memory corruption) via a crafted SVQ1 stream, related to ""dimensions changed.""","BUGTRAQ:20111123 NGS00148 Patch Notification: FFmpeg Libavcodec memory corruption remote code execution | URL:http://www.securityfocus.com/archive/1/520620 | CONFIRM:http://ffmpeg.org/ | CONFIRM:http://git.libav.org/?p=libav.git;a=commit;h=6e24b9488e67849a28e64a8056e05f83cf439229 | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=6e24b9488e67849a28e64a8056e05f83cf439229 | CONFIRM:http://libav.org/ | MANDRIVA:MDVSA-2012:074 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2012:074 | MANDRIVA:MDVSA-2012:075 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2012:075 | MANDRIVA:MDVSA-2012:076 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2012:076 | UBUNTU:USN-1320-1 | URL:http://ubuntu.com/usn/usn-1320-1 | UBUNTU:USN-1333-1 | URL:http://ubuntu.com/usn/usn-1333-1",Assigned (20111129),"None (candidate not yet proposed)","" CVE-2012-0847,Candidate,"Heap-based buffer overflow in the avfilter_filter_samples function in libavfilter/avfilter.c in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) via a crafted media file.","CONFIRM:http://ffmpeg.org/security.html | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=ae21776207e8a2bbe268e7c9e203f7599dd87ddb | MLIST:[oss-security] 20120201 Re: CVE Requests for FFmpeg 0.9.1 | URL:http://www.openwall.com/lists/oss-security/2012/02/01/11 | MLIST:[oss-security] 20120214 Re: CVE Requests for FFmpeg 0.9.1 | URL:http://www.openwall.com/lists/oss-security/2012/02/14/4",Assigned (20120119),"None (candidate not yet proposed)","" CVE-2012-0848,Candidate,"Heap-based buffer overflow in the ws_snd_decode_frame function in libavcodec/ws-snd1.c in FFmpeg 0.9.1 allows remote attackers to cause a denial of service (application crash) via a crafted media file, related to an incorrect calculation, aka ""wrong samples count.""","CONFIRM:http://ffmpeg.org/security.html | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=5257743aee0c3982f0079e6553aabc6aa39401d2 | MLIST:[oss-security] 20120201 Re: CVE Requests for FFmpeg 0.9.1 | URL:http://www.openwall.com/lists/oss-security/2012/02/01/11 | MLIST:[oss-security] 20120214 Re: CVE Requests for FFmpeg 0.9.1 | URL:http://www.openwall.com/lists/oss-security/2012/02/14/4 | XF:ffmpeg-wssnddecodeframe-bo(78936) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/78936",Assigned (20120119),"None (candidate not yet proposed)","" CVE-2012-0849,Candidate,"Integer overflow in the ff_j2k_dwt_init function in libavcodec/j2k_dwt.c in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted JPEG2000 image that triggers an incorrect check for a negative value.","CONFIRM:http://ffmpeg.org/security.html | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=1f99939a6361e2e6d6788494dd7c682b051c6c34 | CONFIRM:http://www.ffmpeg.org/trac/ffmpeg/ticket/776 | MLIST:[oss-security] 20120201 Re: CVE Requests for FFmpeg 0.9.1 | URL:http://www.openwall.com/lists/oss-security/2012/02/01/11 | MLIST:[oss-security] 20120214 Re: CVE Requests for FFmpeg 0.9.1 | URL:http://www.openwall.com/lists/oss-security/2012/02/14/4 | XF:ffmpeg-ffj2kdwtinit-dos(78935) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/78935",Assigned (20120119),"None (candidate not yet proposed)","" CVE-2012-0850,Candidate,"The sbr_qmf_synthesis function in libavcodec/aacsbr.c in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) via a crafted mpg file that triggers memory corruption involving the v_off variable, probably a buffer underflow.","CONFIRM:http://ffmpeg.org/security.html | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=944f5b2779e4aa63f7624df6cd4de832a53db81b | MLIST:[oss-security] 20120201 Re: CVE Requests for FFmpeg 0.9.1 | URL:http://www.openwall.com/lists/oss-security/2012/02/01/11 | MLIST:[oss-security] 20120214 Re: CVE Requests for FFmpeg 0.9.1 | URL:http://www.openwall.com/lists/oss-security/2012/02/14/4 | XF:ffmpeg-sbrqmfsynthesis-dos(78934) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/78934",Assigned (20120119),"None (candidate not yet proposed)","" CVE-2012-0851,Candidate,"The ff_h264_decode_seq_parameter_set function in h264_ps.c in libavcodec in FFmpeg before 0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted H.264 file, related to the chroma_format_idc value.","CONFIRM:http://ffmpeg.org/security.html | CONFIRM:http://ffmpeg.org/trac/ffmpeg/ticket/758 | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7fff64e00d886fde11d61958888c82b461cf99b9 | CONFIRM:http://libav.org/ | DEBIAN:DSA-2494 | URL:http://www.debian.org/security/2012/dsa-2494 | MANDRIVA:MDVSA-2013:079 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:079 | MLIST:[oss-security] 20120214 Re: CVE Requests for FFmpeg 0.9.1 | URL:http://www.openwall.com/lists/oss-security/2012/02/14/4 | UBUNTU:USN-1479-1 | URL:http://www.ubuntu.com/usn/USN-1479-1 | XF:ffmpeg-ffh264decode-code-exec(78933) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/78933",Assigned (20120119),"None (candidate not yet proposed)","" CVE-2012-0852,Candidate,"The adpcm_decode_frame function in adpcm.c in libavcodec in FFmpeg before 0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an ADPCM file with the number of channels not equal to two.","CONFIRM:http://ffmpeg.org/security.html | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=608708009f69ba4cecebf05120c696167494c897 | CONFIRM:http://libav.org/ | CONFIRM:https://ffmpeg.org/trac/ffmpeg/ticket/794 | DEBIAN:DSA-2494 | URL:http://www.debian.org/security/2012/dsa-2494 | MLIST:[oss-security] 20120214 Re: CVE Requests for FFmpeg 0.9.1 | URL:http://www.openwall.com/lists/oss-security/2012/02/14/4 | UBUNTU:USN-1479-1 | URL:http://www.ubuntu.com/usn/USN-1479-1 | XF:ffmpeg-adpcmdecodeframe-code-exec(78932) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/78932",Assigned (20120119),"None (candidate not yet proposed)","" CVE-2012-0853,Candidate,"The decodeTonalComponents function in the Actrac3 codec (atrac3.c) in libavcodec in FFmpeg 0.7.x before 0.7.12, and 0.8.x before 0.8.11; and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (infinite loop and crash) and possibly execute arbitrary code via a large component count in an Atrac 3 file.","CONFIRM:http://ffmpeg.org/trac/ffmpeg/ticket/780 | CONFIRM:http://git.libav.org/?p=libav.git;a=commit;h=c509f4f74713b035a06f79cb4d00e708f5226bc5 | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9af6abdc17deb95c9b1f1d9242ba49b8b5e0b016 | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c509f4f74713b035a06f79cb4d00e708f5226bc5 | MLIST:[oss-security] 20120214 Re: CVE Requests for FFmpeg 0.9.1 | URL:http://www.openwall.com/lists/oss-security/2012/02/14/4 | SECUNIA:49089 | URL:http://secunia.com/advisories/49089 | UBUNTU:USN-1479-1 | URL:http://www.ubuntu.com/usn/USN-1479-1",Assigned (20120119),"None (candidate not yet proposed)","" CVE-2012-0854,Candidate,"The dpcm_decode_frame function in libavcodec/dpcm.c in FFmpeg before 0.9.1 does not use the proper pointer after an audio API change, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors, which triggers a heap-based buffer overflow.","CONFIRM:http://ffmpeg.org/security.html | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=6d8e6fe9dbc365f50521cf0c4a5ffee97c970cb5 | MLIST:[oss-security] 20120201 Re: CVE Requests for FFmpeg 0.9.1 | URL:http://www.openwall.com/lists/oss-security/2012/02/01/11 | MLIST:[oss-security] 20120214 Re: CVE Requests for FFmpeg 0.9.1 | URL:http://www.openwall.com/lists/oss-security/2012/02/14/4",Assigned (20120119),"None (candidate not yet proposed)","" CVE-2012-0855,Candidate,"Heap-based buffer overflow in the get_sot function in the J2K decoder (j2k.c) in libavcodec in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) via unspecified vectors related to the curtileno variable.","CONFIRM:http://ffmpeg.org/security.html | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3eedf9f716733b3b4c5205726d2c1ca52b3d3d78 | MLIST:[oss-security] 20120201 Re: CVE Requests for FFmpeg 0.9.1 | URL:http://www.openwall.com/lists/oss-security/2012/02/01/11 | MLIST:[oss-security] 20120214 Re: CVE Requests for FFmpeg 0.9.1 | URL:http://www.openwall.com/lists/oss-security/2012/02/14/4 | XF:ffmpeg-getsot-bo(78929) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/78929",Assigned (20120119),"None (candidate not yet proposed)","" CVE-2012-0856,Candidate,"Heap-based buffer overflow in the MPV_frame_start function in libavcodec/mpegvideo.c in FFmpeg before 0.9.1, when the lowres option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted H263 media file. NOTE: this vulnerability exists because of a regression error.","CONFIRM:http://ffmpeg.org/security.html | CONFIRM:http://ffmpeg.org/trac/ffmpeg/ticket/757 | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=21270cffaeab2f67a613907516b2b0cd6c9eacf4 | MLIST:[oss-security] 20120201 Re: CVE Requests for FFmpeg 0.9.1 | URL:http://www.openwall.com/lists/oss-security/2012/02/01/11 | MLIST:[oss-security] 20120214 Re: CVE Requests for FFmpeg 0.9.1 | URL:http://www.openwall.com/lists/oss-security/2012/02/14/4 | XF:ffmpeg-mpvframestart-bo(78928) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/78928",Assigned (20120119),"None (candidate not yet proposed)","" CVE-2012-0857,Candidate,"Multiple buffer overflows in the get_qcx function in the J2K decoder (j2kdec.c) in libavcode in FFmpeg before 0.9.1 allow remote attackers to cause a denial of service (application crash) via unspecified vectors.","CONFIRM:http://ffmpeg.org/security.html | MLIST:[oss-security] 20120201 Re: CVE Requests for FFmpeg 0.9.1 | URL:http://www.openwall.com/lists/oss-security/2012/02/01/11 | MLIST:[oss-security] 20120214 Re: CVE Requests for FFmpeg 0.9.1 | URL:http://www.openwall.com/lists/oss-security/2012/02/14/4 | XF:ffmpeg-getqcx-bo(78927) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/78927",Assigned (20120119),"None (candidate not yet proposed)","" CVE-2012-0858,Candidate,"The Shorten codec (shorten.c) in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Shorten file, related to an ""invalid free"".","CONFIRM:http://ffmpeg.org/ | CONFIRM:http://git.libav.org/?p=libav.git;a=commitdiff;h=204cb29b3c84a74cbcd059d353c70c8bdc567d98 | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=204cb29b3c84a74cbcd059d353c70c8bdc567d98 | CONFIRM:http://libav.org/ | MLIST:[oss-security] 20120214 Re: CVE Requests for FFmpeg 0.9.1 | URL:http://www.openwall.com/lists/oss-security/2012/02/14/4 | UBUNTU:USN-1479-1 | URL:http://www.ubuntu.com/usn/USN-1479-1",Assigned (20120119),"None (candidate not yet proposed)","" CVE-2012-0859,Candidate,"The render_line function in the vorbis codec (vorbis.c) in libavcodec in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Vorbis file, related to a large multiplier. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3893.","CONFIRM:http://ffmpeg.org/security.html | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=6fcf2bb8af0e7d6bb179e71e67e5fab8ef0d2ec2 | MLIST:[oss-security] 20120214 Re: CVE Requests for FFmpeg 0.9.1 | URL:http://www.openwall.com/lists/oss-security/2012/02/14/4 | UBUNTU:USN-1479-1 | URL:http://www.ubuntu.com/usn/USN-1479-1 | XF:ffmpeg-renderline-code-exec(78925) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/78925",Assigned (20120119),"None (candidate not yet proposed)","" CVE-2012-0947,Candidate,"Heap-based buffer overflow in the vqa_decode_chunk function in the VQA codec (vqavideo.c) in libavcodec in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VQA media file in which the image size is not a multiple of the block size.","BID:53389 | URL:http://www.securityfocus.com/bid/53389 | CONFIRM:http://git.libav.org/?p=libav.git;a=commit;h=58b2e0f0f2fc96c1158e04f8aba95cbe6157a1a3 | CONFIRM:http://libav.org/ | DEBIAN:DSA-2471 | URL:http://www.debian.org/security/2012/dsa-2471 | MISC:https://bugs.launchpad.net/ubuntu/+source/libav/+bug/980963 | MLIST:[oss-security] 20120503 Security issue in libav/ffmpeg | URL:http://www.openwall.com/lists/oss-security/2012/05/03/4 | SECUNIA:49089 | URL:http://secunia.com/advisories/49089 | UBUNTU:USN-1479-1 | URL:http://www.ubuntu.com/usn/USN-1479-1",Assigned (20120201),"None (candidate not yet proposed)","" CVE-2012-1785,Candidate,"kg_callffmpeg.php in the Video Embed & Thumbnail Generator plugin before 2.0 for WordPress allows remote attackers to execute arbitrary commands via unspecified vectors.","BID:52180 | URL:http://www.securityfocus.com/bid/52180 | CONFIRM:http://plugins.trac.wordpress.org/changeset?old_path=%2Fvideo-embed-thumbnail-generator&old=507924&new_path=%2Fvideo-embed-thumbnail-generator&new=507924 | CONFIRM:http://wordpress.org/extend/plugins/video-embed-thumbnail-generator/changelog/ | SECUNIA:48087 | URL:http://secunia.com/advisories/48087 | XF:videoembed-kgcallffmpeg-code-execution(73508) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/73508",Assigned (20120319),"None (candidate not yet proposed)","" CVE-2012-2771,Candidate,"Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2773, CVE-2012-2778, CVE-2012-2780, and CVE-2012-2781.","CONFIRM:https://www.ffmpeg.org/security.html",Assigned (20120519),"None (candidate not yet proposed)","" CVE-2012-2772,Candidate,"Unspecified vulnerability in the ff_rv34_decode_frame function in libavcodec/rv34.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to ""width/height changing with frame threading.""","BID:55355 | URL:http://www.securityfocus.com/bid/55355 | CONFIRM:http://ffmpeg.org/security.html | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=cb7190cd2c691fd93e4d3664f3fce6c19ee001dd | CONFIRM:http://libav.org/releases/libav-0.7.7.changelog | CONFIRM:http://libav.org/releases/libav-0.8.4.changelog | MANDRIVA:MDVSA-2013:079 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:079 | MLIST:[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11? | URL:http://www.openwall.com/lists/oss-security/2012/08/31/3 | MLIST:[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11? | URL:http://www.openwall.com/lists/oss-security/2012/09/02/4 | SECUNIA:50468 | URL:http://secunia.com/advisories/50468 | SECUNIA:51257 | URL:http://secunia.com/advisories/51257",Assigned (20120519),"None (candidate not yet proposed)","" CVE-2012-2773,Candidate,"Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2778, CVE-2012-2780, and CVE-2012-2781.","BID:100274 | URL:http://www.securityfocus.com/bid/100274 | CONFIRM:https://www.ffmpeg.org/security.html",Assigned (20120519),"None (candidate not yet proposed)","" CVE-2012-2774,Candidate,"The ff_MPV_frame_start function in libavcodec/mpegvideo.c in FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) via unspecified vectors, related to starting ""a frame outside SETUP state.""","BID:55355 | URL:http://www.securityfocus.com/bid/55355 | CONFIRM:http://ffmpeg.org/security.html | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=59a4b73531428d2f420b4dad545172c8483ced0f | MLIST:[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11? | URL:http://www.openwall.com/lists/oss-security/2012/08/31/3 | MLIST:[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11? | URL:http://www.openwall.com/lists/oss-security/2012/09/02/4 | SECUNIA:50468 | URL:http://secunia.com/advisories/50468",Assigned (20120519),"None (candidate not yet proposed)","" CVE-2012-2775,Candidate,"Unspecified vulnerability in the read_var_block_data function in libavcodec/alsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to a large order and an ""out of array write in quant_cof.""","BID:55355 | URL:http://www.securityfocus.com/bid/55355 | CONFIRM:http://ffmpeg.org/security.html | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9d3032b960ae03066c008d6e6774f68b17a1d69d | CONFIRM:http://libav.org/releases/libav-0.7.7.changelog | CONFIRM:http://libav.org/releases/libav-0.8.4.changelog | MANDRIVA:MDVSA-2013:079 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:079 | MLIST:[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11? | URL:http://www.openwall.com/lists/oss-security/2012/08/31/3 | MLIST:[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11? | URL:http://www.openwall.com/lists/oss-security/2012/09/02/4 | SECUNIA:50468 | URL:http://secunia.com/advisories/50468 | SECUNIA:51257 | URL:http://secunia.com/advisories/51257",Assigned (20120519),"None (candidate not yet proposed)","" CVE-2012-2776,Candidate,"Unspecified vulnerability in the decode_cell_data function in libavcodec/indeo3.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to an ""out of picture write.""","BID:55355 | URL:http://www.securityfocus.com/bid/55355 | CONFIRM:http://ffmpeg.org/security.html | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ba775a54bc2136ec5da85385a923b05ee6fab159 | CONFIRM:http://libav.org/releases/libav-0.8.4.changelog | MANDRIVA:MDVSA-2013:079 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:079 | MLIST:[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11? | URL:http://www.openwall.com/lists/oss-security/2012/08/31/3 | MLIST:[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11? | URL:http://www.openwall.com/lists/oss-security/2012/09/02/4 | SECUNIA:50468 | URL:http://secunia.com/advisories/50468 | SECUNIA:51257 | URL:http://secunia.com/advisories/51257",Assigned (20120519),"None (candidate not yet proposed)","" CVE-2012-2777,Candidate,"Unspecified vulnerability in the decode_pic function in libavcodec/cavsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to ""width/height changing in CAVS,"" a different vulnerability than CVE-2012-2784.","BID:55355 | URL:http://www.securityfocus.com/bid/55355 | CONFIRM:http://ffmpeg.org/security.html | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=25715064c2ef4978672a91f8c856f3e8809a7c45 | CONFIRM:http://libav.org/releases/libav-0.7.7.changelog | CONFIRM:http://libav.org/releases/libav-0.8.4.changelog | MANDRIVA:MDVSA-2013:079 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:079 | MLIST:[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11? | URL:http://www.openwall.com/lists/oss-security/2012/08/31/3 | MLIST:[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11? | URL:http://www.openwall.com/lists/oss-security/2012/09/02/4 | SECUNIA:50468 | URL:http://secunia.com/advisories/50468 | SECUNIA:51257 | URL:http://secunia.com/advisories/51257",Assigned (20120519),"None (candidate not yet proposed)","" CVE-2012-2778,Candidate,"Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2780, and CVE-2012-2781.","BID:100273 | URL:http://www.securityfocus.com/bid/100273 | CONFIRM:https://www.ffmpeg.org/security.html",Assigned (20120519),"None (candidate not yet proposed)","" CVE-2012-2779,Candidate,"Unspecified vulnerability in the decode_frame function in libavcodec/indeo5.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an invalid ""gop header"" and decoding in a ""half initialized context.""","BID:55355 | URL:http://www.securityfocus.com/bid/55355 | CONFIRM:http://ffmpeg.org/security.html | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=229e4c133287955d5f3f837520a3602709b21950 | CONFIRM:http://libav.org/releases/libav-0.7.7.changelog | CONFIRM:http://libav.org/releases/libav-0.8.4.changelog | MANDRIVA:MDVSA-2013:079 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:079 | MLIST:[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11? | URL:http://www.openwall.com/lists/oss-security/2012/08/31/3 | MLIST:[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11? | URL:http://www.openwall.com/lists/oss-security/2012/09/02/4 | SECUNIA:50468 | URL:http://secunia.com/advisories/50468 | SECUNIA:51257 | URL:http://secunia.com/advisories/51257",Assigned (20120519),"None (candidate not yet proposed)","" CVE-2012-2780,Candidate,"Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2778, and CVE-2012-2781.","BID:100272 | URL:http://www.securityfocus.com/bid/100272 | CONFIRM:https://www.ffmpeg.org/security.html",Assigned (20120519),"None (candidate not yet proposed)","" CVE-2012-2781,Candidate,"Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2778, and CVE-2012-2780.","BID:100250 | URL:http://www.securityfocus.com/bid/100250 | CONFIRM:https://www.ffmpeg.org/security.html",Assigned (20120519),"None (candidate not yet proposed)","" CVE-2012-2782,Candidate,"Unspecified vulnerability in the decode_slice_header function in libavcodec/h264.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to a ""rejected resolution change.""","BID:55355 | URL:http://www.securityfocus.com/bid/55355 | CONFIRM:http://ffmpeg.org/security.html | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9a57a37b7041581c10629c8241260a5d7bfbc1e7 | MLIST:[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11? | URL:http://www.openwall.com/lists/oss-security/2012/08/31/3 | MLIST:[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11? | URL:http://www.openwall.com/lists/oss-security/2012/09/02/4 | SECUNIA:50468 | URL:http://secunia.com/advisories/50468",Assigned (20120519),"None (candidate not yet proposed)","" CVE-2012-2783,Candidate,"Unspecified vulnerability in libavcodec/vp56.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, has unknown impact and attack vectors, related to ""freeing the returned frame.""","BID:55355 | URL:http://www.securityfocus.com/bid/55355 | CONFIRM:http://ffmpeg.org/security.html | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d85b3c4fff4c4b255232fcc01edbd57f19d60998 | CONFIRM:http://libav.org/releases/libav-0.7.7.changelog | CONFIRM:http://libav.org/releases/libav-0.8.5.changelog | MLIST:[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11? | URL:http://www.openwall.com/lists/oss-security/2012/08/31/3 | MLIST:[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11? | URL:http://www.openwall.com/lists/oss-security/2012/09/02/4 | SECUNIA:50468 | URL:http://secunia.com/advisories/50468 | UBUNTU:USN-1705-1 | URL:http://www.ubuntu.com/usn/USN-1705-1 | UBUNTU:USN-1706-1 | URL:http://www.ubuntu.com/usn/USN-1706-1",Assigned (20120519),"None (candidate not yet proposed)","" CVE-2012-2784,Candidate,"Unspecified vulnerability in the decode_pic function in libavcodec/cavsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to ""width/height changing in CAVS,"" a different vulnerability than CVE-2012-2777.","BID:55355 | URL:http://www.securityfocus.com/bid/55355 | CONFIRM:http://ffmpeg.org/security.html | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=25715064c2ef4978672a91f8c856f3e8809a7c45 | CONFIRM:http://libav.org/releases/libav-0.7.7.changelog | CONFIRM:http://libav.org/releases/libav-0.8.4.changelog | MANDRIVA:MDVSA-2013:079 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:079 | MLIST:[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11? | URL:http://www.openwall.com/lists/oss-security/2012/08/31/3 | MLIST:[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11? | URL:http://www.openwall.com/lists/oss-security/2012/09/02/4 | SECUNIA:50468 | URL:http://secunia.com/advisories/50468 | SECUNIA:51257 | URL:http://secunia.com/advisories/51257",Assigned (20120519),"None (candidate not yet proposed)","" CVE-2012-2785,Candidate,"Multiple unspecified vulnerabilities in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 have unknown impact and attack vectors, related to (1) ""some subframes only encode some channels"" or (2) a large order value.","BID:55355 | URL:http://www.securityfocus.com/bid/55355 | CONFIRM:http://ffmpeg.org/security.html | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=326f7a68bbd429c63fd2f19f4050658982b5b081 | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d462949974668ffb013467d12dc4934b9106fe19 | MLIST:[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11? | URL:http://www.openwall.com/lists/oss-security/2012/08/31/3 | MLIST:[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11? | URL:http://www.openwall.com/lists/oss-security/2012/09/02/4 | SECUNIA:50468 | URL:http://secunia.com/advisories/50468",Assigned (20120519),"None (candidate not yet proposed)","" CVE-2012-2786,Candidate,"Unspecified vulnerability in the decode_wdlt function in libavcodec/dfa.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an ""out of array write.""","BID:55355 | URL:http://www.securityfocus.com/bid/55355 | CONFIRM:http://ffmpeg.org/security.html | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d1c95d2ce39560e251fdb14f4af91b04fd7b845c | CONFIRM:http://libav.org/releases/libav-0.7.7.changelog | CONFIRM:http://libav.org/releases/libav-0.8.4.changelog | MANDRIVA:MDVSA-2013:079 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:079 | MLIST:[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11? | URL:http://www.openwall.com/lists/oss-security/2012/08/31/3 | MLIST:[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11? | URL:http://www.openwall.com/lists/oss-security/2012/09/02/4 | SECUNIA:50468 | URL:http://secunia.com/advisories/50468 | SECUNIA:51257 | URL:http://secunia.com/advisories/51257",Assigned (20120519),"None (candidate not yet proposed)","" CVE-2012-2787,Candidate,"Unspecified vulnerability in the decode_frame function in libavcodec/indeo4.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to the ""setup width/height.""","BID:55355 | URL:http://www.securityfocus.com/bid/55355 | CONFIRM:http://ffmpeg.org/security.html | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=01bf2ad7351fdaa2e21b6bdf963d22d6ffccb920 | CONFIRM:http://libav.org/releases/libav-0.8.4.changelog | MANDRIVA:MDVSA-2013:079 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:079 | MLIST:[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11? | URL:http://www.openwall.com/lists/oss-security/2012/08/31/3 | MLIST:[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11? | URL:http://www.openwall.com/lists/oss-security/2012/09/02/4 | SECUNIA:50468 | URL:http://secunia.com/advisories/50468 | SECUNIA:51257 | URL:http://secunia.com/advisories/51257",Assigned (20120519),"None (candidate not yet proposed)","" CVE-2012-2788,Candidate,"Unspecified vulnerability in the avi_read_packet function in libavformat/avidec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an ""out of array read"" when a ""packet is shrunk.""","BID:55355 | URL:http://www.securityfocus.com/bid/55355 | CONFIRM:http://ffmpeg.org/security.html | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c41ac870470c614185e1752c11f892809022248a | CONFIRM:http://libav.org/releases/libav-0.7.7.changelog | CONFIRM:http://libav.org/releases/libav-0.8.4.changelog | MANDRIVA:MDVSA-2013:079 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:079 | MLIST:[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11? | URL:http://www.openwall.com/lists/oss-security/2012/08/31/3 | MLIST:[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11? | URL:http://www.openwall.com/lists/oss-security/2012/09/02/4 | SECUNIA:50468 | URL:http://secunia.com/advisories/50468 | SECUNIA:51257 | URL:http://secunia.com/advisories/51257",Assigned (20120519),"None (candidate not yet proposed)","" CVE-2012-2789,Candidate,"Unspecified vulnerability in the avi_read_packet function in libavformat/avidec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to a large number of vector coded coefficients (num_vec_coeffs).","BID:55355 | URL:http://www.securityfocus.com/bid/55355 | CONFIRM:http://ffmpeg.org/security.html | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=97a5addfcf0029d0f5538ed70cb38cae4108a618 | CONFIRM:http://libav.org/releases/libav-0.7.7.changelog | CONFIRM:http://libav.org/releases/libav-0.8.4.changelog | MANDRIVA:MDVSA-2013:079 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:079 | MLIST:[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11? | URL:http://www.openwall.com/lists/oss-security/2012/08/31/3 | MLIST:[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11? | URL:http://www.openwall.com/lists/oss-security/2012/09/02/4 | SECUNIA:50468 | URL:http://secunia.com/advisories/50468 | SECUNIA:51257 | URL:http://secunia.com/advisories/51257",Assigned (20120519),"None (candidate not yet proposed)","" CVE-2012-2790,Candidate,"Unspecified vulnerability in the read_var_block_data function in libavcodec/alsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to the ""number of decoded samples in first sub-block in BGMC mode.""","BID:55355 | URL:http://www.securityfocus.com/bid/55355 | CONFIRM:http://ffmpeg.org/security.html | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=2837d8dc276760db1821b81df3f794a90bfa56e6 | CONFIRM:http://libav.org/releases/libav-0.7.7.changelog | CONFIRM:http://libav.org/releases/libav-0.8.4.changelog | MANDRIVA:MDVSA-2013:079 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:079 | MLIST:[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11? | URL:http://www.openwall.com/lists/oss-security/2012/08/31/3 | MLIST:[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11? | URL:http://www.openwall.com/lists/oss-security/2012/09/02/4 | SECUNIA:50468 | URL:http://secunia.com/advisories/50468 | SECUNIA:51257 | URL:http://secunia.com/advisories/51257",Assigned (20120519),"None (candidate not yet proposed)","" CVE-2012-2791,Candidate,"Multiple unspecified vulnerabilities in the (1) decode_band_hdr function in indeo4.c and (2) ff_ivi_decode_blocks function in ivi_common.c in libavcodec/ in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, have unknown impact and attack vectors, related to the ""transform size.""","BID:55355 | URL:http://www.securityfocus.com/bid/55355 | CONFIRM:http://ffmpeg.org/security.html | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0846719dd11ab3f7a7caee13e7af71f71d913389 | CONFIRM:http://libav.org/releases/libav-0.7.7.changelog | CONFIRM:http://libav.org/releases/libav-0.8.5.changelog | MLIST:[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11? | URL:http://www.openwall.com/lists/oss-security/2012/08/31/3 | MLIST:[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11? | URL:http://www.openwall.com/lists/oss-security/2012/09/02/4 | SECUNIA:50468 | URL:http://secunia.com/advisories/50468 | UBUNTU:USN-1705-1 | URL:http://www.ubuntu.com/usn/USN-1705-1",Assigned (20120519),"None (candidate not yet proposed)","" CVE-2012-2792,Candidate,"Unspecified vulnerability in the decode_init function in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to the samples per frame.","BID:55355 | URL:http://www.securityfocus.com/bid/55355 | CONFIRM:http://ffmpeg.org/security.html | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d442c4462a2692e27a24e1a9d0eb6f18725c7bd8 | MLIST:[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11? | URL:http://www.openwall.com/lists/oss-security/2012/08/31/3 | MLIST:[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11? | URL:http://www.openwall.com/lists/oss-security/2012/09/02/4 | SECUNIA:50468 | URL:http://secunia.com/advisories/50468",Assigned (20120519),"None (candidate not yet proposed)","" CVE-2012-2793,Candidate,"Unspecified vulnerability in the lag_decode_zero_run_line function in libavcodec/lagarith.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors related to ""too many zeros.""","BID:55355 | URL:http://www.securityfocus.com/bid/55355 | CONFIRM:http://ffmpeg.org/security.html | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=83c7803f55b3231faeb93c1a634399a70fae9480 | CONFIRM:http://libav.org/releases/libav-0.7.7.changelog | CONFIRM:http://libav.org/releases/libav-0.8.4.changelog | MANDRIVA:MDVSA-2013:079 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:079 | MLIST:[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11? | URL:http://www.openwall.com/lists/oss-security/2012/08/31/3 | MLIST:[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11? | URL:http://www.openwall.com/lists/oss-security/2012/09/02/4 | SECUNIA:50468 | URL:http://secunia.com/advisories/50468 | SECUNIA:51257 | URL:http://secunia.com/advisories/51257",Assigned (20120519),"None (candidate not yet proposed)","" CVE-2012-2794,Candidate,"Unspecified vulnerability in the decode_mb_info function in libavcodec/indeo5.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors in which the ""allocated tile size ... mismatches parameters.""","BID:55355 | URL:http://www.securityfocus.com/bid/55355 | CONFIRM:http://ffmpeg.org/security.html | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=5ad7335ebac2b38bb2a1c8df51a500b78461c05a | CONFIRM:http://libav.org/releases/libav-0.7.7.changelog | CONFIRM:http://libav.org/releases/libav-0.8.4.changelog | MANDRIVA:MDVSA-2013:079 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:079 | MLIST:[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11? | URL:http://www.openwall.com/lists/oss-security/2012/08/31/3 | MLIST:[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11? | URL:http://www.openwall.com/lists/oss-security/2012/09/02/4 | SECUNIA:50468 | URL:http://secunia.com/advisories/50468 | SECUNIA:51257 | URL:http://secunia.com/advisories/51257",Assigned (20120519),"None (candidate not yet proposed)","" CVE-2012-2795,Candidate,"Multiple unspecified vulnerabilities in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 have unknown impact and attack vectors related to (1) size of ""mclms arrays,"" (2) ""a get_bits(0) in decode_ac_filter,"" and (3) ""too many bits in decode_channel_residues().""","BID:55355 | URL:http://www.securityfocus.com/bid/55355 | CONFIRM:http://ffmpeg.org/security.html | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=2a7063de547b1d8fb1cef523469390fb59fb2c50 | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a0abefb0af64a311b15141062c77dd577ba590a3 | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=b3a43515827f3d22a881c33b87384f01c86786fd | MLIST:[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11? | URL:http://www.openwall.com/lists/oss-security/2012/08/31/3 | MLIST:[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11? | URL:http://www.openwall.com/lists/oss-security/2012/09/02/4 | SECUNIA:50468 | URL:http://secunia.com/advisories/50468",Assigned (20120519),"None (candidate not yet proposed)","" CVE-2012-2796,Candidate,"Unspecified vulnerability in the vc1_decode_frame function in libavcodec/vc1dec.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to inconsistencies in ""coded slice positions and interlacing"" that trigger ""out of array writes.""","BID:55355 | URL:http://www.securityfocus.com/bid/55355 | CONFIRM:http://ffmpeg.org/security.html | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=5e59a77cec804a9b44c60ea22c17beba6453ef23 | CONFIRM:http://libav.org/releases/libav-0.8.4.changelog | MANDRIVA:MDVSA-2013:079 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:079 | MLIST:[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11? | URL:http://www.openwall.com/lists/oss-security/2012/08/31/3 | MLIST:[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11? | URL:http://www.openwall.com/lists/oss-security/2012/09/02/4 | SECUNIA:50468 | URL:http://secunia.com/advisories/50468 | SECUNIA:51257 | URL:http://secunia.com/advisories/51257",Assigned (20120519),"None (candidate not yet proposed)","" CVE-2012-2797,Candidate,"Unspecified vulnerability in the decode_frame_mp3on4 function in libavcodec/mpegaudiodec.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.5 has unknown impact and attack vectors related to a calculation that prevents a frame from being ""large enough.""","BID:55355 | URL:http://www.securityfocus.com/bid/55355 | CONFIRM:http://ffmpeg.org/security.html | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=cca9528524c7a4b91451f4322bd50849af5d057e | CONFIRM:http://libav.org/releases/libav-0.8.5.changelog | MLIST:[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11? | URL:http://www.openwall.com/lists/oss-security/2012/08/31/3 | MLIST:[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11? | URL:http://www.openwall.com/lists/oss-security/2012/09/02/4 | SECUNIA:50468 | URL:http://secunia.com/advisories/50468 | UBUNTU:USN-1705-1 | URL:http://www.ubuntu.com/usn/USN-1705-1",Assigned (20120519),"None (candidate not yet proposed)","" CVE-2012-2798,Candidate,"Unspecified vulnerability in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an ""out of array write.""","BID:55355 | URL:http://www.securityfocus.com/bid/55355 | CONFIRM:http://ffmpeg.org/security.html | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=72b9537d8886f679494651df517dfed9b420cf1f | CONFIRM:http://libav.org/releases/libav-0.7.7.changelog | CONFIRM:http://libav.org/releases/libav-0.8.4.changelog | CONFIRM:http://libav.org/releases/libav-0.8.5.changelog | MANDRIVA:MDVSA-2013:079 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:079 | MLIST:[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11? | URL:http://www.openwall.com/lists/oss-security/2012/08/31/3 | MLIST:[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11? | URL:http://www.openwall.com/lists/oss-security/2012/09/02/4 | SECUNIA:50468 | URL:http://secunia.com/advisories/50468 | SECUNIA:51257 | URL:http://secunia.com/advisories/51257 | UBUNTU:USN-1705-1 | URL:http://www.ubuntu.com/usn/USN-1705-1",Assigned (20120519),"None (candidate not yet proposed)","" CVE-2012-2799,Candidate,"Unspecified vulnerability in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to the ""put bit buffer when num_saved_bits is reset.""","BID:55355 | URL:http://www.securityfocus.com/bid/55355 | CONFIRM:http://ffmpeg.org/security.html | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=64bd7f8e4db1742e86c5ed02bd530688b74063e3 | MLIST:[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11? | URL:http://www.openwall.com/lists/oss-security/2012/08/31/3 | MLIST:[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11? | URL:http://www.openwall.com/lists/oss-security/2012/09/02/4 | SECUNIA:50468 | URL:http://secunia.com/advisories/50468",Assigned (20120519),"None (candidate not yet proposed)","" CVE-2012-2800,Candidate,"Unspecified vulnerability in the ff_ivi_process_empty_tile function in libavcodec/ivi_common.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors in which the ""tile size ... mismatches parameters"" and triggers ""writing into a too small array.""","BID:55355 | URL:http://www.securityfocus.com/bid/55355 | CONFIRM:http://ffmpeg.org/security.html | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f0bf9e9c2a65e9a2b9d9e4e94f99acb191dc7ae7 | CONFIRM:http://libav.org/releases/libav-0.7.7.changelog | CONFIRM:http://libav.org/releases/libav-0.8.4.changelog | MANDRIVA:MDVSA-2013:079 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:079 | MLIST:[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11? | URL:http://www.openwall.com/lists/oss-security/2012/08/31/3 | MLIST:[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11? | URL:http://www.openwall.com/lists/oss-security/2012/09/02/4 | SECUNIA:50468 | URL:http://secunia.com/advisories/50468 | SECUNIA:51257 | URL:http://secunia.com/advisories/51257",Assigned (20120519),"None (candidate not yet proposed)","" CVE-2012-2801,Candidate,"Unspecified vulnerability in libavcodec/avs.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to dimensions and ""out of array writes.""","BID:55355 | URL:http://www.securityfocus.com/bid/55355 | CONFIRM:http://ffmpeg.org/security.html | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1df49142bab1b7bccd11392aa9e819e297d21a6e | CONFIRM:http://libav.org/releases/libav-0.7.7.changelog | CONFIRM:http://libav.org/releases/libav-0.8.4.changelog | CONFIRM:http://libav.org/releases/libav-0.8.5.changelog | MANDRIVA:MDVSA-2013:079 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:079 | MLIST:[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11? | URL:http://www.openwall.com/lists/oss-security/2012/08/31/3 | MLIST:[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11? | URL:http://www.openwall.com/lists/oss-security/2012/09/02/4 | SECUNIA:50468 | URL:http://secunia.com/advisories/50468 | SECUNIA:51257 | URL:http://secunia.com/advisories/51257 | UBUNTU:USN-1705-1 | URL:http://www.ubuntu.com/usn/USN-1705-1",Assigned (20120519),"None (candidate not yet proposed)","" CVE-2012-2802,Candidate,"Unspecified vulnerability in the ac3_decode_frame function in libavcodec/ac3dec.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to the ""number of output channels"" and ""out of array writes.""","BID:55355 | URL:http://www.securityfocus.com/bid/55355 | CONFIRM:http://ffmpeg.org/security.html | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=2c22701c371c2f3dea21fcdbb97c981939fb77af | CONFIRM:http://libav.org/releases/libav-0.8.4.changelog | CONFIRM:http://libav.org/releases/libav-0.8.5.changelog | MANDRIVA:MDVSA-2013:079 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:079 | MLIST:[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11? | URL:http://www.openwall.com/lists/oss-security/2012/08/31/3 | MLIST:[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11? | URL:http://www.openwall.com/lists/oss-security/2012/09/02/4 | SECUNIA:50468 | URL:http://secunia.com/advisories/50468 | SECUNIA:51257 | URL:http://secunia.com/advisories/51257 | UBUNTU:USN-1705-1 | URL:http://www.ubuntu.com/usn/USN-1705-1",Assigned (20120519),"None (candidate not yet proposed)","" CVE-2012-2803,Candidate,"Double free vulnerability in the mpeg_decode_frame function in libavcodec/mpeg12.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, has unknown impact and attack vectors, related to resetting the data size value.","BID:55355 | URL:http://www.securityfocus.com/bid/55355 | CONFIRM:http://ffmpeg.org/security.html | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=951cbea56fdc03ef96d07fbd7e5bed755d42ac8a | CONFIRM:http://libav.org/releases/libav-0.7.7.changelog | CONFIRM:http://libav.org/releases/libav-0.8.5.changelog | MLIST:[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11? | URL:http://www.openwall.com/lists/oss-security/2012/08/31/3 | MLIST:[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11? | URL:http://www.openwall.com/lists/oss-security/2012/09/02/4 | SECUNIA:50468 | URL:http://secunia.com/advisories/50468 | UBUNTU:USN-1705-1 | URL:http://www.ubuntu.com/usn/USN-1705-1 | UBUNTU:USN-1706-1 | URL:http://www.ubuntu.com/usn/USN-1706-1",Assigned (20120519),"None (candidate not yet proposed)","" CVE-2012-2804,Candidate,"Unspecified vulnerability in libavcodec/indeo3.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.5 has unknown impact and attack vectors, related to ""reallocation code"" and the luma height and width.","BID:55355 | URL:http://www.securityfocus.com/bid/55355 | CONFIRM:http://ffmpeg.org/security.html | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=4a80ebe491609e04110a1dd540a0ca79d3be3d04 | CONFIRM:http://libav.org/releases/libav-0.8.5.changelog | MLIST:[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11? | URL:http://www.openwall.com/lists/oss-security/2012/08/31/3 | MLIST:[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11? | URL:http://www.openwall.com/lists/oss-security/2012/09/02/4 | SECUNIA:50468 | URL:http://secunia.com/advisories/50468 | UBUNTU:USN-1705-1 | URL:http://www.ubuntu.com/usn/USN-1705-1",Assigned (20120519),"None (candidate not yet proposed)","" CVE-2012-2805,Candidate,"Unspecified vulnerability in FFMPEG 0.10 allows remote attackers to cause a denial of service.","CONFIRM:https://www.ffmpeg.org/security.html | MISC:https://vuldb.com/?id.9269",Assigned (20120519),"None (candidate not yet proposed)","" CVE-2012-2882,Candidate,"FFmpeg, as used in Google Chrome before 22.0.1229.79, does not properly handle OGG containers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, related to a ""wild pointer"" issue.","CONFIRM:http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html | CONFIRM:https://chromiumcodereview.appspot.com/10829204 | CONFIRM:https://code.google.com/p/chromium/issues/detail?id=140647 | CONFIRM:https://src.chromium.org/viewvc/chrome?view=rev&revision=150239 | OVAL:oval:org.mitre.oval:def:15688 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15688 | SUSE:openSUSE-SU-2012:1376 | URL:http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00012.html | XF:google-chrome-cve20122882(78839) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/78839",Assigned (20120519),"None (candidate not yet proposed)","" CVE-2012-5359,Candidate,"Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted ASF file.","CONFIRM:https://www.ffmpeg.org/security.html | MISC:https://docs.microsoft.com/en-us/security-updates/VulnerabilityResearchAdvisories/2012/msvr12-017",Assigned (20121010),"None (candidate not yet proposed)","" CVE-2012-5360,Candidate,"Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted QT file.","CONFIRM:https://www.ffmpeg.org/security.html | MISC:https://docs.microsoft.com/en-us/security-updates/VulnerabilityResearchAdvisories/2012/msvr12-017",Assigned (20121010),"None (candidate not yet proposed)","" CVE-2012-5361,Candidate,"Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted WMV file.","BID:56112 | URL:http://www.securityfocus.com/bid/56112 | CONFIRM:https://www.ffmpeg.org/security.html | MISC:https://docs.microsoft.com/en-us/security-updates/VulnerabilityResearchAdvisories/2012/msvr12-017 | MISC:https://technet.microsoft.com/library/security/msvr12-017 | XF:ffmpeg-wmv-code-exec(79405) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79405",Assigned (20121010),"None (candidate not yet proposed)","" CVE-2012-6615,Candidate,"The ff_ass_split_override_codes function in libavcodec/ass_split.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a subtitle dialog without text.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=20c121c00747d6c3b0b0f98deeff021171b2ed74 | CONFIRM:http://www.ffmpeg.org/security.html | CONFIRM:https://trac.ffmpeg.org/ticket/2048 | OSVDB:89592 | URL:http://www.osvdb.org/89592 | SECUNIA:51964 | URL:http://secunia.com/advisories/51964",Assigned (20131224),"None (candidate not yet proposed)","" CVE-2012-6616,Candidate,"The mov_text_decode_frame function in libavcodec/movtextdec.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via crafted 3GPP TS 26.245 data.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=68e48ed72e0597ae61bc3e9e6e6d9edcb1a00073 | CONFIRM:http://www.ffmpeg.org/security.html | CONFIRM:https://trac.ffmpeg.org/ticket/2087 | OSVDB:93242 | URL:http://www.osvdb.org/93242 | SECUNIA:51964 | URL:http://secunia.com/advisories/51964",Assigned (20131224),"None (candidate not yet proposed)","" CVE-2012-6617,Candidate,"The prepare_sdp_description function in ffserver.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (crash) via vectors related to the rtp format.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9929991da7b843e7d80154fcacc4e80579b86a2d | CONFIRM:http://www.ffmpeg.org/security.html | CONFIRM:https://trac.ffmpeg.org/ticket/1986 | OSVDB:93232 | URL:http://www.osvdb.org/93232 | SECUNIA:51964 | URL:http://secunia.com/advisories/51964",Assigned (20131224),"None (candidate not yet proposed)","" CVE-2012-6618,Candidate,"The av_probe_input_buffer function in libavformat/utils.c in FFmpeg before 1.0.2, when running with certain -probesize values, allows remote attackers to cause a denial of service (crash) via a crafted MP3 file, possibly related to frame size or lack of sufficient ""frames to estimate rate.""","CONFIRM:http://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v9.11 | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e74cd2f4706f71da5e9205003c1d8263b54ed3fb | CONFIRM:http://www.ffmpeg.org/security.html | CONFIRM:https://trac.ffmpeg.org/ticket/1991 | MLIST:[ffmpeg-user] 20121204 Re: Unable to analyze/transcode mp3 | URL:http://article.gmane.org/gmane.comp.video.ffmpeg.user/42233 | SECUNIA:51964 | URL:http://secunia.com/advisories/51964",Assigned (20131224),"None (candidate not yet proposed)","" CVE-2013-0224,Candidate,"The Video module 7.x-2.x before 7.x-2.9 for Drupal, when using the FFmpeg transcoder, allows local users to execute arbitrary PHP code by modifying a temporary PHP file.","CONFIRM:https://drupal.org/node/1895234 | MISC:https://drupal.org/node/1896714 | MLIST:[oss-security] 20130124 Re: CVE request for Drupal contributed modules | URL:http://www.openwall.com/lists/oss-security/2013/01/25/4",Assigned (20121206),"None (candidate not yet proposed)","" CVE-2013-0844,Candidate,"Off-by-one error in the adpcm_decode_frame function in libavcodec/adpcm.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via crafted DK4 data, which triggers an out-of-bounds array access.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=85a14dbd5dca34320f58b1ba11dd6dd0df4fb3be | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f18c873ab5ee3c78d00fdcc2582b39c133faecb4 | CONFIRM:http://www.ffmpeg.org/security.html | DEBIAN:DSA-2793 | URL:http://www.debian.org/security/2013/dsa-2793",Assigned (20130107),"None (candidate not yet proposed)","" CVE-2013-0845,Candidate,"libavcodec/alsdec.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via a crafted block length, which triggers an out-of-bounds write.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=0ceca269b66ec12a23bf0907bd2c220513cdbf16 | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=6df0d3e2916c223dbe4262bf1b876dff1cb3f980 | CONFIRM:http://www.ffmpeg.org/security.html | DEBIAN:DSA-2855 | URL:http://www.debian.org/security/2014/dsa-2855",Assigned (20130107),"None (candidate not yet proposed)","" CVE-2013-0846,Candidate,"Array index error in the qdm2_decode_super_block function in libavcodec/qdm2.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted QDM2 data, which triggers an out-of-bounds array access.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a7ee6281f7ef1c29284e3a4cadfe0f227ffde1ed | CONFIRM:http://www.ffmpeg.org/security.html | DEBIAN:DSA-2855 | URL:http://www.debian.org/security/2014/dsa-2855",Assigned (20130107),"None (candidate not yet proposed)","" CVE-2013-0847,Candidate,"The ff_id3v2_parse function in libavformat/id3v2.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via ID3v2 header data, which triggers an out-of-bounds array access.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=10416a4d56fa8a89784e4fb62099c3cab17a9952 | CONFIRM:http://www.ffmpeg.org/security.html",Assigned (20130107),"None (candidate not yet proposed)","" CVE-2013-0848,Candidate,"The decode_init function in libavcodec/huffyuv.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted width in huffyuv data with the predictor set to median and the colorspace set to YUV422P, which triggers an out-of-bounds array access.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=6abb9a901fca27da14d4fffbb01948288b5da3ba | CONFIRM:http://www.ffmpeg.org/security.html | MANDRIVA:MDVSA-2014:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2014:227",Assigned (20130107),"None (candidate not yet proposed)","" CVE-2013-0849,Candidate,"The roq_decode_init function in libavcodec/roqvideodec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted (1) width or (2) height dimension that is not a multiple of sixteen in id RoQ video data.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=3ae610451170cd5a28b33950006ff0bd23036845 | CONFIRM:http://www.ffmpeg.org/security.html | DEBIAN:DSA-2855 | URL:http://www.debian.org/security/2014/dsa-2855",Assigned (20130107),"None (candidate not yet proposed)","" CVE-2013-0850,Candidate,"The decode_slice_header function in libavcodec/h264.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted H.264 data, which triggers an out-of-bounds array access.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6c184880ee2e09fd68c0ae217173832cee5afc1 | CONFIRM:http://www.ffmpeg.org/security.html | DEBIAN:DSA-2793 | URL:http://www.debian.org/security/2013/dsa-2793",Assigned (20130107),"None (candidate not yet proposed)","" CVE-2013-0851,Candidate,"The decode_frame function in libavcodec/eamad.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted Electronic Arts Madcow video data, which triggers an out-of-bounds array access.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=63ac64864c6e0e84355aa3caa5b92208997a9a8d | CONFIRM:http://www.ffmpeg.org/security.html",Assigned (20130107),"None (candidate not yet proposed)","" CVE-2013-0852,Candidate,"The parse_picture_segment function in libavcodec/pgssubdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted RLE data, which triggers an out-of-bounds array access.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c0d68be555f5858703383040e04fcd6529777061 | CONFIRM:http://www.ffmpeg.org/security.html | MANDRIVA:MDVSA-2014:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2014:227",Assigned (20130107),"None (candidate not yet proposed)","" CVE-2013-0853,Candidate,"The wavpack_decode_frame function in libavcodec/wavpack.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted WavPack data, which triggers an out-of-bounds array access, possibly due to an off-by-one error.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=be818df547c3b0ae4fadb50fd210139a8636706a | CONFIRM:http://www.ffmpeg.org/security.html | DEBIAN:DSA-2793 | URL:http://www.debian.org/security/2013/dsa-2793",Assigned (20130107),"None (candidate not yet proposed)","" CVE-2013-0854,Candidate,"The mjpeg_decode_scan_progressive_ac function in libavcodec/mjpegdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted MJPEG data.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1f41cffe1e3e79620f587545bdfcbd7e6e68ed29 | CONFIRM:http://www.ffmpeg.org/security.html | DEBIAN:DSA-2793 | URL:http://www.debian.org/security/2013/dsa-2793",Assigned (20130107),"None (candidate not yet proposed)","" CVE-2013-0855,Candidate,"Integer overflow in the alac_decode_close function in libavcodec/alac.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a large number of samples per frame in Apple Lossless Audio Codec (ALAC) data, which triggers an out-of-bounds array access.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=3920d1387834e2bc334aff9f518f4beb24e470bd | CONFIRM:http://www.ffmpeg.org/security.html",Assigned (20130107),"None (candidate not yet proposed)","" CVE-2013-0856,Candidate,"The lpc_prediction function in libavcodec/alac.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted Apple Lossless Audio Codec (ALAC) data, related to a large nb_samples value.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=fd4f4923cce6a2cbf4f48640b4ac706e614a1594 | CONFIRM:http://www.ffmpeg.org/security.html",Assigned (20130107),"None (candidate not yet proposed)","" CVE-2013-0857,Candidate,"The decode_frame_ilbm function in libavcodec/iff.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted height value in IFF PBM/ILBM bitmap data.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=2fbb37b51bbea891392ad357baf8f3dff00bac05 | CONFIRM:http://www.ffmpeg.org/security.html | DEBIAN:DSA-2793 | URL:http://www.debian.org/security/2013/dsa-2793",Assigned (20130107),"None (candidate not yet proposed)","" CVE-2013-0858,Candidate,"The atrac3_decode_init function in libavcodec/atrac3.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via ATRAC3 data with the joint stereo coding mode set and fewer than two channels.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=13451f5520ce6b0afde861b2285dda659f8d4fb4 | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=2502914c5f8eb77659d7c0868396862557a63245 | CONFIRM:http://www.ffmpeg.org/security.html | DEBIAN:DSA-2793 | URL:http://www.debian.org/security/2013/dsa-2793",Assigned (20130107),"None (candidate not yet proposed)","" CVE-2013-0859,Candidate,"The add_doubles_metadata function in libavcodec/tiff.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a negative or zero count value in a TIFF image, which triggers an out-of-bounds array access.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=6d1c5ea04af3e345232aa70c944de961061dab2d | CONFIRM:http://www.ffmpeg.org/security.html",Assigned (20130107),"None (candidate not yet proposed)","" CVE-2013-0860,Candidate,"The ff_er_frame_end function in libavcodec/error_resilience.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.1 does not properly verify that a frame is fully initialized, which allows remote attackers to trigger a NULL pointer dereference via crafted picture data.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3e196e4def03c7a91423803402f84d638d316c33 | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=68a0477bc0af026db971ddba22541029a9e8715b | CONFIRM:http://www.ffmpeg.org/security.html | GENTOO:GLSA-201603-06 | URL:https://security.gentoo.org/glsa/201603-06 | MANDRIVA:MDVSA-2014:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2014:227",Assigned (20130107),"None (candidate not yet proposed)","" CVE-2013-0861,Candidate,"The avcodec_decode_audio4 function in libavcodec/utils.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.1 allows remote attackers to trigger memory corruption via vectors related to the channel layout.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=43c6b45a53a186a187f7266e4d6bd3c2620519f1 | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=4cd1dad91ae97fe1f0dd534c3f5566787566f137 | CONFIRM:http://www.ffmpeg.org/security.html | GENTOO:GLSA-201603-06 | URL:https://security.gentoo.org/glsa/201603-06",Assigned (20130107),"None (candidate not yet proposed)","" CVE-2013-0862,Candidate,"Multiple integer overflows in the process_frame_obj function in libavcodec/sanm.c in FFmpeg before 1.1.2 allow remote attackers to have an unspecified impact via crafted image dimensions in LucasArts Smush video data, which triggers an out-of-bounds array access.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=f4fb841ad13bab66d4fb0c7ff2a94770df7815d8 | CONFIRM:http://www.ffmpeg.org/security.html | GENTOO:GLSA-201603-06 | URL:https://security.gentoo.org/glsa/201603-06",Assigned (20130107),"None (candidate not yet proposed)","" CVE-2013-0863,Candidate,"Buffer overflow in the rle_decode function in libavcodec/sanm.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an unspecified impact via crafted LucasArts Smush video data.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=62c9beda0c189db5cb61fa772057e3af9521f293 | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=89e16e675d3cbe76cf4581f98bf4ac300cab0286 | CONFIRM:http://www.ffmpeg.org/security.html | GENTOO:GLSA-201603-06 | URL:https://security.gentoo.org/glsa/201603-06",Assigned (20130107),"None (candidate not yet proposed)","" CVE-2013-0864,Candidate,"The gif_copy_img_rect function in libavcodec/gifdec.c in FFmpeg before 1.1.2 performs an incorrect calculation for an ""end pointer,"" which allows remote attackers to have an unspecified impact via crafted GIF data that triggers an out-of-bounds array access.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9547034f9120187e23ad76424dd4d70247e62212 | CONFIRM:http://www.ffmpeg.org/security.html | GENTOO:GLSA-201603-06 | URL:https://security.gentoo.org/glsa/201603-06",Assigned (20130107),"None (candidate not yet proposed)","" CVE-2013-0865,Candidate,"The vqa_decode_chunk function in libavcodec/vqavideo.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an unspecified impact via a large (1) cbp0 or (2) cbpz chunk in Westwood Studios VQA Video file, which triggers an out-of-bounds write.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=08e2c7a45f82b897a285548c257972eb1ad352c5 | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f3d16706060ab6ae6dc78f15359fab3fd87c9495 | CONFIRM:http://www.ffmpeg.org/security.html | DEBIAN:DSA-2855 | URL:http://www.debian.org/security/2014/dsa-2855 | GENTOO:GLSA-201603-06 | URL:https://security.gentoo.org/glsa/201603-06",Assigned (20130107),"None (candidate not yet proposed)","" CVE-2013-0866,Candidate,"The aac_decode_init function in libavcodec/aacdec.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an unspecified impact via a large number of channels in an AAC file, which triggers an out-of-bounds array access.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=47e462eecc0a47ad40f59376199f93f227e21d13 | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c459c7b23efffab762560e41ad6a2c0dbbfd4915 | CONFIRM:http://www.ffmpeg.org/security.html | DEBIAN:DSA-2793 | URL:http://www.debian.org/security/2013/dsa-2793 | GENTOO:GLSA-201603-06 | URL:https://security.gentoo.org/glsa/201603-06",Assigned (20130107),"None (candidate not yet proposed)","" CVE-2013-0867,Candidate,"The decode_slice_header function in libavcodec/h264.c in FFmpeg before 1.1.2 does not properly check when the pixel format changes, which allows remote attackers to have unspecified impact via crafted H.264 video data, related to an out-of-bounds array access.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=3ef1538121fa6daeb1767510f1d4ae2c306c9fec | CONFIRM:http://www.ffmpeg.org/security.html | GENTOO:GLSA-201603-06 | URL:https://security.gentoo.org/glsa/201603-06",Assigned (20130107),"None (candidate not yet proposed)","" CVE-2013-0868,Candidate,"libavcodec/huffyuvdec.c in FFmpeg before 1.1.2 allows remote attackers to have an unspecified impact via crafted Huffyuv data, related to an out-of-bounds write and (1) unchecked return codes from the init_vlc function and (2) ""len==0 cases.""","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=6baa54924980e1f0e8121e4715d16ed1adcd2a23 | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=75e88db33013eaa7ab74457f5556df677b4ffb42 | CONFIRM:http://www.ffmpeg.org/security.html | GENTOO:GLSA-201603-06 | URL:https://security.gentoo.org/glsa/201603-06",Assigned (20130107),"None (candidate not yet proposed)","" CVE-2013-0869,Candidate,"The field_end function in libavcodec/h264.c in FFmpeg before 1.1.2 allows remote attackers to have an unspecified impact via crafted H.264 data, related to an SPS and slice mismatch and an out-of-bounds array access.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=eaa9d2cd6b8c1e2722d5bfc56ea67fde865200ce | CONFIRM:http://www.ffmpeg.org/security.html",Assigned (20130107),"None (candidate not yet proposed)","" CVE-2013-0870,Candidate,"The 'vp3_decode_frame' function in FFmpeg 1.1.4 moves threads check out of header packet type check.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=14c8ee00ffd9d45e6e0c6f11a957ce7e56f7eb3a | CONFIRM:https://www.ffmpeg.org/security.html | MLIST:[oss-security] 20140208 Fwd: Old CVE ids, public, but still ""RESERVED"" | URL:http://www.openwall.com/lists/oss-security/2014/02/08/5",Assigned (20130107),"None (candidate not yet proposed)","" CVE-2013-0872,Candidate,"The swr_init function in libswresample/swresample.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via an invalid or unsupported (1) input or (2) output channel layout, related to an out-of-bounds array access.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=21cd905cd44a4bbafe8631bbaa6021d328413ce5 | CONFIRM:http://www.ffmpeg.org/security.html | GENTOO:GLSA-201603-06 | URL:https://security.gentoo.org/glsa/201603-06",Assigned (20130107),"None (candidate not yet proposed)","" CVE-2013-0873,Candidate,"The read_header function in libavcodec/shorten.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via an invalid channel count, related to ""freeing invalid addresses.""","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=4f1279154ee9baf2078241bf5619774970d18b25 | CONFIRM:http://www.ffmpeg.org/security.html | GENTOO:GLSA-201603-06 | URL:https://security.gentoo.org/glsa/201603-06",Assigned (20130107),"None (candidate not yet proposed)","" CVE-2013-0874,Candidate,"The (1) doubles2str and (2) shorts2str functions in libavcodec/tiff.c in FFmpeg before 1.1.3 allow remote attackers to have an unspecified impact via a crafted TIFF image, related to an out-of-bounds array access.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e1219cdaf9fb4bc8cea410e1caf802373c1bfe51 | CONFIRM:http://www.ffmpeg.org/security.html | GENTOO:GLSA-201603-06 | URL:https://security.gentoo.org/glsa/201603-06",Assigned (20130107),"None (candidate not yet proposed)","" CVE-2013-0875,Candidate,"The ff_add_png_paeth_prediction function in libavcodec/pngdec.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via a crafted PNG image, related to an out-of-bounds array access.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1ac0fa50eff30d413206cffa5f47f7fe6d4849b1 | CONFIRM:http://www.ffmpeg.org/security.html | GENTOO:GLSA-201603-06 | URL:https://security.gentoo.org/glsa/201603-06",Assigned (20130107),"None (candidate not yet proposed)","" CVE-2013-0876,Candidate,"Multiple integer overflows in the (1) old_codec37 and (2) old_codec47 functions in libavcodec/sanm.c in FFmpeg before 1.1.3 allow remote attackers to have an unspecified impact via crafted LucasArts Smush data, which triggers an out-of-bounds array access.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=5260edee7e5bd975837696c8c8c1a80eb2fbd7c1 | CONFIRM:http://www.ffmpeg.org/security.html | GENTOO:GLSA-201603-06 | URL:https://security.gentoo.org/glsa/201603-06",Assigned (20130107),"None (candidate not yet proposed)","" CVE-2013-0877,Candidate,"The old_codec37 function in libavcodec/sanm.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via crafted LucasArts Smush data that has a large size when decoded, related to an out-of-bounds array access.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=365270aec5c2b9284230abc702b11168818f14cf | CONFIRM:http://www.ffmpeg.org/security.html | GENTOO:GLSA-201603-06 | URL:https://security.gentoo.org/glsa/201603-06",Assigned (20130107),"None (candidate not yet proposed)","" CVE-2013-0878,Candidate,"The advance_line function in libavcodec/targa.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via crafted Targa image data, related to an out-of-bounds array access.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f5955d9f6f9ffdb81864c3de1c7b801782a55725 | CONFIRM:http://www.ffmpeg.org/security.html | GENTOO:GLSA-201603-06 | URL:https://security.gentoo.org/glsa/201603-06",Assigned (20130107),"None (candidate not yet proposed)","" CVE-2013-0894,Candidate,"Buffer overflow in the vorbis_parse_setup_hdr_floors function in the Vorbis decoder in vorbisdec.c in libavcodec in FFmpeg through 1.1.3, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds array access) or possibly have unspecified other impact via vectors involving a zero value for a bark map size.","CONFIRM:http://git.chromium.org/gitweb/?p=chromium/deps/ffmpeg.git;a=commit;h=e1e70d9bb9852b7d099379afc95531a632a20ba5 | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=2c16bf2de07c68513072bf3cc96401d2c6291a3e | CONFIRM:http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html | CONFIRM:https://code.google.com/p/chromium/issues/detail?id=168473 | SUSE:openSUSE-SU-2013:0454 | URL:http://lists.opensuse.org/opensuse-updates/2013-03/msg00045.html | UBUNTU:USN-1790-1 | URL:http://www.ubuntu.com/usn/USN-1790-1",Assigned (20130107),"None (candidate not yet proposed)","" CVE-2013-2276,Candidate,"The avcodec_decode_audio4 function in utils.c in libavcodec in FFmpeg before 1.1.3 does not verify the decoding state before proceeding with certain skip operations, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted audio data.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8a6449167a6da8cb747cfe3502ae86ffaac2ed48",Assigned (20130226),"None (candidate not yet proposed)","" CVE-2013-2277,Candidate,"The ff_h264_decode_seq_parameter_set function in h264_ps.c in libavcodec in FFmpeg before 1.1.3 does not validate the relationship between luma depth and chroma depth, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted H.264 data.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=bdeb61ccc67911cfc5e20c7cfb1312d0501ca90a | UBUNTU:USN-1790-1 | URL:http://www.ubuntu.com/usn/USN-1790-1",Assigned (20130226),"None (candidate not yet proposed)","" CVE-2013-2495,Candidate,"The iff_read_header function in iff.c in libavformat in FFmpeg through 1.1.3 does not properly handle data sizes for Interchange File Format (IFF) data during operations involving a CMAP chunk or a video codec, which allows remote attackers to cause a denial of service (integer overflow, out-of-bounds array access, and application crash) or possibly have unspecified other impact via a crafted header.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3dbc0ff9c3e6f6e0d08ea3d42cb33761bae084ba | UBUNTU:USN-1790-1 | URL:http://www.ubuntu.com/usn/USN-1790-1",Assigned (20130307),"None (candidate not yet proposed)","" CVE-2013-2496,Candidate,"The msrle_decode_8_16_24_32 function in msrledec.c in libavcodec in FFmpeg through 1.1.3 does not properly determine certain end pointers, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted Microsoft RLE data.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e398990eb87785e20e065cd3f14d1dbb69df4392 | UBUNTU:USN-1790-1 | URL:http://www.ubuntu.com/usn/USN-1790-1",Assigned (20130307),"None (candidate not yet proposed)","" CVE-2013-3670,Candidate,"The rle_unpack function in vmdav.c in libavcodec in FFmpeg git 20130328 through 20130501 does not properly use the bytestream2 API, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted RLE data. NOTE: the vendor has listed this as an issue fixed in 1.2.1, but the issue is actually in new code that was not shipped with the 1.2.1 release or any earlier release.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=0baa0a5a02e16ef097ed9f72bc8a7d7b585c7652 | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=c1f2c4c3b49277d65b71ccdd3b6b2878f1b593eb | MISC:http://ffmpeg.org/security.html",Assigned (20130524),"None (candidate not yet proposed)","" CVE-2013-3671,Candidate,"The format_line function in log.c in libavutil in FFmpeg before 1.2.1 uses inapplicable offset data during a certain category calculation, which allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via crafted data that triggers a log message.","CONFIRM:http://ffmpeg.org/security.html | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7edb984dd051b6919d7d8471c70499273f31b0fa | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=cc0dd86580b3257f22a4981a79eb5fa6804182b6",Assigned (20130524),"None (candidate not yet proposed)","" CVE-2013-3672,Candidate,"The mm_decode_inter function in mmvideo.c in libavcodec in FFmpeg before 1.2.1 does not validate the relationship between a horizontal coordinate and a width value, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted American Laser Games (ALG) MM Video data.","CONFIRM:http://ffmpeg.org/security.html | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7fa6db2545643efb4fe2e0bb501fa50af35a6330 | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8d3c99e825317b7efda5fd12e69896b47c700303 | MANDRIVA:MDVSA-2014:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2014:227",Assigned (20130524),"None (candidate not yet proposed)","" CVE-2013-3673,Candidate,"The gif_decode_frame function in gifdec.c in libavcodec in FFmpeg before 1.2.1 does not properly manage the disposal methods of frames, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted GIF data.","CONFIRM:http://ffmpeg.org/security.html | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7ee5e97c46e30fb3d6f9f78cc3313dbc06528b37 | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=d23b8462b5a4a9da78ed45c4a7a3b35d538df909",Assigned (20130524),"None (candidate not yet proposed)","" CVE-2013-3674,Candidate,"The cdg_decode_frame function in cdgraphics.c in libavcodec in FFmpeg before 1.2.1 does not validate the presence of non-header data in a buffer, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted CD Graphics Video data.","CONFIRM:http://ffmpeg.org/security.html | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7ef2dbd2392e3e4d430e0173e1e5c4df9f18b6dd | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=ad002e1a13a8df934bd6cb2c84175a4780ab8942 | MANDRIVA:MDVSA-2014:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2014:227",Assigned (20130524),"None (candidate not yet proposed)","" CVE-2013-3675,Candidate,"The process_frame_obj function in sanm.c in libavcodec in FFmpeg before 1.2.1 does not validate width and height values, which allows remote attackers to cause a denial of service (integer overflow, out-of-bounds array access, and application crash) via crafted LucasArts Smush video data.","CONFIRM:http://ffmpeg.org/security.html | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=524d0d2cfc7bab1b348f85e7c0369859e63781cf | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=9dd04f6d8cdd1c10c28b2cb4252c1a41df581915",Assigned (20130524),"None (candidate not yet proposed)","" CVE-2013-4263,Candidate,"libavfilter in FFmpeg before 2.0.1 has unspecified impact and remote vectors related to a crafted ""plane,"" which triggers an out-of-bounds heap write.","CONFIRM:http://www.ffmpeg.org/security.html | CONFIRM:https://github.com/FFmpeg/FFmpeg/commit/e43a0a232dbf6d3c161823c2e07c52e76227a1bc | GENTOO:GLSA-201603-06 | URL:https://security.gentoo.org/glsa/201603-06 | MLIST:[oss-security] 20130821 Re: CVE Request: FFmpeg 2.0.1 multiple problems | URL:http://www.openwall.com/lists/oss-security/2013/08/21/11",Assigned (20130612),"None (candidate not yet proposed)","" CVE-2013-4264,Candidate,"The kempf_decode_tile function in libavcodec/g2meet.c in FFmpeg before 2.0.1 allows remote attackers to cause a denial of service (out-of-bounds heap write) via a G2M4 encoded file.","CONFIRM:http://www.ffmpeg.org/security.html | CONFIRM:https://github.com/FFmpeg/FFmpeg/commit/2960576378d17d71cc8dccc926352ce568b5eec1 | CONFIRM:https://trac.ffmpeg.org/ticket/2842 | GENTOO:GLSA-201603-06 | URL:https://security.gentoo.org/glsa/201603-06 | MLIST:[oss-security] 20130821 Re: CVE Request: FFmpeg 2.0.1 multiple problems | URL:http://www.openwall.com/lists/oss-security/2013/08/21/11",Assigned (20130612),"None (candidate not yet proposed)","" CVE-2013-4265,Candidate,"The av_reallocp_array function in libavutil/mem.c in FFmpeg before 2.0.1 has an unspecified impact and remote vectors related to a ""wrong return code"" and a resultant NULL pointer dereference.","CONFIRM:http://www.ffmpeg.org/security.html | CONFIRM:https://github.com/FFmpeg/FFmpeg/commit/c94f9e854228e0ea00e1de8769d8d3f7cab84a55 | GENTOO:GLSA-201603-06 | URL:https://security.gentoo.org/glsa/201603-06 | MLIST:[oss-security] 20130821 Re: CVE Request: FFmpeg 2.0.1 multiple problems | URL:http://www.openwall.com/lists/oss-security/2013/08/21/11",Assigned (20130612),"None (candidate not yet proposed)","" CVE-2013-4358,Candidate,"libavcodec/h264.c in FFmpeg before 0.11.4 allows remote attackers to cause a denial of service (crash) via vectors related to alternating bit depths in H.264 data.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=072be3e8969f24113d599444be4d6a0ed04a6602 | CONFIRM:http://www.ffmpeg.org/security.html",Assigned (20130612),"None (candidate not yet proposed)","" CVE-2013-7008,Candidate,"The decode_slice_header function in libavcodec/h264.c in FFmpeg before 2.1 incorrectly relies on a certain droppable field, which allows remote attackers to cause a denial of service (deadlock) or possibly have unspecified other impact via crafted H.264 data.","CONFIRM:http://ffmpeg.org/security.html | CONFIRM:https://github.com/FFmpeg/FFmpeg/commit/29ffeef5e73b8f41ff3a3f2242d356759c66f91f | CONFIRM:https://trac.ffmpeg.org/ticket/2927 | GENTOO:GLSA-201603-06 | URL:https://security.gentoo.org/glsa/201603-06 | MLIST:[oss-security] 20131126 CVE Request: FFmpeg 2.1 multiple problems | URL:http://openwall.com/lists/oss-security/2013/11/26/7 | MLIST:[oss-security] 20131208 Re: CVE Request: FFmpeg 2.1 multiple problems | URL:http://openwall.com/lists/oss-security/2013/12/08/3",Assigned (20131208),"None (candidate not yet proposed)","" CVE-2013-7009,Candidate,"The rpza_decode_stream function in libavcodec/rpza.c in FFmpeg before 2.1 does not properly maintain a pointer to pixel data, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Apple RPZA data.","CONFIRM:http://ffmpeg.org/security.html | CONFIRM:https://github.com/FFmpeg/FFmpeg/commit/3819db745da2ac7fb3faacb116788c32f4753f34 | CONFIRM:https://trac.ffmpeg.org/ticket/2850 | GENTOO:GLSA-201603-06 | URL:https://security.gentoo.org/glsa/201603-06 | MLIST:[oss-security] 20131126 CVE Request: FFmpeg 2.1 multiple problems | URL:http://openwall.com/lists/oss-security/2013/11/26/7 | MLIST:[oss-security] 20131208 Re: CVE Request: FFmpeg 2.1 multiple problems | URL:http://openwall.com/lists/oss-security/2013/12/08/3",Assigned (20131208),"None (candidate not yet proposed)","" CVE-2013-7010,Candidate,"Multiple integer signedness errors in libavcodec/dsputil.c in FFmpeg before 2.1 allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted data.","CONFIRM:http://ffmpeg.org/security.html | CONFIRM:http://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v9.11 | CONFIRM:https://github.com/FFmpeg/FFmpeg/commit/454a11a1c9c686c78aa97954306fb63453299760 | DEBIAN:DSA-2855 | URL:http://www.debian.org/security/2014/dsa-2855 | GENTOO:GLSA-201603-06 | URL:https://security.gentoo.org/glsa/201603-06 | MLIST:[oss-security] 20131126 CVE Request: FFmpeg 2.1 multiple problems | URL:http://openwall.com/lists/oss-security/2013/11/26/7 | MLIST:[oss-security] 20131208 Re: CVE Request: FFmpeg 2.1 multiple problems | URL:http://openwall.com/lists/oss-security/2013/12/08/3",Assigned (20131208),"None (candidate not yet proposed)","" CVE-2013-7011,Candidate,"The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not prevent changes to global parameters, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted FFV1 data.","CONFIRM:http://ffmpeg.org/security.html | CONFIRM:https://github.com/FFmpeg/FFmpeg/commit/547d690d676064069d44703a1917e0dab7e33445 | CONFIRM:https://trac.ffmpeg.org/ticket/2906 | GENTOO:GLSA-201603-06 | URL:https://security.gentoo.org/glsa/201603-06 | MLIST:[oss-security] 20131126 CVE Request: FFmpeg 2.1 multiple problems | URL:http://openwall.com/lists/oss-security/2013/11/26/7 | MLIST:[oss-security] 20131208 Re: CVE Request: FFmpeg 2.1 multiple problems | URL:http://openwall.com/lists/oss-security/2013/12/08/3",Assigned (20131208),"None (candidate not yet proposed)","" CVE-2013-7012,Candidate,"The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not prevent attempts to use non-zero image offsets, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data.","CONFIRM:http://ffmpeg.org/security.html | CONFIRM:https://github.com/FFmpeg/FFmpeg/commit/780669ef7c23c00836a24921fcc6b03be2b8ca4a | CONFIRM:https://trac.ffmpeg.org/ticket/3080 | GENTOO:GLSA-201603-06 | URL:https://security.gentoo.org/glsa/201603-06 | MLIST:[oss-security] 20131126 CVE Request: FFmpeg 2.1 multiple problems | URL:http://openwall.com/lists/oss-security/2013/11/26/7 | MLIST:[oss-security] 20131208 Re: CVE Request: FFmpeg 2.1 multiple problems | URL:http://openwall.com/lists/oss-security/2013/12/08/3",Assigned (20131208),"None (candidate not yet proposed)","" CVE-2013-7013,Candidate,"The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before 2.1 uses an incorrect ordering of arithmetic operations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Go2Webinar data.","CONFIRM:http://ffmpeg.org/security.html | CONFIRM:https://github.com/FFmpeg/FFmpeg/commit/821a5938d100458f4d09d634041b05c860554ce0 | CONFIRM:https://trac.ffmpeg.org/ticket/2922 | GENTOO:GLSA-201603-06 | URL:https://security.gentoo.org/glsa/201603-06 | MLIST:[oss-security] 20131126 CVE Request: FFmpeg 2.1 multiple problems | URL:http://openwall.com/lists/oss-security/2013/11/26/7 | MLIST:[oss-security] 20131208 Re: CVE Request: FFmpeg 2.1 multiple problems | URL:http://openwall.com/lists/oss-security/2013/12/08/3",Assigned (20131208),"None (candidate not yet proposed)","" CVE-2013-7014,Candidate,"Integer signedness error in the add_bytes_l2_c function in libavcodec/pngdsp.c in FFmpeg before 2.1 allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted PNG data.","CONFIRM:http://ffmpeg.org/security.html | CONFIRM:http://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v9.11 | CONFIRM:https://github.com/FFmpeg/FFmpeg/commit/86736f59d6a527d8bc807d09b93f971c0fe0bb07 | CONFIRM:https://trac.ffmpeg.org/ticket/2919 | DEBIAN:DSA-2855 | URL:http://www.debian.org/security/2014/dsa-2855 | GENTOO:GLSA-201603-06 | URL:https://security.gentoo.org/glsa/201603-06 | MLIST:[oss-security] 20131126 CVE Request: FFmpeg 2.1 multiple problems | URL:http://openwall.com/lists/oss-security/2013/11/26/7 | MLIST:[oss-security] 20131208 Re: CVE Request: FFmpeg 2.1 multiple problems | URL:http://openwall.com/lists/oss-security/2013/12/08/3",Assigned (20131208),"None (candidate not yet proposed)","" CVE-2013-7015,Candidate,"The flashsv_decode_frame function in libavcodec/flashsv.c in FFmpeg before 2.1 does not properly validate a certain height value, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Flash Screen Video data.","CONFIRM:http://ffmpeg.org/security.html | CONFIRM:https://github.com/FFmpeg/FFmpeg/commit/880c73cd76109697447fbfbaa8e5ee5683309446 | CONFIRM:https://trac.ffmpeg.org/ticket/2844 | DEBIAN:DSA-2855 | URL:http://www.debian.org/security/2014/dsa-2855 | GENTOO:GLSA-201603-06 | URL:https://security.gentoo.org/glsa/201603-06 | MLIST:[oss-security] 20131126 CVE Request: FFmpeg 2.1 multiple problems | URL:http://openwall.com/lists/oss-security/2013/11/26/7 | MLIST:[oss-security] 20131208 Re: CVE Request: FFmpeg 2.1 multiple problems | URL:http://openwall.com/lists/oss-security/2013/12/08/3",Assigned (20131208),"None (candidate not yet proposed)","" CVE-2013-7016,Candidate,"The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not ensure the expected sample separation, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data.","CONFIRM:http://ffmpeg.org/security.html | CONFIRM:https://github.com/FFmpeg/FFmpeg/commit/8bb11c3ca77b52e05a9ed1496a65f8a76e6e2d8f | CONFIRM:https://trac.ffmpeg.org/ticket/2848 | GENTOO:GLSA-201603-06 | URL:https://security.gentoo.org/glsa/201603-06 | MLIST:[oss-security] 20131126 CVE Request: FFmpeg 2.1 multiple problems | URL:http://openwall.com/lists/oss-security/2013/11/26/7 | MLIST:[oss-security] 20131208 Re: CVE Request: FFmpeg 2.1 multiple problems | URL:http://openwall.com/lists/oss-security/2013/12/08/3",Assigned (20131208),"None (candidate not yet proposed)","" CVE-2013-7017,Candidate,"libavcodec/jpeg2000.c in FFmpeg before 2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via crafted JPEG2000 data.","CONFIRM:http://ffmpeg.org/security.html | CONFIRM:https://github.com/FFmpeg/FFmpeg/commit/912ce9dd2080c5837285a471d750fa311e09b555 | GENTOO:GLSA-201603-06 | URL:https://security.gentoo.org/glsa/201603-06 | MLIST:[oss-security] 20131126 CVE Request: FFmpeg 2.1 multiple problems | URL:http://openwall.com/lists/oss-security/2013/11/26/7 | MLIST:[oss-security] 20131208 Re: CVE Request: FFmpeg 2.1 multiple problems | URL:http://openwall.com/lists/oss-security/2013/12/08/3",Assigned (20131208),"None (candidate not yet proposed)","" CVE-2013-7018,Candidate,"libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not ensure the use of valid code-block dimension values, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data.","CONFIRM:http://ffmpeg.org/security.html | CONFIRM:https://github.com/FFmpeg/FFmpeg/commit/9a271a9368eaabf99e6c2046103acb33957e63b7 | CONFIRM:https://trac.ffmpeg.org/ticket/2895 | GENTOO:GLSA-201603-06 | URL:https://security.gentoo.org/glsa/201603-06 | MLIST:[oss-security] 20131126 CVE Request: FFmpeg 2.1 multiple problems | URL:http://openwall.com/lists/oss-security/2013/11/26/7 | MLIST:[oss-security] 20131208 Re: CVE Request: FFmpeg 2.1 multiple problems | URL:http://openwall.com/lists/oss-security/2013/12/08/3",Assigned (20131208),"None (candidate not yet proposed)","" CVE-2013-7019,Candidate,"The get_cox function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not properly validate the reduction factor, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data.","CONFIRM:http://ffmpeg.org/security.html | CONFIRM:https://github.com/FFmpeg/FFmpeg/commit/a1b9004b768bef606ee98d417bceb9392ceb788d | CONFIRM:https://trac.ffmpeg.org/ticket/2898 | GENTOO:GLSA-201603-06 | URL:https://security.gentoo.org/glsa/201603-06 | MLIST:[oss-security] 20131126 CVE Request: FFmpeg 2.1 multiple problems | URL:http://openwall.com/lists/oss-security/2013/11/26/7 | MLIST:[oss-security] 20131208 Re: CVE Request: FFmpeg 2.1 multiple problems | URL:http://openwall.com/lists/oss-security/2013/12/08/3",Assigned (20131208),"None (candidate not yet proposed)","" CVE-2013-7020,Candidate,"The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not properly enforce certain bit-count and colorspace constraints, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted FFV1 data.","CONFIRM:http://ffmpeg.org/security.html | CONFIRM:https://github.com/FFmpeg/FFmpeg/commit/b05cd1ea7e45a836f7f6071a716c38bb30326e0f | DEBIAN:DSA-3027 | URL:http://www.debian.org/security/2014/dsa-3027 | GENTOO:GLSA-201603-06 | URL:https://security.gentoo.org/glsa/201603-06 | MANDRIVA:MDVSA-2014:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2014:227 | MLIST:[oss-security] 20131126 CVE Request: FFmpeg 2.1 multiple problems | URL:http://openwall.com/lists/oss-security/2013/11/26/7 | MLIST:[oss-security] 20131208 Re: CVE Request: FFmpeg 2.1 multiple problems | URL:http://openwall.com/lists/oss-security/2013/12/08/3 | SECUNIA:61389 | URL:http://secunia.com/advisories/61389",Assigned (20131208),"None (candidate not yet proposed)","" CVE-2013-7021,Candidate,"The filter_frame function in libavfilter/vf_fps.c in FFmpeg before 2.1 does not properly ensure the availability of FIFO content, which allows remote attackers to cause a denial of service (double free) or possibly have unspecified other impact via crafted data.","CONFIRM:http://ffmpeg.org/security.html | CONFIRM:https://github.com/FFmpeg/FFmpeg/commit/cdd5df8189ff1537f7abe8defe971f80602cc2d2 | CONFIRM:https://trac.ffmpeg.org/ticket/2905 | GENTOO:GLSA-201603-06 | URL:https://security.gentoo.org/glsa/201603-06 | MLIST:[oss-security] 20131126 CVE Request: FFmpeg 2.1 multiple problems | URL:http://openwall.com/lists/oss-security/2013/11/26/7 | MLIST:[oss-security] 20131208 Re: CVE Request: FFmpeg 2.1 multiple problems | URL:http://openwall.com/lists/oss-security/2013/12/08/3",Assigned (20131208),"None (candidate not yet proposed)","" CVE-2013-7022,Candidate,"The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before 2.1 does not properly allocate memory for tiles, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Go2Webinar data.","CONFIRM:http://ffmpeg.org/security.html | CONFIRM:https://github.com/FFmpeg/FFmpeg/commit/e07ac727c1cc9eed39e7f9117c97006f719864bd | CONFIRM:https://trac.ffmpeg.org/ticket/2971 | GENTOO:GLSA-201603-06 | URL:https://security.gentoo.org/glsa/201603-06 | MLIST:[oss-security] 20131126 CVE Request: FFmpeg 2.1 multiple problems | URL:http://openwall.com/lists/oss-security/2013/11/26/7 | MLIST:[oss-security] 20131208 Re: CVE Request: FFmpeg 2.1 multiple problems | URL:http://openwall.com/lists/oss-security/2013/12/08/3",Assigned (20131208),"None (candidate not yet proposed)","" CVE-2013-7023,Candidate,"The ff_combine_frame function in libavcodec/parser.c in FFmpeg before 2.1 does not properly handle certain memory-allocation errors, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted data.","CONFIRM:http://ffmpeg.org/security.html | CONFIRM:https://github.com/FFmpeg/FFmpeg/commit/f31011e9abfb2ae75bb32bc44e2c34194c8dc40a | CONFIRM:https://trac.ffmpeg.org/ticket/2982 | GENTOO:GLSA-201603-06 | URL:https://security.gentoo.org/glsa/201603-06 | MLIST:[oss-security] 20131126 CVE Request: FFmpeg 2.1 multiple problems | URL:http://openwall.com/lists/oss-security/2013/11/26/7 | MLIST:[oss-security] 20131208 Re: CVE Request: FFmpeg 2.1 multiple problems | URL:http://openwall.com/lists/oss-security/2013/12/08/3",Assigned (20131208),"None (candidate not yet proposed)","" CVE-2013-7024,Candidate,"The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not consider the component number in certain calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data.","CONFIRM:http://ffmpeg.org/security.html | CONFIRM:https://github.com/FFmpeg/FFmpeg/commit/fe448cd28d674c3eff3072552eae366d0b659ce9 | CONFIRM:https://trac.ffmpeg.org/ticket/2921 | GENTOO:GLSA-201603-06 | URL:https://security.gentoo.org/glsa/201603-06 | MLIST:[oss-security] 20131126 CVE Request: FFmpeg 2.1 multiple problems | URL:http://openwall.com/lists/oss-security/2013/11/26/7 | MLIST:[oss-security] 20131208 Re: CVE Request: FFmpeg 2.1 multiple problems | URL:http://openwall.com/lists/oss-security/2013/12/08/3",Assigned (20131208),"None (candidate not yet proposed)","" CVE-2014-2097,Candidate,"The tak_decode_frame function in libavcodec/takdec.c in FFmpeg before 2.1.4 does not properly validate a certain bits-per-sample value, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted TAK (aka Tom's lossless Audio Kompressor) data.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=f58eab151214d2d35ff0973f2b3e51c5eb372da4 | GENTOO:GLSA-201603-06 | URL:https://security.gentoo.org/glsa/201603-06",Assigned (20140224),"None (candidate not yet proposed)","" CVE-2014-2098,Candidate,"libavcodec/wmalosslessdec.c in FFmpeg before 2.1.4 uses an incorrect data-structure size for certain coefficients, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted WMA data.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=ec9578d54d09b64bf112c2bf7a34b1ef3b93dbd3 | GENTOO:GLSA-201603-06 | URL:https://security.gentoo.org/glsa/201603-06",Assigned (20140224),"None (candidate not yet proposed)","" CVE-2014-2099,Candidate,"The msrle_decode_frame function in libavcodec/msrle.c in FFmpeg before 2.1.4 does not properly calculate line sizes, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Microsoft RLE video data.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=c919e1ca2ecfc47d796382973ba0e48b8f6f92a2",Assigned (20140224),"None (candidate not yet proposed)","" CVE-2014-2263,Candidate,"The mpegts_write_pmt function in the MPEG2 transport stream (aka DVB) muxer (libavformat/mpegtsenc.c) in FFmpeg, possibly 2.1 and earlier, allows remote attackers to have unspecified impact and vectors, which trigger an out-of-bounds write.","BID:65560 | URL:http://www.securityfocus.com/bid/65560 | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=842b6c14bc | GENTOO:GLSA-201603-06 | URL:https://security.gentoo.org/glsa/201603-06 | SECTRACK:1029850 | URL:http://www.securitytracker.com/id/1029850 | SECUNIA:56971 | URL:http://secunia.com/advisories/56971 | XF:ffmpeg-mpegtswritepmt-bo(91174) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/91174",Assigned (20140228),"None (candidate not yet proposed)","" CVE-2014-3157,Candidate,"Heap-based buffer overflow in the FFmpegVideoDecoder::GetVideoBuffer function in media/filters/ffmpeg_video_decoder.cc in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging VideoFrame data structures that are too small for proper interaction with an underlying FFmpeg library.","BID:67972 | URL:http://www.securityfocus.com/bid/67972 | CONFIRM:http://googlechromereleases.blogspot.com/2014/06/stable-channel-update.html | CONFIRM:https://code.google.com/p/chromium/issues/detail?id=368980 | CONFIRM:https://src.chromium.org/viewvc/chrome?revision=268831&view=revision | DEBIAN:DSA-2959 | URL:http://www.debian.org/security/2014/dsa-2959 | GENTOO:GLSA-201408-16 | URL:http://security.gentoo.org/glsa/glsa-201408-16.xml | SECUNIA:58585 | URL:http://secunia.com/advisories/58585 | SECUNIA:59090 | URL:http://secunia.com/advisories/59090 | SECUNIA:60061 | URL:http://secunia.com/advisories/60061 | SECUNIA:60372 | URL:http://secunia.com/advisories/60372",Assigned (20140503),"None (candidate not yet proposed)","" CVE-2014-4610,Candidate,"Integer overflow in the get_len function in libavutil/lzo.c in FFmpeg before 0.10.14, 1.1.x before 1.1.12, 1.2.x before 1.2.7, 2.0.x before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.4 allows remote attackers to execute arbitrary code via a crafted Literal Run.","MISC:http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html | MISC:http://www.openwall.com/lists/oss-security/2014/06/26/23 | MISC:https://www.ffmpeg.org/security.html",Assigned (20140623),"None (candidate not yet proposed)","" CVE-2014-5271,Candidate,"Heap-based buffer overflow in the encode_slice function in libavcodec/proresenc_kostya.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.x before 2.2.7, and 2.3.x before 2.3.3 and Libav before 10.5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors.","BID:69250 | URL:http://www.securityfocus.com/bid/69250 | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=52b81ff4635c077b2bc8b8d3637d933b6629d803 | CONFIRM:https://www.ffmpeg.org/security.html | GENTOO:GLSA-201603-06 | URL:https://security.gentoo.org/glsa/201603-06 | OSVDB:111725 | URL:http://www.osvdb.org/111725",Assigned (20140815),"None (candidate not yet proposed)","" CVE-2014-5272,Candidate,"libavcodec/iff.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.2.x before 2.2.7, and 2.3.x before 2.3.2 allows remote attackers to have unspecified impact via a crafted iff image, which triggers an out-of-bounds array access, related to the rgb8 and rgbn formats.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=abc1fa7c5a1dca1345b9471b81cfcda00c56220d | CONFIRM:https://www.ffmpeg.org/security.html | GENTOO:GLSA-201603-06 | URL:https://security.gentoo.org/glsa/201603-06 | MLIST:[oss-security] 20140816 Re: CVE request: FFmpeg issues | URL:http://www.openwall.com/lists/oss-security/2014/08/16/6",Assigned (20140815),"None (candidate not yet proposed)","" CVE-2014-7933,Candidate,"Use-after-free vulnerability in the matroska_read_seek function in libavformat/matroskadec.c in FFmpeg before 2.5.1, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Matroska file that triggers improper maintenance of tracks data.","BID:72288 | URL:http://www.securityfocus.com/bid/72288 | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=490a3ebf36821b81f73e34ad3f554cb523dd2682 | CONFIRM:http://googlechromereleases.blogspot.com/2015/01/stable-update.html | CONFIRM:https://code.google.com/p/chromium/issues/detail?id=427266 | GENTOO:GLSA-201502-13 | URL:http://security.gentoo.org/glsa/glsa-201502-13.xml | REDHAT:RHSA-2015:0093 | URL:http://rhn.redhat.com/errata/RHSA-2015-0093.html | SECTRACK:1031623 | URL:http://www.securitytracker.com/id/1031623 | SECUNIA:62383 | URL:http://secunia.com/advisories/62383 | SECUNIA:62575 | URL:http://secunia.com/advisories/62575 | SECUNIA:62665 | URL:http://secunia.com/advisories/62665 | SUSE:openSUSE-SU-2015:0441 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html | UBUNTU:USN-2476-1 | URL:http://www.ubuntu.com/usn/USN-2476-1",Assigned (20141006),"None (candidate not yet proposed)","" CVE-2014-7937,Candidate,"Multiple off-by-one errors in libavcodec/vorbisdec.c in FFmpeg before 2.4.2, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Vorbis I data.","BID:72288 | URL:http://www.securityfocus.com/bid/72288 | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8c50704ebf1777bee76772c4835d9760b3721057 | CONFIRM:http://googlechromereleases.blogspot.com/2015/01/stable-update.html | CONFIRM:https://chromium.googlesource.com/chromium/third_party/ffmpeg/+/d4608b7c83f56b17f14fdd94990341f62bb52f92 | CONFIRM:https://code.google.com/p/chromium/issues/detail?id=419060 | GENTOO:GLSA-201502-13 | URL:http://security.gentoo.org/glsa/glsa-201502-13.xml | GENTOO:GLSA-201603-06 | URL:https://security.gentoo.org/glsa/201603-06 | REDHAT:RHSA-2015:0093 | URL:http://rhn.redhat.com/errata/RHSA-2015-0093.html | SECTRACK:1031623 | URL:http://www.securitytracker.com/id/1031623 | SECUNIA:62383 | URL:http://secunia.com/advisories/62383 | SECUNIA:62575 | URL:http://secunia.com/advisories/62575 | SECUNIA:62665 | URL:http://secunia.com/advisories/62665 | SUSE:openSUSE-SU-2015:0441 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html | UBUNTU:USN-2476-1 | URL:http://www.ubuntu.com/usn/USN-2476-1",Assigned (20141006),"None (candidate not yet proposed)","" CVE-2014-8541,Candidate,"libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension differences, and not bits-per-pixel differences, when determining whether an image size has changed, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted MJPEG data.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=5c378d6a6df8243f06c87962b873bd563e58cd39 | CONFIRM:http://www.ffmpeg.org/security.html | GENTOO:GLSA-201603-06 | URL:https://security.gentoo.org/glsa/201603-06 | UBUNTU:USN-2944-1 | URL:http://www.ubuntu.com/usn/USN-2944-1",Assigned (20141030),"None (candidate not yet proposed)","" CVE-2014-8542,Candidate,"libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec ID during enforcement of alignment, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted JV data.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=105654e376a736d243aef4a1d121abebce912e6b | CONFIRM:http://www.ffmpeg.org/security.html | GENTOO:GLSA-201603-06 | URL:https://security.gentoo.org/glsa/201603-06 | MLIST:[debian-lts-announce] 20190206 [SECURITY] [DLA 1654-1] libav security update | URL:https://lists.debian.org/debian-lts-announce/2019/02/msg00005.html | UBUNTU:USN-2534-1 | URL:http://www.ubuntu.com/usn/USN-2534-1",Assigned (20141030),"None (candidate not yet proposed)","" CVE-2014-8543,Candidate,"libavcodec/mmvideo.c in FFmpeg before 2.4.2 does not consider all lines of HHV Intra blocks during validation of image height, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted MM video data.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8b0e96e1f21b761ca15dbb470cd619a1ebf86c3e | CONFIRM:http://www.ffmpeg.org/security.html | GENTOO:GLSA-201603-06 | URL:https://security.gentoo.org/glsa/201603-06 | UBUNTU:USN-2534-1 | URL:http://www.ubuntu.com/usn/USN-2534-1",Assigned (20141030),"None (candidate not yet proposed)","" CVE-2014-8544,Candidate,"libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate bits-per-pixel fields, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted TIFF data.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e1c0cfaa419aa5d320540d5a1b3f8fd9b82ab7e5 | CONFIRM:http://www.ffmpeg.org/security.html | GENTOO:GLSA-201603-06 | URL:https://security.gentoo.org/glsa/201603-06 | UBUNTU:USN-2534-1 | URL:http://www.ubuntu.com/usn/USN-2534-1",Assigned (20141030),"None (candidate not yet proposed)","" CVE-2014-8545,Candidate,"libavcodec/pngdec.c in FFmpeg before 2.4.2 accepts the monochrome-black format without verifying that the bits-per-pixel value is 1, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted PNG data.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3e2b745020c2dbf0201fe7df3dad9e7e0b2e1bb6 | CONFIRM:http://www.ffmpeg.org/security.html | GENTOO:GLSA-201603-06 | URL:https://security.gentoo.org/glsa/201603-06",Assigned (20141030),"None (candidate not yet proposed)","" CVE-2014-8546,Candidate,"Integer underflow in libavcodec/cinepak.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Cinepak video data.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e7e5114c506957f40aafd794e06de1a7e341e9d5 | CONFIRM:http://www.ffmpeg.org/security.html | GENTOO:GLSA-201603-06 | URL:https://security.gentoo.org/glsa/201603-06",Assigned (20141030),"None (candidate not yet proposed)","" CVE-2014-8547,Candidate,"libavcodec/gifdec.c in FFmpeg before 2.4.2 does not properly compute image heights, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted GIF data.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8f1457864be8fb9653643519dea1c6492f1dde57 | CONFIRM:http://www.ffmpeg.org/security.html | GENTOO:GLSA-201603-06 | URL:https://security.gentoo.org/glsa/201603-06 | UBUNTU:USN-2534-1 | URL:http://www.ubuntu.com/usn/USN-2534-1",Assigned (20141030),"None (candidate not yet proposed)","" CVE-2014-8548,Candidate,"Off-by-one error in libavcodec/smc.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Quicktime Graphics (aka SMC) video data.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=c727401aa9d62335e89d118a5b4e202edf39d905 | CONFIRM:http://www.ffmpeg.org/security.html | GENTOO:GLSA-201603-06 | URL:https://security.gentoo.org/glsa/201603-06 | UBUNTU:USN-2534-1 | URL:http://www.ubuntu.com/usn/USN-2534-1",Assigned (20141030),"None (candidate not yet proposed)","" CVE-2014-8549,Candidate,"libavcodec/on2avc.c in FFmpeg before 2.4.2 does not constrain the number of channels to at most 2, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted On2 data.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=550f3e9df3410b3dd975e590042c0d83e20a8da3 | CONFIRM:http://www.ffmpeg.org/security.html | GENTOO:GLSA-201603-06 | URL:https://security.gentoo.org/glsa/201603-06",Assigned (20141030),"None (candidate not yet proposed)","" CVE-2014-9316,Candidate,"The mjpeg_decode_app function in libavcodec/mjpegdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via vectors related to LJIF tags in an MJPEG file.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=0eecf40935b22644e6cd74c586057237ecfd6844 | CONFIRM:https://www.ffmpeg.org/security.html | GENTOO:GLSA-201603-06 | URL:https://security.gentoo.org/glsa/201603-06",Assigned (20141207),"None (candidate not yet proposed)","" CVE-2014-9317,Candidate,"The decode_ihdr_chunk function in libavcodec/pngdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via an IDAT before an IHDR in a PNG file.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=79ceaf827be0b070675d4cd0a55c3386542defd8 | CONFIRM:https://www.ffmpeg.org/security.html | GENTOO:GLSA-201603-06 | URL:https://security.gentoo.org/glsa/201603-06 | MLIST:[debian-lts-announce] 20181220 [SECURITY] [DLA 1611-1] libav security update | URL:https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html",Assigned (20141207),"None (candidate not yet proposed)","" CVE-2014-9318,Candidate,"The raw_decode function in libavcodec/rawdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via a crafted .cine file that triggers the avpicture_get_size function to return a negative frame size.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=1d3a3b9f8907625b361420d48fe05716859620ff | CONFIRM:https://www.ffmpeg.org/security.html | GENTOO:GLSA-201603-06 | URL:https://security.gentoo.org/glsa/201603-06",Assigned (20141207),"None (candidate not yet proposed)","" CVE-2014-9319,Candidate,"The ff_hevc_decode_nal_sps function in libavcodec/hevc_ps.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted .bit file.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=ea38e5a6b75706477898eb1e6582d667dbb9946c | CONFIRM:https://www.ffmpeg.org/security.html | GENTOO:GLSA-201603-06 | URL:https://security.gentoo.org/glsa/201603-06",Assigned (20141207),"None (candidate not yet proposed)","" CVE-2014-9602,Candidate,"libavcodec/xface.h in FFmpeg before 2.5.2 establishes certain digits and words array dimensions that do not satisfy a required mathematical relationship, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted X-Face image data.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=93a5a16f136d095d23610f57bdad10ba88120fba | GENTOO:GLSA-201603-06 | URL:https://security.gentoo.org/glsa/201603-06",Assigned (20150116),"None (candidate not yet proposed)","" CVE-2014-9603,Candidate,"The vmd_decode function in libavcodec/vmdvideo.c in FFmpeg before 2.5.2 does not validate the relationship between a certain length value and the frame width, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Sierra VMD video data.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3030fb7e0d41836f8add6399e9a7c7b740b48bfd | GENTOO:GLSA-201603-06 | URL:https://security.gentoo.org/glsa/201603-06",Assigned (20150116),"None (candidate not yet proposed)","" CVE-2014-9604,Candidate,"libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for a zero value of a slice height, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Ut Video data, related to the (1) restore_median and (2) restore_median_il functions.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3881606240953b9275a247a1c98a567f3c44890f | GENTOO:GLSA-201603-06 | URL:https://security.gentoo.org/glsa/201603-06 | UBUNTU:USN-2534-1 | URL:http://www.ubuntu.com/usn/USN-2534-1",Assigned (20150116),"None (candidate not yet proposed)","" CVE-2014-9676,Candidate,"The seg_write_packet function in libavformat/segment.c in ffmpeg 2.1.4 and earlier does not free the correct memory location, which allows remote attackers to cause a denial of service (""invalid memory handler"") and possibly execute arbitrary code via a crafted video that triggers a use after free.","GENTOO:GLSA-201606-09 | URL:https://security.gentoo.org/glsa/201606-09 | MLIST:[oss-security] 20150104 Vulnerability Report - from QIHU 360 China | URL:http://seclists.org/oss-sec/2015/q1/38",Assigned (20150212),"None (candidate not yet proposed)","" CVE-2015-1207,Candidate,"Double-free vulnerability in libavformat/mov.c in FFMPEG in Google Chrome 41.0.2251.0 allows remote attackers to cause a denial of service (memory corruption and crash) via a crafted .m4a file.","CONFIRM:https://bugs.chromium.org/p/chromium/issues/detail?id=444539 | CONFIRM:https://gist.github.com/bittorrent3389/8fee7cdaa73d1d351ee9 | MLIST:[debian-lts-announce] 20190206 [SECURITY] [DLA 1654-1] libav security update | URL:https://lists.debian.org/debian-lts-announce/2019/02/msg00005.html",Assigned (20150121),"None (candidate not yet proposed)","" CVE-2015-1208,Candidate,"Integer underflow in the mov_read_default function in libavformat/mov.c in FFmpeg before 2.4.6 allows remote attackers to obtain sensitive information from heap and/or stack memory via a crafted MP4 file.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3ebd76a9c57558e284e94da367dd23b435e6a6d0 | CONFIRM:https://bugs.chromium.org/p/chromium/issues/detail?id=444546 | CONFIRM:https://github.com/FFmpeg/FFmpeg/blob/n2.4.6/Changelog",Assigned (20150121),"None (candidate not yet proposed)","" CVE-2015-1872,Candidate,"The ff_mjpeg_decode_sof function in libavcodec/mjpegdec.c in FFmpeg before 2.5.4 does not validate the number of components in a JPEG-LS Start Of Frame segment, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Motion JPEG data.","BID:72644 | URL:http://www.securityfocus.com/bid/72644 | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=fabbfaa095660982cc0bc63242c459561fa37037 | MLIST:[debian-lts-announce] 20190330 [SECURITY] [DLA 1740-1] libav security update | URL:https://lists.debian.org/debian-lts-announce/2019/03/msg00041.html | SECTRACK:1033078 | URL:http://www.securitytracker.com/id/1033078 | UBUNTU:USN-2944-1 | URL:http://www.ubuntu.com/usn/USN-2944-1",Assigned (20150217),"None (candidate not yet proposed)","" CVE-2015-3395,Candidate,"The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2 allows remote attackers to have unspecified impact via a crafted image, related to a pixel pointer, which triggers an out-of-bounds array access.","BID:74433 | URL:http://www.securityfocus.com/bid/74433 | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f7e1367f58263593e6cee3c282f7277d7ee9d553 | CONFIRM:https://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v11.4 | CONFIRM:https://www.ffmpeg.org/security.html | DEBIAN:DSA-3288 | URL:http://www.debian.org/security/2015/dsa-3288 | GENTOO:GLSA-201603-06 | URL:https://security.gentoo.org/glsa/201603-06 | GENTOO:GLSA-201705-08 | URL:https://security.gentoo.org/glsa/201705-08 | UBUNTU:USN-2944-1 | URL:http://www.ubuntu.com/usn/USN-2944-1",Assigned (20150421),"None (candidate not yet proposed)","" CVE-2015-3417,Candidate,"Use-after-free vulnerability in the ff_h264_free_tables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references H.264 data.","BID:74385 | URL:http://www.securityfocus.com/bid/74385 | CONFIRM:https://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v11.4 | CONFIRM:https://github.com/FFmpeg/FFmpeg/commit/e8714f6f93d1a32f4e4655209960afcf4c185214 | DEBIAN:DSA-3288 | URL:http://www.debian.org/security/2015/dsa-3288 | FULLDISC:20150414 several issues in SQLite (+ catching up on several other bugs) | URL:http://seclists.org/fulldisclosure/2015/Apr/31 | GENTOO:GLSA-201705-08 | URL:https://security.gentoo.org/glsa/201705-08 | SECTRACK:1032198 | URL:http://www.securitytracker.com/id/1032198",Assigned (20150424),"None (candidate not yet proposed)","" CVE-2015-6761,Candidate,"The update_dimensions function in libavcodec/vp8.c in FFmpeg through 2.8.1, as used in Google Chrome before 46.0.2490.71 and other products, relies on a coefficient-partition count during multi-threaded operation, which allows remote attackers to cause a denial of service (race condition and memory corruption) or possibly have unspecified other impact via a crafted WebM file.","BID:77073 | URL:http://www.securityfocus.com/bid/77073 | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=dabea74d0e82ea80cd344f630497cafcb3ef872c | CONFIRM:http://googlechromereleases.blogspot.com/2015/10/stable-channel-update.html | CONFIRM:https://code.google.com/p/chromium/issues/detail?id=447860 | CONFIRM:https://code.google.com/p/chromium/issues/detail?id=532967 | CONFIRM:https://codereview.chromium.org/1376913003 | DEBIAN:DSA-3376 | URL:http://www.debian.org/security/2015/dsa-3376 | GENTOO:GLSA-201603-09 | URL:https://security.gentoo.org/glsa/201603-09 | MLIST:[debian-lts-announce] 20181220 [SECURITY] [DLA 1611-1] libav security update | URL:https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html | REDHAT:RHSA-2015:1912 | URL:http://rhn.redhat.com/errata/RHSA-2015-1912.html | SECTRACK:1033816 | URL:http://www.securitytracker.com/id/1033816 | UBUNTU:USN-2770-1 | URL:http://www.ubuntu.com/usn/USN-2770-1 | UBUNTU:USN-2770-2 | URL:http://www.ubuntu.com/usn/USN-2770-2",Assigned (20150831),"None (candidate not yet proposed)","" CVE-2015-6818,Candidate,"The decode_ihdr_chunk function in libavcodec/pngdec.c in FFmpeg before 2.7.2 does not enforce uniqueness of the IHDR (aka image header) chunk in a PNG image, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted image with two or more of these chunks.","CONFIRM:http://ffmpeg.org/security.html | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=47f4e2d8960ca756ca153ab8e3e93d80449b8c91 | MLIST:[debian-lts-announce] 20181220 [SECURITY] [DLA 1611-1] libav security update | URL:https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html | SECTRACK:1033483 | URL:http://www.securitytracker.com/id/1033483 | UBUNTU:USN-2944-1 | URL:http://www.ubuntu.com/usn/USN-2944-1",Assigned (20150905),"None (candidate not yet proposed)","" CVE-2015-6819,Candidate,"Multiple integer underflows in the ff_mjpeg_decode_frame function in libavcodec/mjpegdec.c in FFmpeg before 2.7.2 allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted MJPEG data.","CONFIRM:http://ffmpeg.org/security.html | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=84afc6b70d24fc0bf686e43138c96cf60a9445fe | SECTRACK:1033483 | URL:http://www.securitytracker.com/id/1033483",Assigned (20150905),"None (candidate not yet proposed)","" CVE-2015-6820,Candidate,"The ff_sbr_apply function in libavcodec/aacsbr.c in FFmpeg before 2.7.2 does not check for a matching AAC frame syntax element before proceeding with Spectral Band Replication calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted AAC data.","CONFIRM:http://ffmpeg.org/security.html | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=79a98294da6cd85f8c86b34764c5e0c43b09eea3 | MLIST:[debian-lts-announce] 20181220 [SECURITY] [DLA 1611-1] libav security update | URL:https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html | SECTRACK:1033483 | URL:http://www.securitytracker.com/id/1033483 | UBUNTU:USN-2944-1 | URL:http://www.ubuntu.com/usn/USN-2944-1",Assigned (20150905),"None (candidate not yet proposed)","" CVE-2015-6821,Candidate,"The ff_mpv_common_init function in libavcodec/mpegvideo.c in FFmpeg before 2.7.2 does not properly maintain the encoding context, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via crafted MPEG data.","CONFIRM:http://ffmpeg.org/security.html | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=b160fc290cf49b516c5b6ee0730fd9da7fc623b1 | MLIST:[debian-lts-announce] 20181220 [SECURITY] [DLA 1611-1] libav security update | URL:https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html | SECTRACK:1033483 | URL:http://www.securitytracker.com/id/1033483",Assigned (20150905),"None (candidate not yet proposed)","" CVE-2015-6822,Candidate,"The destroy_buffers function in libavcodec/sanm.c in FFmpeg before 2.7.2 does not properly maintain height and width values in the video context, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via crafted LucasArts Smush video data.","CONFIRM:http://ffmpeg.org/security.html | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=39bbdebb1ed8eb9c9b0cd6db85afde6ba89d86e4 | MLIST:[debian-lts-announce] 20181220 [SECURITY] [DLA 1611-1] libav security update | URL:https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html | MLIST:[debian-lts-announce] 20181221 [SECURITY] [DLA 1611-2] libav security update | URL:https://lists.debian.org/debian-lts-announce/2018/12/msg00010.html | SECTRACK:1033483 | URL:http://www.securitytracker.com/id/1033483",Assigned (20150905),"None (candidate not yet proposed)","" CVE-2015-6823,Candidate,"The allocate_buffers function in libavcodec/alac.c in FFmpeg before 2.7.2 does not initialize certain context data, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted Apple Lossless Audio Codec (ALAC) data.","CONFIRM:http://ffmpeg.org/security.html | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=f7068bf277a37479aecde2832208d820682b35e6 | MLIST:[debian-lts-announce] 20181221 [SECURITY] [DLA 1611-2] libav security update | URL:https://lists.debian.org/debian-lts-announce/2018/12/msg00010.html | SECTRACK:1033483 | URL:http://www.securitytracker.com/id/1033483",Assigned (20150905),"None (candidate not yet proposed)","" CVE-2015-6824,Candidate,"The sws_init_context function in libswscale/utils.c in FFmpeg before 2.7.2 does not initialize certain pixbuf data structures, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted video data.","CONFIRM:http://ffmpeg.org/security.html | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=a5d44d5c220e12ca0cb7a4eceb0f74759cb13111 | MLIST:[debian-lts-announce] 20181221 [SECURITY] [DLA 1611-2] libav security update | URL:https://lists.debian.org/debian-lts-announce/2018/12/msg00010.html | SECTRACK:1033483 | URL:http://www.securitytracker.com/id/1033483 | UBUNTU:USN-2944-1 | URL:http://www.ubuntu.com/usn/USN-2944-1",Assigned (20150905),"None (candidate not yet proposed)","" CVE-2015-6825,Candidate,"The ff_frame_thread_init function in libavcodec/pthread_frame.c in FFmpeg before 2.7.2 mishandles certain memory-allocation failures, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via a crafted file, as demonstrated by an AVI file.","CONFIRM:http://ffmpeg.org/security.html | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=f1a38264f20382731cf2cc75fdd98f4c9a84a626 | MLIST:[debian-lts-announce] 20181220 [SECURITY] [DLA 1611-1] libav security update | URL:https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html | SECTRACK:1033483 | URL:http://www.securitytracker.com/id/1033483",Assigned (20150905),"None (candidate not yet proposed)","" CVE-2015-6826,Candidate,"The ff_rv34_decode_init_thread_copy function in libavcodec/rv34.c in FFmpeg before 2.7.2 does not initialize certain structure members, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via crafted (1) RV30 or (2) RV40 RealVideo data.","CONFIRM:http://ffmpeg.org/security.html | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3197c0aa87a3b7190e17d49e6fbc7b554e4b3f0a | MLIST:[debian-lts-announce] 20181220 [SECURITY] [DLA 1611-1] libav security update | URL:https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html | SECTRACK:1033483 | URL:http://www.securitytracker.com/id/1033483 | UBUNTU:USN-2944-1 | URL:http://www.ubuntu.com/usn/USN-2944-1",Assigned (20150905),"None (candidate not yet proposed)","" CVE-2015-8216,Candidate,"The ljpeg_decode_yuv_scan function in libavcodec/mjpegdec.c in FFmpeg before 2.8.2 omits certain width and height checks, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted MJPEG data.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=d24888ef19ba38b787b11d1ee091a3d94920c76a | MLIST:[debian-lts-announce] 20181220 [SECURITY] [DLA 1611-1] libav security update | URL:https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html | SUSE:openSUSE-SU-2015:2120 | URL:http://lists.opensuse.org/opensuse-updates/2015-11/msg00146.html",Assigned (20151116),"None (candidate not yet proposed)","" CVE-2015-8217,Candidate,"The ff_hevc_parse_sps function in libavcodec/hevc_ps.c in FFmpeg before 2.8.2 does not validate the Chroma Format Indicator, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted High Efficiency Video Coding (HEVC) data.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=93f30f825c08477fe8f76be00539e96014cc83c8 | MLIST:[debian-lts-announce] 20181220 [SECURITY] [DLA 1611-1] libav security update | URL:https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html | SUSE:openSUSE-SU-2015:2120 | URL:http://lists.opensuse.org/opensuse-updates/2015-11/msg00146.html",Assigned (20151116),"None (candidate not yet proposed)","" CVE-2015-8218,Candidate,"The decode_uncompressed function in libavcodec/faxcompr.c in FFmpeg before 2.8.2 does not validate uncompressed runs, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted CCITT FAX data.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=d4a731b84a08f0f3839eaaaf82e97d8d9c67da46 | SUSE:openSUSE-SU-2015:2120 | URL:http://lists.opensuse.org/opensuse-updates/2015-11/msg00146.html",Assigned (20151116),"None (candidate not yet proposed)","" CVE-2015-8219,Candidate,"The init_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.2 does not enforce minimum-value and maximum-value constraints on tile coordinates, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 data.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=43492ff3ab68a343c1264801baa1d5a02de10167 | SUSE:openSUSE-SU-2015:2120 | URL:http://lists.opensuse.org/opensuse-updates/2015-11/msg00146.html",Assigned (20151116),"None (candidate not yet proposed)","" CVE-2015-8363,Candidate,"The jpeg2000_read_main_headers function in libavcodec/jpeg2000dec.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 does not enforce uniqueness of the SIZ marker in a JPEG 2000 image, which allows remote attackers to cause a denial of service (out-of-bounds heap-memory access) or possibly have unspecified other impact via a crafted image with two or more of these markers.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=44a7f17d0b20e6f8d836b2957e3e357b639f19a2 | MLIST:[debian-lts-announce] 20181220 [SECURITY] [DLA 1611-1] libav security update | URL:https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html | SUSE:openSUSE-SU-2015:2370 | URL:http://lists.opensuse.org/opensuse-updates/2015-12/msg00118.html",Assigned (20151126),"None (candidate not yet proposed)","" CVE-2015-8364,Candidate,"Integer overflow in the ff_ivi_init_planes function in libavcodec/ivi.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 allows remote attackers to cause a denial of service (out-of-bounds heap-memory access) or possibly have unspecified other impact via crafted image dimensions in Indeo Video Interactive data.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=df91aa034b82b77a3c4e01791f4a2b2ff6c82066 | MLIST:[debian-lts-announce] 20181220 [SECURITY] [DLA 1611-1] libav security update | URL:https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html | SUSE:openSUSE-SU-2015:2370 | URL:http://lists.opensuse.org/opensuse-updates/2015-12/msg00118.html | UBUNTU:USN-2944-1 | URL:http://www.ubuntu.com/usn/USN-2944-1",Assigned (20151126),"None (candidate not yet proposed)","" CVE-2015-8365,Candidate,"The smka_decode_frame function in libavcodec/smacker.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 does not verify that the data size is consistent with the number of channels, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Smacker data.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=4a9af07a49295e014b059c1ab624c40345af5892 | DEBIAN:DSA-4012 | URL:http://www.debian.org/security/2017/dsa-4012 | SUSE:openSUSE-SU-2015:2370 | URL:http://lists.opensuse.org/opensuse-updates/2015-12/msg00118.html | UBUNTU:USN-2944-1 | URL:http://www.ubuntu.com/usn/USN-2944-1",Assigned (20151126),"None (candidate not yet proposed)","" CVE-2015-8480,Candidate,"The VideoFramePool::PoolImpl::CreateFrame function in media/base/video_frame_pool.cc in Google Chrome before 47.0.2526.73 does not initialize memory for a video-frame data structure, which might allow remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact by leveraging improper interaction with the vp3_h_loop_filter_c function in libavcodec/vp3dsp.c in FFmpeg.","CONFIRM:http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html | CONFIRM:https://code.google.com/p/chromium/issues/detail?id=514759",Assigned (20151205),"None (candidate not yet proposed)","" CVE-2015-8661,Candidate,"The h264_slice_header_init function in libavcodec/h264_slice.c in FFmpeg before 2.8.3 does not validate the relationship between the number of threads and the number of slices, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted H.264 data.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=4ea4d2f438c9a7eba37980c9a87be4b34943e4d5 | MLIST:[debian-lts-announce] 20181220 [SECURITY] [DLA 1611-1] libav security update | URL:https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html | SECTRACK:1034539 | URL:http://www.securitytracker.com/id/1034539 | SUSE:openSUSE-SU-2016:0089 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00004.html",Assigned (20151223),"None (candidate not yet proposed)","" CVE-2015-8662,Candidate,"The ff_dwt_decode function in libavcodec/jpeg2000dwt.c in FFmpeg before 2.8.4 does not validate the number of decomposition levels before proceeding with Discrete Wavelet Transform decoding, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 data.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=75422280fbcdfbe9dc56bde5525b4d8b280f1bc5 | MLIST:[debian-lts-announce] 20181220 [SECURITY] [DLA 1611-1] libav security update | URL:https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html | SECTRACK:1034539 | URL:http://www.securitytracker.com/id/1034539 | SUSE:openSUSE-SU-2016:0089 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00004.html",Assigned (20151223),"None (candidate not yet proposed)","" CVE-2015-8663,Candidate,"The ff_get_buffer function in libavcodec/utils.c in FFmpeg before 2.8.4 preserves width and height values after a failure, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .mov file.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=abee0a1c60612e8638640a8a3738fffb65e16dbf | MLIST:[debian-lts-announce] 20181220 [SECURITY] [DLA 1611-1] libav security update | URL:https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html | SECTRACK:1034539 | URL:http://www.securitytracker.com/id/1034539 | SUSE:openSUSE-SU-2016:0089 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00004.html",Assigned (20151223),"None (candidate not yet proposed)","" CVE-2016-10190,Candidate,"Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote web servers to execute arbitrary code via a negative chunk size in an HTTP response.","BID:95986 | URL:http://www.securityfocus.com/bid/95986 | CONFIRM:https://ffmpeg.org/security.html | CONFIRM:https://github.com/FFmpeg/FFmpeg/commit/2a05c8f813de6f2278827734bf8102291e7484aa | CONFIRM:https://trac.ffmpeg.org/ticket/5992 | MLIST:[debian-lts-announce] 20181220 [SECURITY] [DLA 1611-1] libav security update | URL:https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html | MLIST:[oss-security] 20170201 CVE Request: ffmpeg remote exploitaion results code execution | URL:http://www.openwall.com/lists/oss-security/2017/01/31/12 | MLIST:[oss-security] 20170202 Re: CVE Request: ffmpeg remote exploitaion results code execution | URL:http://www.openwall.com/lists/oss-security/2017/02/02/1",Assigned (20170201),"None (candidate not yet proposed)","" CVE-2016-10191,Candidate,"Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check for RTMP packet size mismatches.","BID:95989 | URL:http://www.securityfocus.com/bid/95989 | CONFIRM:https://ffmpeg.org/security.html | CONFIRM:https://github.com/FFmpeg/FFmpeg/commit/7d57ca4d9a75562fa32e40766211de150f8b3ee7 | MLIST:[debian-lts-announce] 20181220 [SECURITY] [DLA 1611-1] libav security update | URL:https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html | MLIST:[oss-security] 20170201 CVE Request: ffmpeg remote exploitaion results code execution | URL:http://www.openwall.com/lists/oss-security/2017/01/31/12 | MLIST:[oss-security] 20170202 Re: CVE Request: ffmpeg remote exploitaion results code execution | URL:http://www.openwall.com/lists/oss-security/2017/02/02/1",Assigned (20170201),"None (candidate not yet proposed)","" CVE-2016-10192,Candidate,"Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check chunk size.","BID:95991 | URL:http://www.securityfocus.com/bid/95991 | CONFIRM:https://ffmpeg.org/security.html | CONFIRM:https://github.com/FFmpeg/FFmpeg/commit/a5d25faa3f4b18dac737fdb35d0dd68eb0dc2156 | MLIST:[oss-security] 20170201 CVE Request: ffmpeg remote exploitaion results code execution | URL:http://www.openwall.com/lists/oss-security/2017/01/31/12 | MLIST:[oss-security] 20170202 Re: CVE Request: ffmpeg remote exploitaion results code execution | URL:http://www.openwall.com/lists/oss-security/2017/02/02/1",Assigned (20170201),"None (candidate not yet proposed)","" CVE-2016-1897,Candidate,"FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the concat protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains the first line of a local file.","BID:80501 | URL:http://www.securityfocus.com/bid/80501 | CERT-VN:VU#772447 | URL:https://www.kb.cert.org/vuls/id/772447 | DEBIAN:DSA-3506 | URL:http://www.debian.org/security/2016/dsa-3506 | GENTOO:GLSA-201606-09 | URL:https://security.gentoo.org/glsa/201606-09 | GENTOO:GLSA-201705-08 | URL:https://security.gentoo.org/glsa/201705-08 | MISC:http://habrahabr.ru/company/mailru/blog/274855 | MISC:http://security.stackexchange.com/questions/110644 | MLIST:[oss-security] 20160114 Re: Fwd: FFmpeg: stealing local files with HLS+concat | URL:http://www.openwall.com/lists/oss-security/2016/01/14/1 | SECTRACK:1034932 | URL:http://www.securitytracker.com/id/1034932 | SLACKWARE:SSA:2016-034-02 | URL:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.529036 | SUSE:openSUSE-SU-2016:0243 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00034.html | UBUNTU:USN-2944-1 | URL:http://www.ubuntu.com/usn/USN-2944-1",Assigned (20160114),"None (candidate not yet proposed)","" CVE-2016-1898,Candidate,"FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the subfile protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains an arbitrary line of a local file.","BID:80501 | URL:http://www.securityfocus.com/bid/80501 | CERT-VN:VU#772447 | URL:https://www.kb.cert.org/vuls/id/772447 | DEBIAN:DSA-3506 | URL:http://www.debian.org/security/2016/dsa-3506 | GENTOO:GLSA-201606-09 | URL:https://security.gentoo.org/glsa/201606-09 | GENTOO:GLSA-201705-08 | URL:https://security.gentoo.org/glsa/201705-08 | MISC:http://habrahabr.ru/company/mailru/blog/274855 | MLIST:[oss-security] 20160114 Re: Fwd: FFmpeg: stealing local files with HLS+concat | URL:http://www.openwall.com/lists/oss-security/2016/01/14/1 | SECTRACK:1034932 | URL:http://www.securitytracker.com/id/1034932 | SLACKWARE:SSA:2016-034-02 | URL:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.529036 | SUSE:openSUSE-SU-2016:0243 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00034.html | UBUNTU:USN-2944-1 | URL:http://www.ubuntu.com/usn/USN-2944-1",Assigned (20160114),"None (candidate not yet proposed)","" CVE-2016-2213,Candidate,"The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.6 allows remote attackers to cause a denial of service (out-of-bounds array read access) via crafted JPEG 2000 data.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=0aada30510d809bccfd539a90ea37b61188f2cb4 | GENTOO:GLSA-201606-09 | URL:https://security.gentoo.org/glsa/201606-09 | SECTRACK:1034923 | URL:http://www.securitytracker.com/id/1034923",Assigned (20160203),"None (candidate not yet proposed)","" CVE-2016-2326,Candidate,"Integer overflow in the asf_write_packet function in libavformat/asfenc.c in FFmpeg before 2.8.5 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PTS (aka presentation timestamp) value in a .mov file.","BID:84165 | URL:http://www.securityfocus.com/bid/84165 | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7c0b84d89911b2035161f5ef51aafbfcc84aa9e2 | DEBIAN:DSA-3506 | URL:http://www.debian.org/security/2016/dsa-3506 | GENTOO:GLSA-201606-09 | URL:https://security.gentoo.org/glsa/201606-09 | GENTOO:GLSA-201705-08 | URL:https://security.gentoo.org/glsa/201705-08 | SECTRACK:1035010 | URL:http://www.securitytracker.com/id/1035010 | UBUNTU:USN-2944-1 | URL:http://www.ubuntu.com/usn/USN-2944-1",Assigned (20160211),"None (candidate not yet proposed)","" CVE-2016-2327,Candidate,"libavcodec/pngenc.c in FFmpeg before 2.8.5 uses incorrect line sizes in certain row calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .avi file, related to the apng_encode_frame and encode_apng functions.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7ec9c5ce8a753175244da971fed9f1e25aef7971 | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8f4c3e4b92212d98f5b9ca2dee13e076effe9589 | GENTOO:GLSA-201606-09 | URL:https://security.gentoo.org/glsa/201606-09 | SECTRACK:1035010 | URL:http://www.securitytracker.com/id/1035010",Assigned (20160211),"None (candidate not yet proposed)","" CVE-2016-2328,Candidate,"libswscale/swscale_unscaled.c in FFmpeg before 2.8.6 does not validate certain height values, which allows remote attackers to cause a denial of service (out-of-bounds array read access) or possibly have unspecified other impact via a crafted .cine file, related to the bayer_to_rgb24_wrapper and bayer_to_yv12_wrapper functions.","CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=757248ea3cd917a7755cb15f817a9b1f15578718 | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=ad3b6fa7d83db7de951ed891649af93a47e74be5 | GENTOO:GLSA-201606-09 | URL:https://security.gentoo.org/glsa/201606-09 | SECTRACK:1035010 | URL:http://www.securitytracker.com/id/1035010",Assigned (20160211),"None (candidate not yet proposed)","" CVE-2016-2329,Candidate,"libavcodec/tiff.c in FFmpeg before 2.8.6 does not properly validate RowsPerStrip values and YCbCr chrominance subsampling factors, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted TIFF file, related to the tiff_decode_tag and decode_frame functions.","BID:84212 | URL:http://www.securityfocus.com/bid/84212 | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=89f464e9c229006e16f6bb5403c5529fdd0a9edd | GENTOO:GLSA-201606-09 | URL:https://security.gentoo.org/glsa/201606-09 | SECTRACK:1035010 | URL:http://www.securitytracker.com/id/1035010 | SUSE:openSUSE-SU-2016:0528 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00129.html",Assigned (20160211),"None (candidate not yet proposed)","" CVE-2016-2330,Candidate,"libavcodec/gif.c in FFmpeg before 2.8.6 does not properly calculate a buffer size, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .tga file, related to the gif_image_write_image, gif_encode_init, and gif_encode_close functions.","BID:84217 | URL:http://www.securityfocus.com/bid/84217 | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=03d83ba34b2070878909eae18dfac0f519503777 | GENTOO:GLSA-201606-09 | URL:https://security.gentoo.org/glsa/201606-09 | SECTRACK:1035010 | URL:http://www.securitytracker.com/id/1035010 | UBUNTU:USN-2944-1 | URL:http://www.ubuntu.com/usn/USN-2944-1",Assigned (20160211),"None (candidate not yet proposed)","" CVE-2016-2839,Candidate,"Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 on Linux make cairo _cairo_surface_get_extents calls that do not properly interact with libav header allocation in FFmpeg 0.10, which allows remote attackers to cause a denial of service (application crash) via a crafted video.","BID:92261 | URL:http://www.securityfocus.com/bid/92261 | CONFIRM:http://www.mozilla.org/security/announce/2016/mfsa2016-65.html | CONFIRM:https://bugzilla.mozilla.org/show_bug.cgi?id=1275339 | GENTOO:GLSA-201701-15 | URL:https://security.gentoo.org/glsa/201701-15 | SECTRACK:1036508 | URL:http://www.securitytracker.com/id/1036508 | SUSE:openSUSE-SU-2016:1964 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html | SUSE:openSUSE-SU-2016:2026 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html | UBUNTU:USN-3044-1 | URL:http://www.ubuntu.com/usn/USN-3044-1",Assigned (20160301),"None (candidate not yet proposed)","" CVE-2016-3062,Candidate,"The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file.","CONFIRM:https://bugzilla.libav.org/show_bug.cgi?id=929 | CONFIRM:https://ffmpeg.org/security.html | CONFIRM:https://git.libav.org/?p=libav.git;a=commit;h=7e01d48cfd168c3dfc663f03a3b6a98e0ecba328 | CONFIRM:https://github.com/FFmpeg/FFmpeg/commit/689e59b7ffed34eba6159dcc78e87133862e3746 | CONFIRM:https://libav.org/releases/libav-11.7.changelog | DEBIAN:DSA-3603 | URL:http://www.debian.org/security/2016/dsa-3603 | GENTOO:GLSA-201705-08 | URL:https://security.gentoo.org/glsa/201705-08 | SUSE:openSUSE-SU-2016:1685 | URL:http://lists.opensuse.org/opensuse-updates/2016-06/msg00105.html",Assigned (20160309),"None (candidate not yet proposed)","" CVE-2016-5199,Candidate,"An off by one error resulting in an allocation of zero size in FFmpeg in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted video file.","BID:94196 | URL:http://www.securityfocus.com/bid/94196 | CONFIRM:https://chromereleases.googleblog.com/2016/11/stable-channel-update-for-desktop_9.html | CONFIRM:https://crbug.com/643948 | GENTOO:GLSA-201611-16 | URL:https://security.gentoo.org/glsa/201611-16 | REDHAT:RHSA-2016:2718 | URL:http://rhn.redhat.com/errata/RHSA-2016-2718.html | SECTRACK:1037273 | URL:http://www.securitytracker.com/id/1037273",Assigned (20160531),"None (candidate not yet proposed)","" CVE-2016-6164,Candidate,"Integer overflow in the mov_build_index function in libavformat/mov.c in FFmpeg before 2.8.8, 3.0.x before 3.0.3 and 3.1.x before 3.1.1 allows remote attackers to have unspecified impact via vectors involving sample size.","BID:95862 | URL:http://www.securityfocus.com/bid/95862 | CONFIRM:http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8a3221cc67a516dfc1700bdae3566ec52c7ee823 | CONFIRM:https://www.ffmpeg.org/security.html",Assigned (20160705),"None (candidate not yet proposed)","" CVE-2016-6671,Candidate,"The raw_decode function in libavcodec/rawdec.c in FFmpeg before 3.1.2 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted SWF file.","BID:92447 | URL:http://www.securityfocus.com/bid/92447 | MLIST:[oss-security] 20160812 [CVE-2016-6671] ffmpeg buffer overflow when decoding swf | URL:http://www.openwall.com/lists/oss-security/2016/08/12/6",Assigned (20160811),"None (candidate not yet proposed)","" CVE-2016-6881,Candidate,"The zlib_refill function in libavformat/swfdec.c in FFmpeg before 3.1.3 allows remote attackers to cause an infinite loop denial of service via a crafted SWF file.","BID:93163 | URL:http://www.securityfocus.com/bid/93163 | MLIST:[oss-security] 20160926 [CVE-2016-6881] ffmpeg endless loop when dealing with craft swf file. | URL:http://www.openwall.com/lists/oss-security/2016/09/26/6",Assigned (20160819),"None (candidate not yet proposed)","" CVE-2016-6920,Candidate,"Heap-based buffer overflow in the decode_block function in libavcodec/exr.c in FFmpeg before 3.1.3 allows remote attackers to cause a denial of service (application crash) via vectors involving tile positions.","BID:92664 | URL:http://www.securityfocus.com/bid/92664 | BID:92790 | URL:http://www.securityfocus.com/bid/92790 | BUGTRAQ:20160907 CVE-2016-6920 ffmpeg exr file Heap Overflow | URL:http://www.securityfocus.com/archive/1/539368/100/0/threaded | CONFIRM:http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=79f52a0dbd484aad111e4bf4a4f7047c7ceb6137 | CONFIRM:https://www.ffmpeg.org/security.html | MISC:http://packetstormsecurity.com/files/138618/ffmpeg-3.1.2-Heap-Overflow.html",Assigned (20160823),"None (candidate not yet proposed)","" CVE-2016-7122,Candidate,"The avi_read_nikon function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to infinite loop when it decodes an AVI file that has a crafted 'nctg' structure.","BID:94839 | URL:http://www.securityfocus.com/bid/94839 | GENTOO:GLSA-201701-71 | URL:https://security.gentoo.org/glsa/201701-71 | MLIST:[oss-security] 20161008 ffmpeg before 3.1.4 [CVE-2016-7562] [CVE-2016-7122] [CVE-2016-7450] [CVE-2016-7502] [CVE-2016-7555] [CVE-2016-7785] [CVE-2016-7905] | URL:http://www.openwall.com/lists/oss-security/2016/10/08/1",Assigned (20160902),"None (candidate not yet proposed)","" CVE-2016-7450,Candidate,"The ff_log2_16bit_c function in libavutil/intmath.h in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when it decodes a malformed AIFF file.","BID:94841 | URL:http://www.securityfocus.com/bid/94841 | GENTOO:GLSA-201701-71 | URL:https://security.gentoo.org/glsa/201701-71 | MLIST:[oss-security] 20161008 ffmpeg before 3.1.4 [CVE-2016-7562] [CVE-2016-7122] [CVE-2016-7450] [CVE-2016-7502] [CVE-2016-7555] [CVE-2016-7785] [CVE-2016-7905] | URL:http://www.openwall.com/lists/oss-security/2016/10/08/1",Assigned (20160909),"None (candidate not yet proposed)","" CVE-2016-7502,Candidate,"The cavs_idct8_add_c function in libavcodec/cavsdsp.c in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when decoding with cavs_decode.","BID:94834 | URL:http://www.securityfocus.com/bid/94834 | GENTOO:GLSA-201701-71 | URL:https://security.gentoo.org/glsa/201701-71 | MLIST:[oss-security] 20161008 ffmpeg before 3.1.4 [CVE-2016-7562] [CVE-2016-7122] [CVE-2016-7450] [CVE-2016-7502] [CVE-2016-7555] [CVE-2016-7785] [CVE-2016-7905] | URL:http://www.openwall.com/lists/oss-security/2016/10/08/1",Assigned (20160909),"None (candidate not yet proposed)","" CVE-2016-7555,Candidate,"The avi_read_header function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to memory leak when decoding an AVI file that has a crafted ""strh"" structure.","BID:94838 | URL:http://www.securityfocus.com/bid/94838 | GENTOO:GLSA-201701-71 | URL:https://security.gentoo.org/glsa/201701-71 | MLIST:[oss-security] 20161008 ffmpeg before 3.1.4 [CVE-2016-7562] [CVE-2016-7122] [CVE-2016-7450] [CVE-2016-7502] [CVE-2016-7555] [CVE-2016-7785] [CVE-2016-7905] | URL:http://www.openwall.com/lists/oss-security/2016/10/08/1",Assigned (20160909),"None (candidate not yet proposed)","" CVE-2016-7562,Candidate,"The ff_draw_pc_font function in libavcodec/cga_data.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (buffer overflow) via a crafted AVI file.","BID:94835 | URL:http://www.securityfocus.com/bid/94835 | GENTOO:GLSA-201701-71 | URL:https://security.gentoo.org/glsa/201701-71 | MLIST:[oss-security] 20161008 ffmpeg before 3.1.4 [CVE-2016-7562] [CVE-2016-7122] [CVE-2016-7450] [CVE-2016-7502] [CVE-2016-7555] [CVE-2016-7785] [CVE-2016-7905] | URL:http://www.openwall.com/lists/oss-security/2016/10/08/1",Assigned (20160909),"None (candidate not yet proposed)","" CVE-2016-7785,Candidate,"The avi_read_seek function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file.","BID:94833 | URL:http://www.securityfocus.com/bid/94833 | GENTOO:GLSA-201701-71 | URL:https://security.gentoo.org/glsa/201701-71 | MLIST:[oss-security] 20161008 ffmpeg before 3.1.4 [CVE-2016-7562] [CVE-2016-7122] [CVE-2016-7450] [CVE-2016-7502] [CVE-2016-7555] [CVE-2016-7785] [CVE-2016-7905] | URL:http://www.openwall.com/lists/oss-security/2016/10/08/1",Assigned (20160909),"None (candidate not yet proposed)","" CVE-2016-7905,Candidate,"The read_gab2_sub function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (NULL pointer used) via a crafted AVI file.","BID:94837 | URL:http://www.securityfocus.com/bid/94837 | GENTOO:GLSA-201701-71 | URL:https://security.gentoo.org/glsa/201701-71 | MLIST:[oss-security] 20161008 ffmpeg before 3.1.4 [CVE-2016-7562] [CVE-2016-7122] [CVE-2016-7450] [CVE-2016-7502] [CVE-2016-7555] [CVE-2016-7785] [CVE-2016-7905] | URL:http://www.openwall.com/lists/oss-security/2016/10/08/1",Assigned (20160909),"None (candidate not yet proposed)","" CVE-2016-8595,Candidate,"The gsm_parse function in libavcodec/gsm_parser.c in FFmpeg before 3.1.5 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file.","BID:94757 | URL:http://www.securityfocus.com/bid/94757 | MLIST:[oss-security] 20161208 [CVE-2016-8595] ffmpeg crashes with an assert | URL:http://www.openwall.com/lists/oss-security/2016/12/08/2",Assigned (20161011),"None (candidate not yet proposed)","" CVE-2016-9561,Candidate,"The che_configure function in libavcodec/aacdec_template.c in FFmpeg before 3.2.1 allows remote attackers to cause a denial of service (allocation of huge memory, and being killed by the OS) via a crafted MOV file.","BID:94756 | URL:http://www.securityfocus.com/bid/94756 | MLIST:[oss-security] 20161208 [CVE-2016-9561] ffmpeg crashes on decoding MOV file | URL:http://www.openwall.com/lists/oss-security/2016/12/08/1",Assigned (20161122),"None (candidate not yet proposed)","" CVE-2017-1000460,Candidate,"In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), chromium(56 prior Feb 13, 2017), the return value of init_get_bits is ignored and get_ue_golomb(&gb) is called on an uninitialized get_bits context, which causes a NULL deref exception.","MISC:https://bugzilla.libav.org/show_bug.cgi?id=952 | MISC:https://chromium.googlesource.com/chromium/third_party/ffmpeg/+/8e313ca08800178efce00045e07dc494d437b70c | MISC:https://lists.ffmpeg.org/pipermail/ffmpeg-cvslog/2017-January/104221.html | MLIST:[debian-lts-announce] 20190330 [SECURITY] [DLA 1740-1] libav security update | URL:https://lists.debian.org/debian-lts-announce/2019/03/msg00041.html",Assigned (20180103),"None (candidate not yet proposed)","" CVE-2017-11399,Candidate,"Integer overflow in the ape_decode_frame function in libavcodec/apedec.c in FFmpeg 2.4 through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access and application crash) or possibly have unspecified other impact via a crafted APE file.","BID:100019 | URL:http://www.securityfocus.com/bid/100019 | CONFIRM:https://github.com/FFmpeg/FFmpeg/commit/ba4beaf6149f7241c8bd85fe853318c2f6837ad0 | DEBIAN:DSA-3957 | URL:http://www.debian.org/security/2017/dsa-3957 | MISC:https://github.com/FFmpeg/FFmpeg/commit/96349da5ec8eda9f0368446e557fe0c8ba0e66b7",Assigned (20170717),"None (candidate not yet proposed)","" CVE-2017-11665,Candidate,"The ff_amf_get_field_value function in libavformat/rtmppkt.c in FFmpeg 3.3.2 allows remote RTMP servers to cause a denial of service (Segmentation Violation and application crash) via a crafted stream.","BID:100017 | URL:http://www.securityfocus.com/bid/100017 | DEBIAN:DSA-3957 | URL:http://www.debian.org/security/2017/dsa-3957 | MISC:https://github.com/FFmpeg/FFmpeg/commit/ffcc82219cef0928bed2d558b19ef6ea35634130",Assigned (20170726),"None (candidate not yet proposed)","" CVE-2017-11719,Candidate,"The dnxhd_decode_header function in libavcodec/dnxhddec.c in FFmpeg 3.0 through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a crafted DNxHD file.","BID:100020 | URL:http://www.securityfocus.com/bid/100020 | CONFIRM:https://github.com/FFmpeg/FFmpeg/commit/296debd213bd6dce7647cedd34eb64e5b94cdc92 | DEBIAN:DSA-3957 | URL:http://www.debian.org/security/2017/dsa-3957 | MISC:https://github.com/FFmpeg/FFmpeg/commit/f31fc4755f69ab26bf6e8be47875b7dcede8e29e",Assigned (20170727),"None (candidate not yet proposed)","" CVE-2017-14054,Candidate,"In libavformat/rmdec.c in FFmpeg 3.3.3, a DoS in ivr_read_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted IVR file, which claims a large ""len"" field in the header but does not contain sufficient backing data, is provided, the first type==4 loop would consume huge CPU resources, since there is no EOF check inside the loop.","BID:100627 | URL:http://www.securityfocus.com/bid/100627 | CONFIRM:https://github.com/FFmpeg/FFmpeg/commit/124eb202e70678539544f6268efc98131f19fa49 | DEBIAN:DSA-3996 | URL:http://www.debian.org/security/2017/dsa-3996",Assigned (20170831),"None (candidate not yet proposed)","" CVE-2017-14055,Candidate,"In libavformat/mvdec.c in FFmpeg 3.3.3, a DoS in mv_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MV file, which claims a large ""nb_frames"" field in the header but does not contain sufficient backing data, is provided, the loop over the frames would consume huge CPU and memory resources, since there is no EOF check inside the loop.","BID:100626 | URL:http://www.securityfocus.com/bid/100626 | CONFIRM:https://github.com/FFmpeg/FFmpeg/commit/4f05e2e2dc1a89f38cd9f0960a6561083d714f1e | DEBIAN:DSA-3996 | URL:http://www.debian.org/security/2017/dsa-3996 | MLIST:[debian-lts-announce] 20190107 [SECURITY] [DLA 1630-1] libav security update | URL:https://lists.debian.org/debian-lts-announce/2019/01/msg00006.html",Assigned (20170831),"None (candidate not yet proposed)","" CVE-2017-14056,Candidate,"In libavformat/rl2.c in FFmpeg 3.3.3, a DoS in rl2_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted RL2 file, which claims a large ""frame_count"" field in the header but does not contain sufficient backing data, is provided, the loops (for offset and size tables) would consume huge CPU and memory resources, since there is no EOF check inside these loops.","BID:100628 | URL:http://www.securityfocus.com/bid/100628 | CONFIRM:https://github.com/FFmpeg/FFmpeg/commit/96f24d1bee7fe7bac08e2b7c74db1a046c9dc0de | DEBIAN:DSA-3996 | URL:http://www.debian.org/security/2017/dsa-3996 | MLIST:[debian-lts-announce] 20190107 [SECURITY] [DLA 1630-1] libav security update | URL:https://lists.debian.org/debian-lts-announce/2019/01/msg00006.html",Assigned (20170831),"None (candidate not yet proposed)","" CVE-2017-14057,Candidate,"In FFmpeg 3.3.3, a DoS in asf_read_marker() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted ASF file, which claims a large ""name_len"" or ""count"" field in the header but does not contain sufficient backing data, is provided, the loops over the name and markers would consume huge CPU and memory resources, since there is no EOF check inside these loops.","BID:100630 | URL:http://www.securityfocus.com/bid/100630 | CONFIRM:https://github.com/FFmpeg/FFmpeg/commit/7f9ec5593e04827249e7aeb466da06a98a0d7329 | DEBIAN:DSA-3996 | URL:http://www.debian.org/security/2017/dsa-3996 | MLIST:[debian-lts-announce] 20190107 [SECURITY] [DLA 1630-1] libav security update | URL:https://lists.debian.org/debian-lts-announce/2019/01/msg00006.html",Assigned (20170831),"None (candidate not yet proposed)","" CVE-2017-14058,Candidate,"In FFmpeg 2.4 and 3.3.3, the read_data function in libavformat/hls.c does not restrict reload attempts for an insufficient list, which allows remote attackers to cause a denial of service (infinite loop).","BID:100629 | URL:http://www.securityfocus.com/bid/100629 | CONFIRM:https://github.com/FFmpeg/FFmpeg/commit/7ec414892ddcad88313848494b6fc5f437c9ca4a | DEBIAN:DSA-3996 | URL:http://www.debian.org/security/2017/dsa-3996 | MISC:https://github.com/FFmpeg/FFmpeg/commit/7ba100d3e6e8b1e5d5342feb960a7f081d6e15af | MLIST:[debian-lts-announce] 20190330 [SECURITY] [DLA 1740-1] libav security update | URL:https://lists.debian.org/debian-lts-announce/2019/03/msg00041.html",Assigned (20170831),"None (candidate not yet proposed)","" CVE-2017-14059,Candidate,"In FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an EOF check might cause huge CPU and memory consumption. When a crafted CINE file, which claims a large ""duration"" field in the header but does not contain sufficient backing data, is provided, the image-offset parsing loop would consume huge CPU and memory resources, since there is no EOF check inside the loop.","BID:100631 | URL:http://www.securityfocus.com/bid/100631 | CONFIRM:https://github.com/FFmpeg/FFmpeg/commit/7e80b63ecd259d69d383623e75b318bf2bd491f6 | DEBIAN:DSA-3996 | URL:http://www.debian.org/security/2017/dsa-3996",Assigned (20170831),"None (candidate not yet proposed)","" CVE-2017-14169,Candidate,"In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, an integer signedness error might occur when a crafted file, which claims a large ""item_num"" field such as 0xffffffff, is provided. As a result, the variable ""item_num"" turns negative, bypassing the check for a large value.","BID:100692 | URL:http://www.securityfocus.com/bid/100692 | CONFIRM:https://github.com/FFmpeg/FFmpeg/commit/9d00fb9d70ee8c0cc7002b89318c5be00f1bbdad | CONFIRM:https://github.com/FFmpeg/FFmpeg/commit/a4e85b2e1c8d5b4bf0091157bbdeb0e457fb7b8f | DEBIAN:DSA-3996 | URL:http://www.debian.org/security/2017/dsa-3996 | MLIST:[debian-lts-announce] 20190206 [SECURITY] [DLA 1654-1] libav security update | URL:https://lists.debian.org/debian-lts-announce/2019/02/msg00005.html",Assigned (20170907),"None (candidate not yet proposed)","" CVE-2017-14170,Candidate,"In libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, a DoS in mxf_read_index_entry_array() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted MXF file, which claims a large ""nb_index_entries"" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU resources, since there is no EOF check inside the loop. Moreover, this big loop can be invoked multiple times if there is more than one applicable data segment in the crafted MXF file.","BID:100700 | URL:http://www.securityfocus.com/bid/100700 | CONFIRM:https://github.com/FFmpeg/FFmpeg/commit/900f39692ca0337a98a7cf047e4e2611071810c2 | DEBIAN:DSA-3996 | URL:http://www.debian.org/security/2017/dsa-3996 | MISC:https://github.com/FFmpeg/FFmpeg/commit/f173cdfe669556aa92857adafe60cbe5f2aa1210 | MLIST:[debian-lts-announce] 20190107 [SECURITY] [DLA 1630-1] libav security update | URL:https://lists.debian.org/debian-lts-announce/2019/01/msg00006.html",Assigned (20170907),"None (candidate not yet proposed)","" CVE-2017-14171,Candidate,"In libavformat/nsvdec.c in FFmpeg 2.4 and 3.3.3, a DoS in nsv_parse_NSVf_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted NSV file, which claims a large ""table_entries_used"" field in the header but does not contain sufficient backing data, is provided, the loop over 'table_entries_used' would consume huge CPU resources, since there is no EOF check inside the loop.","BID:100706 | URL:http://www.securityfocus.com/bid/100706 | CONFIRM:https://github.com/FFmpeg/FFmpeg/commit/c24bcb553650b91e9eff15ef6e54ca73de2453b7 | DEBIAN:DSA-3996 | URL:http://www.debian.org/security/2017/dsa-3996 | MLIST:[debian-lts-announce] 20190107 [SECURITY] [DLA 1630-1] libav security update | URL:https://lists.debian.org/debian-lts-announce/2019/01/msg00006.html",Assigned (20170907),"None (candidate not yet proposed)","" CVE-2017-14222,Candidate,"In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MOV file, which claims a large ""item_count"" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU and memory resources, since there is no EOF check inside the loop.","BID:100701 | URL:http://www.securityfocus.com/bid/100701 | CONFIRM:https://github.com/FFmpeg/FFmpeg/commit/9cb4eb772839c5e1de2855d126bf74ff16d13382 | DEBIAN:DSA-3996 | URL:http://www.debian.org/security/2017/dsa-3996",Assigned (20170908),"None (candidate not yet proposed)","" CVE-2017-14223,Candidate,"In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in asf_build_simple_index() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted ASF file, which claims a large ""ict"" field in the header but does not contain sufficient backing data, is provided, the for loop would consume huge CPU and memory resources, since there is no EOF check inside the loop.","BID:100703 | URL:http://www.securityfocus.com/bid/100703 | CONFIRM:https://github.com/FFmpeg/FFmpeg/commit/afc9c683ed9db01edb357bc8c19edad4282b3a97 | DEBIAN:DSA-3996 | URL:http://www.debian.org/security/2017/dsa-3996 | MLIST:[debian-lts-announce] 20190206 [SECURITY] [DLA 1654-1] libav security update | URL:https://lists.debian.org/debian-lts-announce/2019/02/msg00005.html",Assigned (20170908),"None (candidate not yet proposed)","" CVE-2017-14225,Candidate,"The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but callers do not anticipate this, as demonstrated by the avcodec_string function in libavcodec/utils.c, leading to a NULL pointer dereference. (It is also conceivable that there is security relevance for a NULL pointer dereference in av_color_primaries_name calls within the ffprobe command-line program.)","BID:100704 | URL:http://www.securityfocus.com/bid/100704 | DEBIAN:DSA-3996 | URL:http://www.debian.org/security/2017/dsa-3996 | MISC:https://github.com/FFmpeg/FFmpeg/commit/837cb4325b712ff1aab531bf41668933f61d75d2 | MISC:https://lists.ffmpeg.org/pipermail/ffmpeg-devel/2017-August/215198.html",Assigned (20170908),"None (candidate not yet proposed)","" CVE-2017-14767,Candidate,"The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c in FFmpeg before 3.3.4 mishandles empty sprop-parameter-sets values, which allows remote attackers to cause a denial of service (heap buffer overflow) or possibly have unspecified other impact via a crafted sdp file.","BID:101019 | URL:http://www.securityfocus.com/bid/101019 | CONFIRM:https://github.com/FFmpeg/FFmpeg/commit/c42a1388a6d1bfd8001bf6a4241d8ca27e49326d | DEBIAN:DSA-3996 | URL:http://www.debian.org/security/2017/dsa-3996 | MLIST:[debian-lts-announce] 20190107 [SECURITY] [DLA 1630-1] libav security update | URL:https://lists.debian.org/debian-lts-announce/2019/01/msg00006.html",Assigned (20170927),"None (candidate not yet proposed)","" CVE-2017-14795,Candidate,"The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with hls_pcm_sample in hevc.c in libavcodec in FFmpeg and put_pcm_var in hevcdsp_template.c in libavcodec in FFmpeg.","MISC:https://github.com/leonzhao7/vulnerability/blob/master/An%20Out-of-Bounds%20Read%20%28DoS%29%20Vulnerability%20in%20hevc.c%20of%20libbpg.md",Assigned (20170927),"None (candidate not yet proposed)","" CVE-2017-14796,Candidate,"The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (integer underflow and application crash) or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with copy_CTB_to_hv in hevc_filter.c in libavcodec in FFmpeg and sao_filter_CTB in hevc_filter.c in libavcodec in FFmpeg.","MISC:https://github.com/leonzhao7/vulnerability/blob/master/An%20integer%20underflow%20vulnerability%20in%20sao_filter_CTB%20of%20libbpg.md",Assigned (20170927),"None (candidate not yet proposed)","" CVE-2017-15186,Candidate,"Double free vulnerability in FFmpeg 3.3.4 and earlier allows remote attackers to cause a denial of service via a crafted AVI file.","BID:101518 | URL:http://www.securityfocus.com/bid/101518 | DEBIAN:DSA-4049 | URL:https://www.debian.org/security/2017/dsa-4049 | MLIST:[oss-security] 20171020 [CVE-2017-15186]: ffmpeg: Double free when ffmpeg parsing an craft AVI file to MKV file using ffvhuff decoder | URL:http://www.openwall.com/lists/oss-security/2017/10/20/4",Assigned (20171009),"None (candidate not yet proposed)","" CVE-2017-15672,Candidate,"The read_header function in libavcodec/ffv1dec.c in FFmpeg 2.4 and 3.3.4 and possibly earlier allows remote attackers to have unspecified impact via a crafted MP4 file, which triggers an out-of-bounds read.","BID:101690 | URL:http://www.securityfocus.com/bid/101690 | CONFIRM:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c20f4fcb74da2d0432c7b54499bb98f48236b904 | DEBIAN:DSA-4049 | URL:https://www.debian.org/security/2017/dsa-4049 | MISC:https://github.com/FFmpeg/FFmpeg/commit/d893253fcd93d11258e98857175e93be7d158708 | MLIST:[debian-lts-announce] 20190107 [SECURITY] [DLA 1630-1] libav security update | URL:https://lists.debian.org/debian-lts-announce/2019/01/msg00006.html | MLIST:[oss-security] 20171103 [CVE-2017-15672]: ffmpeg: read out of bounds of buffer when it parsing an craft mp4 file. | URL:http://www.openwall.com/lists/oss-security/2017/11/03/4",Assigned (20171020),"None (candidate not yet proposed)","" CVE-2017-16069,Candidate,"nodeffmpeg was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.","MISC:https://nodesecurity.io/advisories/508",Assigned (20171029),"None (candidate not yet proposed)","" CVE-2017-16840,Candidate,"The VC-2 Video Compression encoder in FFmpeg 3.0 and 3.4 allows remote attackers to cause a denial of service (out-of-bounds read) because of incorrect buffer padding for non-Haar wavelets, related to libavcodec/vc2enc.c and libavcodec/vc2enc_dwt.c.","BID:101924 | URL:http://www.securityfocus.com/bid/101924 | CONFIRM:https://github.com/FFmpeg/FFmpeg/commit/94e538aebbc9f9c529e8b1f2eda860cfb8c473b1 | DEBIAN:DSA-4049 | URL:https://www.debian.org/security/2017/dsa-4049 | MISC:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=a94cb36ab2ad99d3a1331c9f91831ef593d94f74",Assigned (20171115),"None (candidate not yet proposed)","" CVE-2017-17081,Candidate,"The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 2.3 and 3.4 does not properly validate widths and heights, which allows remote attackers to cause a denial of service (integer signedness error and out-of-array read) via a crafted MPEG file.","CONFIRM:https://github.com/FFmpeg/FFmpeg/commit/27f8d386829689c346ff0cef00d3af57b9fb8903 | DEBIAN:DSA-4099 | URL:https://www.debian.org/security/2018/dsa-4099 | MISC:https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3516#c1 | MISC:https://github.com/FFmpeg/FFmpeg/commit/58cf31cee7a456057f337b3102a03206d833d5e8 | MISC:https://lists.ffmpeg.org/pipermail/ffmpeg-devel/2017-November/219748.html",Assigned (20171130),"None (candidate not yet proposed)","" CVE-2017-17555,Candidate,"The swri_audio_convert function in audioconvert.c in FFmpeg libswresample through 3.0.101, as used in FFmpeg 3.4.1, aubio 0.4.6, and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted audio file.","MISC:https://github.com/IvanCql/vulnerability/blob/master/An%20NULL%20pointer%20dereference(DoS)%20Vulnerability%20was%20found%20in%20function%20swri_audio_convert%20of%20ffmpeg%20libswresample.md | SUSE:openSUSE-SU-2020:0024 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html",Assigned (20171211),"None (candidate not yet proposed)","" CVE-2017-5024,Candidate,"FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file.","BID:95792 | URL:http://www.securityfocus.com/bid/95792 | CONFIRM:https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html | CONFIRM:https://crbug.com/643951 | DEBIAN:DSA-3776 | URL:http://www.debian.org/security/2017/dsa-3776 | GENTOO:GLSA-201701-66 | URL:https://security.gentoo.org/glsa/201701-66 | GENTOO:GLSA-201705-05 | URL:https://security.gentoo.org/glsa/201705-05 | REDHAT:RHSA-2017:0206 | URL:http://rhn.redhat.com/errata/RHSA-2017-0206.html | SECTRACK:1037718 | URL:http://www.securitytracker.com/id/1037718",Assigned (20170102),"None (candidate not yet proposed)","" CVE-2017-5025,Candidate,"FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file.","BID:95792 | URL:http://www.securityfocus.com/bid/95792 | CONFIRM:https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html | CONFIRM:https://crbug.com/643950 | DEBIAN:DSA-3776 | URL:http://www.debian.org/security/2017/dsa-3776 | GENTOO:GLSA-201701-66 | URL:https://security.gentoo.org/glsa/201701-66 | GENTOO:GLSA-201705-05 | URL:https://security.gentoo.org/glsa/201705-05 | REDHAT:RHSA-2017:0206 | URL:http://rhn.redhat.com/errata/RHSA-2017-0206.html | SECTRACK:1037718 | URL:http://www.securitytracker.com/id/1037718",Assigned (20170102),"None (candidate not yet proposed)","" CVE-2017-5037,Candidate,"An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.","BID:96767 | URL:http://www.securityfocus.com/bid/96767 | CONFIRM:https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html | CONFIRM:https://crbug.com/679640 | DEBIAN:DSA-3810 | URL:http://www.debian.org/security/2017/dsa-3810 | GENTOO:GLSA-201704-02 | URL:https://security.gentoo.org/glsa/201704-02 | REDHAT:RHSA-2017:0499 | URL:http://rhn.redhat.com/errata/RHSA-2017-0499.html",Assigned (20170102),"None (candidate not yet proposed)","" CVE-2017-5047,Candidate,"An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.","CONFIRM:https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html | CONFIRM:https://crbug.com/679653",Assigned (20170102),"None (candidate not yet proposed)","" CVE-2017-5048,Candidate,"An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.","CONFIRM:https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html | CONFIRM:https://crbug.com/679647",Assigned (20170102),"None (candidate not yet proposed)","" CVE-2017-5049,Candidate,"An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.","CONFIRM:https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html | CONFIRM:https://crbug.com/679646",Assigned (20170102),"None (candidate not yet proposed)","" CVE-2017-5050,Candidate,"An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.","CONFIRM:https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html | CONFIRM:https://crbug.com/679645",Assigned (20170102),"None (candidate not yet proposed)","" CVE-2017-5051,Candidate,"An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.","CONFIRM:https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html | CONFIRM:https://crbug.com/679641",Assigned (20170102),"None (candidate not yet proposed)","" CVE-2017-7859,Candidate,"FFmpeg before 2017-03-05 has an out-of-bounds write caused by a heap-based buffer overflow related to the ff_h264_slice_context_init function in libavcodec/h264dec.c.","BID:97663 | URL:http://www.securityfocus.com/bid/97663 | MISC:https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=713",Assigned (20170414),"None (candidate not yet proposed)","" CVE-2017-7862,Candidate,"FFmpeg before 2017-02-07 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame function in libavcodec/pictordec.c.","BID:97676 | URL:http://www.securityfocus.com/bid/97676 | DEBIAN:DSA-4012 | URL:http://www.debian.org/security/2017/dsa-4012 | GENTOO:GLSA-201811-19 | URL:https://security.gentoo.org/glsa/201811-19 | MISC:https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=559 | MISC:https://github.com/FFmpeg/FFmpeg/commit/8c2ea3030af7b40a3c4275696fb5c76cdb80950a",Assigned (20170414),"None (candidate not yet proposed)","" CVE-2017-7863,Candidate,"FFmpeg before 2017-02-04 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame_common function in libavcodec/pngdec.c.","BID:97675 | URL:http://www.securityfocus.com/bid/97675 | MISC:https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=546 | MISC:https://github.com/FFmpeg/FFmpeg/commit/e477f09d0b3619f3d29173b2cd593e17e2d1978e | MLIST:[debian-lts-announce] 20190206 [SECURITY] [DLA 1654-1] libav security update | URL:https://lists.debian.org/debian-lts-announce/2019/02/msg00005.html",Assigned (20170414),"None (candidate not yet proposed)","" CVE-2017-7865,Candidate,"FFmpeg before 2017-01-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the ipvideo_decode_block_opcode_0xA function in libavcodec/interplayvideo.c and the avcodec_align_dimensions2 function in libavcodec/utils.c.","BID:97685 | URL:http://www.securityfocus.com/bid/97685 | MISC:https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=452 | MISC:https://github.com/FFmpeg/FFmpeg/commit/2080bc33717955a0e4268e738acf8c1eeddbf8cb | MLIST:[debian-lts-announce] 20190206 [SECURITY] [DLA 1654-1] libav security update | URL:https://lists.debian.org/debian-lts-announce/2019/02/msg00005.html",Assigned (20170414),"None (candidate not yet proposed)","" CVE-2017-7866,Candidate,"FFmpeg before 2017-01-23 has an out-of-bounds write caused by a stack-based buffer overflow related to the decode_zbuf function in libavcodec/pngdec.c.","BID:97664 | URL:http://www.securityfocus.com/bid/97664 | MISC:https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=444 | MISC:https://github.com/FFmpeg/FFmpeg/commit/e371f031b942d73e02c090170975561fabd5c264",Assigned (20170414),"None (candidate not yet proposed)","" CVE-2017-9608,Candidate,"The dnxhd decoder in FFmpeg before 3.2.6, and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted mov file.","BID:100348 | URL:http://www.securityfocus.com/bid/100348 | CONFIRM:https://github.com/FFmpeg/FFmpeg/commit/0a709e2a10b8288a0cc383547924ecfe285cef89 | CONFIRM:https://github.com/FFmpeg/FFmpeg/commit/31c1c0b46a7021802c3d1d18039fca30dba5a14e | CONFIRM:https://github.com/FFmpeg/FFmpeg/commit/611b35627488a8d0763e75c25ee0875c5b7987dd | DEBIAN:DSA-3957 | URL:https://www.debian.org/security/2017/dsa-3957 | MLIST:[oss-security] 20170814 [CVE-2017-9608] null-point-exception happened when ffmpeg using dnxhd decoder to parsing a crafted mv file. | URL:http://www.openwall.com/lists/oss-security/2017/08/14/1 | MLIST:[oss-security] 20170815 Re: [CVE-2017-9608] null-point-exception happened when ffmpeg using dnxhd decoder to parsing a crafted mv file. | URL:http://www.openwall.com/lists/oss-security/2017/08/15/8",Assigned (20170613),"None (candidate not yet proposed)","" CVE-2017-9990,Candidate,"Stack-based buffer overflow in the color_string_to_rgba function in libavcodec/xpmdec.c in FFmpeg 3.3 before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.","BID:99313 | URL:http://www.securityfocus.com/bid/99313 | MISC:https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1466 | MISC:https://github.com/FFmpeg/FFmpeg/commit/cb243972b121b1ae6b60a78ff55a0506c69f3879",Assigned (20170628),"None (candidate not yet proposed)","" CVE-2017-9991,Candidate,"Heap-based buffer overflow in the xwd_decode_frame function in libavcodec/xwddec.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.","BID:99316 | URL:http://www.securityfocus.com/bid/99316 | MISC:https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1399 | MISC:https://github.com/FFmpeg/FFmpeg/commit/441026fcb13ac23aa10edc312bdacb6445a0ad06",Assigned (20170628),"None (candidate not yet proposed)","" CVE-2017-9992,Candidate,"Heap-based buffer overflow in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.","BID:99319 | URL:http://www.securityfocus.com/bid/99319 | DEBIAN:DSA-4012 | URL:http://www.debian.org/security/2017/dsa-4012 | MISC:https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1345 | MISC:https://github.com/FFmpeg/FFmpeg/commit/f52fbf4f3ed02a7d872d8a102006f29b4421f360",Assigned (20170628),"None (candidate not yet proposed)","" CVE-2017-9993,Candidate,"FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streaming filename extensions and demuxer names, which allows attackers to read arbitrary files via crafted playlist data.","BID:99315 | URL:http://www.securityfocus.com/bid/99315 | DEBIAN:DSA-3957 | URL:http://www.debian.org/security/2017/dsa-3957 | MISC:https://github.com/FFmpeg/FFmpeg/commit/189ff4219644532bdfa7bab28dfedaee4d6d4021 | MISC:https://github.com/FFmpeg/FFmpeg/commit/a5d849b149ca67ced2d271dc84db0bc95a548abb | MLIST:[debian-lts-announce] 20190107 [SECURITY] [DLA 1630-1] libav security update | URL:https://lists.debian.org/debian-lts-announce/2019/01/msg00006.html",Assigned (20170628),"None (candidate not yet proposed)","" CVE-2017-9994,Candidate,"libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not ensure that pix_fmt is set, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the vp8_decode_mb_row_no_filter and pred8x8_128_dc_8_c functions.","BID:99317 | URL:http://www.securityfocus.com/bid/99317 | MISC:https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1434 | MISC:https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1435 | MISC:https://github.com/FFmpeg/FFmpeg/commit/6b5d3fb26fb4be48e4966e4b1d97c2165538d4ef | MLIST:[debian-lts-announce] 20190107 [SECURITY] [DLA 1630-1] libav security update | URL:https://lists.debian.org/debian-lts-announce/2019/01/msg00006.html",Assigned (20170628),"None (candidate not yet proposed)","" CVE-2017-9995,Candidate,"libavcodec/scpr.c in FFmpeg 3.3 before 3.3.1 does not properly validate height and width data, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.","BID:99320 | URL:http://www.securityfocus.com/bid/99320 | MISC:https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1478 | MISC:https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1519 | MISC:https://github.com/FFmpeg/FFmpeg/commit/2171dfae8c065878a2e130390eb78cf2947a5b69 | MISC:https://github.com/FFmpeg/FFmpeg/commit/7ac5067146613997bb38442cb022d7f41321a706",Assigned (20170628),"None (candidate not yet proposed)","" CVE-2017-9996,Candidate,"The cdxl_decode_frame function in libavcodec/cdxl.c in FFmpeg 2.8.x before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not exclude the CHUNKY format, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.","BID:99323 | URL:http://www.securityfocus.com/bid/99323 | MISC:https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1378 | MISC:https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1427 | MISC:https://github.com/FFmpeg/FFmpeg/commit/1e42736b95065c69a7481d0cf55247024f54b660 | MISC:https://github.com/FFmpeg/FFmpeg/commit/e1b60aad77c27ed5d4dfc11e5e6a05a38c70489d",Assigned (20170628),"None (candidate not yet proposed)","" CVE-2018-10001,Candidate,"The decode_init function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out of array read) via an AVI file.","BID:103732 | URL:http://www.securityfocus.com/bid/103732 | DEBIAN:DSA-4249 | URL:https://www.debian.org/security/2018/dsa-4249 | GENTOO:GLSA-202003-65 | URL:https://security.gentoo.org/glsa/202003-65 | MISC:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=47b7c68ae54560e2308bdb6be4fb076c73b93081",Assigned (20180410),"None (candidate not yet proposed)","" CVE-2018-12458,Candidate,"An improper integer type in the mpeg4_encode_gop_header function in libavcodec/mpeg4videoenc.c in FFmpeg 2.8 and 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service.","CONFIRM:https://github.com/FFmpeg/FFmpeg/commit/6bbef938839adc55e8e048bc9cc2e0fafe2064df | CONFIRM:https://github.com/FFmpeg/FFmpeg/commit/e1182fac1afba92a4975917823a5f644bee7e6e8 | DEBIAN:DSA-4249 | URL:https://www.debian.org/security/2018/dsa-4249",Assigned (20180615),"None (candidate not yet proposed)","" CVE-2018-12459,Candidate,"An inconsistent bits-per-sample value in the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c in FFmpeg 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service.","CONFIRM:https://github.com/FFmpeg/FFmpeg/commit/2fc108f60f98cd00813418a8754a46476b404a3c",Assigned (20180615),"None (candidate not yet proposed)","" CVE-2018-12460,Candidate,"libavcodec in FFmpeg 4.0 may trigger a NULL pointer dereference if the studio profile is incorrectly detected while converting a crafted AVI file to MPEG4, leading to a denial of service, related to idctdsp.c and mpegvideo.c.","CONFIRM:https://github.com/FFmpeg/FFmpeg/commit/b3332a182f8ba33a34542e4a0370f38b914ccf7d",Assigned (20180615),"None (candidate not yet proposed)","" CVE-2018-13300,Candidate,"In FFmpeg 3.2 and 4.0.1, an improper argument (AVCodecParameters) passed to the avpriv_request_sample function in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array read while converting a crafted AVI file to MPEG4, leading to a denial of service and possibly an information disclosure.","BID:104675 | URL:http://www.securityfocus.com/bid/104675 | DEBIAN:DSA-4249 | URL:https://www.debian.org/security/2018/dsa-4249 | MISC:https://github.com/FFmpeg/FFmpeg/commit/95556e27e2c1d56d9e18f5db34d6f756f3011148 | MISC:https://github.com/FFmpeg/FFmpeg/commit/e6d3fd942f772f54ab6a5ca619cdaadef26b7702",Assigned (20180705),"None (candidate not yet proposed)","" CVE-2018-13301,Candidate,"In FFmpeg 4.0.1, due to a missing check of a profile value before setting it, the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service.","BID:104675 | URL:http://www.securityfocus.com/bid/104675 | MISC:https://github.com/FFmpeg/FFmpeg/commit/2aa9047486dbff12d9e040f917e5f799ed2fd78b",Assigned (20180705),"None (candidate not yet proposed)","" CVE-2018-13302,Candidate,"In FFmpeg 4.0.1, improper handling of frame types (other than EAC3_FRAME_TYPE_INDEPENDENT) that have multiple independent substreams in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to a denial of service or possibly unspecified other impact.","BID:104675 | URL:http://www.securityfocus.com/bid/104675 | DEBIAN:DSA-4249 | URL:https://www.debian.org/security/2018/dsa-4249 | MISC:https://github.com/FFmpeg/FFmpeg/commit/ed22dc22216f74c75ee7901f82649e1ff725ba50",Assigned (20180705),"None (candidate not yet proposed)","" CVE-2018-13303,Candidate,"In FFmpeg 4.0.1, a missing check for failure of a call to init_get_bits8() in the avpriv_ac3_parse_header function in libavcodec/ac3_parser.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service.","BID:104675 | URL:http://www.securityfocus.com/bid/104675 | MISC:https://github.com/FFmpeg/FFmpeg/commit/00e8181bd97c834fe60751b0c511d4bb97875f78",Assigned (20180705),"None (candidate not yet proposed)","" CVE-2018-13304,Candidate,"In libavcodec in FFmpeg 4.0.1, improper maintenance of the consistency between the context profile field and studio_profile in libavcodec may trigger an assertion failure while converting a crafted AVI file to MPEG4, leading to a denial of service, related to error_resilience.c, h263dec.c, and mpeg4videodec.c.","MISC:https://github.com/FFmpeg/FFmpeg/commit/bd27a9364ca274ca97f1df6d984e88a0700fb235",Assigned (20180705),"None (candidate not yet proposed)","" CVE-2018-13305,Candidate,"In FFmpeg 4.0.1, due to a missing check for negative values of the mquant variable, the vc1_put_blocks_clamped function in libavcodec/vc1_block.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to an information disclosure or a denial of service.","MISC:https://github.com/FFmpeg/FFmpeg/commit/d08d4a8c7387e758d439b0592782e4cfa2b4d6a4 | SUSE:openSUSE-SU-2020:0024 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html",Assigned (20180705),"None (candidate not yet proposed)","" CVE-2018-14394,Candidate,"libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted Waveform audio file.","MISC:https://github.com/FFmpeg/FFmpeg/commit/3a2d21bc5f97aa0161db3ae731fc2732be6108b8 | MLIST:[debian-lts-announce] 20190107 [SECURITY] [DLA 1630-1] libav security update | URL:https://lists.debian.org/debian-lts-announce/2019/01/msg00006.html",Assigned (20180718),"None (candidate not yet proposed)","" CVE-2018-14395,Candidate,"libavformat/movenc.c in FFmpeg 3.2 and 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted audio file when converting to the MOV audio format.","DEBIAN:DSA-4258 | URL:https://www.debian.org/security/2018/dsa-4258 | MISC:https://github.com/FFmpeg/FFmpeg/commit/2c0e98a0b478284bdff6d7a4062522605a8beae5 | MISC:https://github.com/FFmpeg/FFmpeg/commit/fa19fbcf712a6a6cc5a5cfdc3254a97b9bce6582 | SECTRACK:1041394 | URL:http://www.securitytracker.com/id/1041394",Assigned (20180718),"None (candidate not yet proposed)","" CVE-2018-15822,Candidate,"The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 2.8 does not check for an empty audio packet, leading to an assertion failure.","BUGTRAQ:20190523 [SECURITY] [DSA 4449-1] ffmpeg security update | URL:https://seclists.org/bugtraq/2019/May/60 | CONFIRM:https://github.com/FFmpeg/FFmpeg/commit/d8ecb335fe4852bbc172c7b79e66944d158b4d92 | DEBIAN:DSA-4449 | URL:https://www.debian.org/security/2019/dsa-4449 | MISC:https://github.com/FFmpeg/FFmpeg/commit/6b67d7f05918f7a1ee8fc6ff21355d7e8736aa10 | MLIST:[debian-lts-announce] 20190529 [SECURITY] [DLA 1809-1] libav security update | URL:https://lists.debian.org/debian-lts-announce/2019/05/msg00043.html | UBUNTU:USN-3967-1 | URL:https://usn.ubuntu.com/3967-1/ | UBUNTU:USN-4431-1 | URL:https://usn.ubuntu.com/4431-1/",Assigned (20180823),"None (candidate not yet proposed)","" CVE-2018-1999010,Candidate,"FFmpeg before commit cced03dd667a5df6df8fd40d8de0bff477ee02e8 contains multiple out of array access vulnerabilities in the mms protocol that can result in attackers accessing out of bound data. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in cced03dd667a5df6df8fd40d8de0bff477ee02e8 and later.","BID:104896 | URL:http://www.securityfocus.com/bid/104896 | CONFIRM:https://github.com/FFmpeg/FFmpeg/commit/cced03dd667a5df6df8fd40d8de0bff477ee02e8 | MLIST:[debian-lts-announce] 20190107 [SECURITY] [DLA 1630-1] libav security update | URL:https://lists.debian.org/debian-lts-announce/2019/01/msg00006.html",Assigned (20180723),"None (candidate not yet proposed)","" CVE-2018-1999011,Candidate,"FFmpeg before commit 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 contains a Buffer Overflow vulnerability in asf_o format demuxer that can result in heap-buffer-overflow that may result in remote code execution. This attack appears to be exploitable via specially crafted ASF file that has to be provided as input to FFmpeg. This vulnerability appears to have been fixed in 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 and later.","BID:104896 | URL:http://www.securityfocus.com/bid/104896 | BUGTRAQ:20190523 [SECURITY] [DSA 4449-1] ffmpeg security update | URL:https://seclists.org/bugtraq/2019/May/60 | CONFIRM:https://github.com/FFmpeg/FFmpeg/commit/2b46ebdbff1d8dec7a3d8ea280a612b91a582869 | DEBIAN:DSA-4449 | URL:https://www.debian.org/security/2019/dsa-4449",Assigned (20180723),"None (candidate not yet proposed)","" CVE-2018-1999012,Candidate,"FFmpeg before commit 9807d3976be0e92e4ece3b4b1701be894cd7c2e1 contains a CWE-835: Infinite loop vulnerability in pva format demuxer that can result in a Vulnerability that allows attackers to consume excessive amount of resources like CPU and RAM. This attack appear to be exploitable via specially crafted PVA file has to be provided as input. This vulnerability appears to have been fixed in 9807d3976be0e92e4ece3b4b1701be894cd7c2e1 and later.","BID:104896 | URL:http://www.securityfocus.com/bid/104896 | CONFIRM:https://github.com/FFmpeg/FFmpeg/commit/9807d3976be0e92e4ece3b4b1701be894cd7c2e1 | MLIST:[debian-lts-announce] 20190330 [SECURITY] [DLA 1740-1] libav security update | URL:https://lists.debian.org/debian-lts-announce/2019/03/msg00041.html",Assigned (20180723),"None (candidate not yet proposed)","" CVE-2018-1999013,Candidate,"FFmpeg before commit a7e032a277452366771951e29fd0bf2bd5c029f0 contains a use-after-free vulnerability in the realmedia demuxer that can result in vulnerability allows attacker to read heap memory. This attack appear to be exploitable via specially crafted RM file has to be provided as input. This vulnerability appears to have been fixed in a7e032a277452366771951e29fd0bf2bd5c029f0 and later.","BID:104896 | URL:http://www.securityfocus.com/bid/104896 | CONFIRM:https://github.com/FFmpeg/FFmpeg/commit/a7e032a277452366771951e29fd0bf2bd5c029f0",Assigned (20180723),"None (candidate not yet proposed)","" CVE-2018-1999014,Candidate,"FFmpeg before commit bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 contains an out of array access vulnerability in MXF format demuxer that can result in DoS. This attack appear to be exploitable via specially crafted MXF file which has to be provided as input. This vulnerability appears to have been fixed in bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 and later.","BID:104896 | URL:http://www.securityfocus.com/bid/104896 | CONFIRM:https://github.com/FFmpeg/FFmpeg/commit/bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75",Assigned (20180723),"None (candidate not yet proposed)","" CVE-2018-1999015,Candidate,"FFmpeg before commit 5aba5b89d0b1d73164d3b81764828bb8b20ff32a contains an out of array read vulnerability in ASF_F format demuxer that can result in heap memory reading. This attack appear to be exploitable via specially crafted ASF file that has to provided as input. This vulnerability appears to have been fixed in 5aba5b89d0b1d73164d3b81764828bb8b20ff32a and later.","BID:104896 | URL:http://www.securityfocus.com/bid/104896 | CONFIRM:https://github.com/FFmpeg/FFmpeg/commit/5aba5b89d0b1d73164d3b81764828bb8b20ff32a",Assigned (20180723),"None (candidate not yet proposed)","" CVE-2018-6392,Candidate,"The filter_slice function in libavfilter/vf_transpose.c in FFmpeg through 3.4.1 allows remote attackers to cause a denial of service (out-of-array access) via a crafted MP4 file.","BID:102848 | URL:http://www.securityfocus.com/bid/102848 | CONFIRM:https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/3f621455d62e46745453568d915badd5b1e5bcd5 | CONFIRM:https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/c6939f65a116b1ffed345d29d8621ee4ffb32235 | DEBIAN:DSA-4249 | URL:https://www.debian.org/security/2018/dsa-4249 | MLIST:[debian-lts-announce] 20190330 [SECURITY] [DLA 1740-1] libav security update | URL:https://lists.debian.org/debian-lts-announce/2019/03/msg00041.html",Assigned (20180129),"None (candidate not yet proposed)","" CVE-2018-6621,Candidate,"The decode_frame function in libavcodec/utvideodec.c in FFmpeg through 3.2 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file.","BID:102950 | URL:http://www.securityfocus.com/bid/102950 | CONFIRM:https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/118e1b0b3370dd1c0da442901b486689efd1654b | CONFIRM:https://github.com/FFmpeg/FFmpeg/commit/22aa37c0fedf14531783189a197542a055959b6c | DEBIAN:DSA-4249 | URL:https://www.debian.org/security/2018/dsa-4249 | MLIST:[debian-lts-announce] 20190107 [SECURITY] [DLA 1630-1] libav security update | URL:https://lists.debian.org/debian-lts-announce/2019/01/msg00006.html",Assigned (20180204),"None (candidate not yet proposed)","" CVE-2018-6912,Candidate,"The decode_plane function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file.","CONFIRM:https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/76cc0f0f673353cd4746cd3b83838ae335e5d9ed | GENTOO:GLSA-202003-65 | URL:https://security.gentoo.org/glsa/202003-65",Assigned (20180211),"None (candidate not yet proposed)","" CVE-2018-7557,Candidate,"The decode_init function in libavcodec/utvideodec.c in FFmpeg 2.8 through 3.4.2 allows remote attackers to cause a denial of service (Out of array read) via an AVI file with crafted dimensions within chroma subsampling data.","CONFIRM:https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/7414d0bda7763f9bd69c26c068e482ab297c1c96 | DEBIAN:DSA-4249 | URL:https://www.debian.org/security/2018/dsa-4249 | GENTOO:GLSA-202003-65 | URL:https://security.gentoo.org/glsa/202003-65 | MISC:https://github.com/FFmpeg/FFmpeg/commit/e724bd1dd9efea3abb8586d6644ec07694afceae | MLIST:[debian-lts-announce] 20190107 [SECURITY] [DLA 1630-1] libav security update | URL:https://lists.debian.org/debian-lts-announce/2019/01/msg00006.html",Assigned (20180228),"None (candidate not yet proposed)","" CVE-2018-7751,Candidate,"The svg_probe function in libavformat/img2dec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (Infinite Loop) via a crafted XML file.","BID:103956 | URL:http://www.securityfocus.com/bid/103956 | CONFIRM:https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/a6cba062051f345e8ebfdff34aba071ed73d923f | GENTOO:GLSA-202003-65 | URL:https://security.gentoo.org/glsa/202003-65",Assigned (20180307),"None (candidate not yet proposed)","" CVE-2018-9841,Candidate,"The export function in libavfilter/vf_signature.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a long filename.","GENTOO:GLSA-202003-65 | URL:https://security.gentoo.org/glsa/202003-65 | MISC:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=35eeff30caf34df835206f1c12bcf4b7c2bd6758",Assigned (20180407),"None (candidate not yet proposed)","" CVE-2019-1000016,Candidate,"FFMPEG version 4.1 contains a CWE-129: Improper Validation of Array Index vulnerability in libavcodec/cbs_av1.c that can result in Denial of service. This attack appears to be exploitable via specially crafted AV1 file has to be provided as input. This vulnerability appears to have been fixed in after commit b97a4b658814b2de8b9f2a3bce491c002d34de31.","MISC:https://github.com/FFmpeg/FFmpeg/commit/b97a4b658814b2de8b9f2a3bce491c002d34de31#diff-cd7e24986650014d67f484f3ffceef3f",Assigned (20190204),"None (candidate not yet proposed)","" CVE-2019-11338,Candidate,"libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data.","BID:108034 | URL:http://www.securityfocus.com/bid/108034 | BUGTRAQ:20190523 [SECURITY] [DSA 4449-1] ffmpeg security update | URL:https://seclists.org/bugtraq/2019/May/60 | DEBIAN:DSA-4449 | URL:https://www.debian.org/security/2019/dsa-4449 | MISC:https://github.com/FFmpeg/FFmpeg/commit/54655623a82632e7624714d7b2a3e039dc5faa7e | MISC:https://github.com/FFmpeg/FFmpeg/commit/9ccc633068c6fe76989f487c8932bd11886ad65b | MLIST:[debian-lts-announce] 20190529 [SECURITY] [DLA 1809-1] libav security update | URL:https://lists.debian.org/debian-lts-announce/2019/05/msg00043.html | SUSE:openSUSE-SU-2020:0024 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html | UBUNTU:USN-3967-1 | URL:https://usn.ubuntu.com/3967-1/ | UBUNTU:USN-4431-1 | URL:https://usn.ubuntu.com/4431-1/",Assigned (20190418),"None (candidate not yet proposed)","" CVE-2019-11339,Candidate,"The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 before 4.0.4 and 4.1 before 4.1.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via crafted MPEG-4 video data.","BID:108037 | URL:http://www.securityfocus.com/bid/108037 | MISC:https://github.com/FFmpeg/FFmpeg/commit/1f686d023b95219db933394a7704ad9aa5f01cbb | MISC:https://github.com/FFmpeg/FFmpeg/commit/d227ed5d598340e719eff7156b1aa0a4469e9a6a | SUSE:openSUSE-SU-2020:0024 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html | UBUNTU:USN-3967-1 | URL:https://usn.ubuntu.com/3967-1/",Assigned (20190418),"None (candidate not yet proposed)","" CVE-2019-12730,Candidate,"aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x before 4.1.4 does not check for sscanf failure and consequently allows use of uninitialized variables.","BID:109317 | URL:http://www.securityfocus.com/bid/109317 | BUGTRAQ:20190816 [SECURITY] [DSA 4502-1] ffmpeg security update | URL:https://seclists.org/bugtraq/2019/Aug/30 | CONFIRM:https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/9b4004c054964a49c7ba44583f4cee22486dd8f2 | CONFIRM:https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n4.1.4 | DEBIAN:DSA-4502 | URL:https://www.debian.org/security/2019/dsa-4502 | GENTOO:GLSA-202003-65 | URL:https://security.gentoo.org/glsa/202003-65 | MISC:https://github.com/FFmpeg/FFmpeg/commit/ed188f6dcdf0935c939ed813cf8745d50742014b | MISC:https://github.com/FFmpeg/FFmpeg/compare/a97ea53...ba11e40 | UBUNTU:USN-4431-1 | URL:https://usn.ubuntu.com/4431-1/",Assigned (20190604),"None (candidate not yet proposed)","" CVE-2019-13312,Candidate,"block_cmp() in libavcodec/zmbvenc.c in FFmpeg 4.1.3 has a heap-based buffer over-read.","GENTOO:GLSA-202003-65 | URL:https://security.gentoo.org/glsa/202003-65 | GENTOO:GLSA-202007-58 | URL:https://security.gentoo.org/glsa/202007-58 | MISC:https://trac.ffmpeg.org/ticket/7980 | UBUNTU:USN-4431-1 | URL:https://usn.ubuntu.com/4431-1/",Assigned (20190704),"None (candidate not yet proposed)","" CVE-2019-13390,Candidate,"In FFmpeg 4.1.3, there is a division by zero at adx_write_trailer in libavformat/rawenc.c.","BID:109090 | URL:http://www.securityfocus.com/bid/109090 | DEBIAN:DSA-4722 | URL:https://www.debian.org/security/2020/dsa-4722 | GENTOO:GLSA-202003-65 | URL:https://security.gentoo.org/glsa/202003-65 | MISC:https://trac.ffmpeg.org/ticket/7979 | MLIST:[debian-lts-announce] 20200727 [SECURITY] [DLA 2291-1] ffmpeg security update | URL:https://lists.debian.org/debian-lts-announce/2020/07/msg00022.html | UBUNTU:USN-4431-1 | URL:https://usn.ubuntu.com/4431-1/",Assigned (20190707),"None (candidate not yet proposed)","" CVE-2019-15942,Candidate,"FFmpeg through 4.2 has a ""Conditional jump or move depends on uninitialised value"" issue in h2645_parse because alloc_rbsp_buffer in libavcodec/h2645_parse.c mishandles rbsp_buffer.","GENTOO:GLSA-202007-58 | URL:https://security.gentoo.org/glsa/202007-58 | MISC:https://trac.ffmpeg.org/ticket/8093 | SUSE:openSUSE-SU-2020:0024 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html",Assigned (20190905),"None (candidate not yet proposed)","" CVE-2019-17539,Candidate,"In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer.","DEBIAN:DSA-4722 | URL:https://www.debian.org/security/2020/dsa-4722 | GENTOO:GLSA-202003-65 | URL:https://security.gentoo.org/glsa/202003-65 | MISC:https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15733 | MISC:https://github.com/FFmpeg/FFmpeg/commit/8df6884832ec413cf032dfaa45c23b1c7876670c | MLIST:[debian-lts-announce] 20210131 [SECURITY] [DLA 2537-1] ffmpeg security update | URL:https://lists.debian.org/debian-lts-announce/2021/01/msg00026.html | UBUNTU:USN-4431-1 | URL:https://usn.ubuntu.com/4431-1/",Assigned (20191014),"None (candidate not yet proposed)","" CVE-2019-17542,Candidate,"FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c.","DEBIAN:DSA-4722 | URL:https://www.debian.org/security/2020/dsa-4722 | GENTOO:GLSA-202003-65 | URL:https://security.gentoo.org/glsa/202003-65 | MISC:https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15919 | MISC:https://github.com/FFmpeg/FFmpeg/commit/02f909dc24b1f05cfbba75077c7707b905e63cd2 | MLIST:[debian-lts-announce] 20191205 [SECURITY] [DLA 2021-1] libav security update | URL:https://lists.debian.org/debian-lts-announce/2019/12/msg00003.html | MLIST:[debian-lts-announce] 20200727 [SECURITY] [DLA 2291-1] ffmpeg security update | URL:https://lists.debian.org/debian-lts-announce/2020/07/msg00022.html | UBUNTU:USN-4431-1 | URL:https://usn.ubuntu.com/4431-1/",Assigned (20191014),"None (candidate not yet proposed)","" CVE-2019-18214,Candidate,"The Video_Converter app 0.1.0 for Nextcloud allows denial of service (CPU and memory consumption) via multiple concurrent conversions because many FFmpeg processes may be running at once. (The workload is not queued for serial execution.)","MISC:https://github.com/PaulLereverend/NextcloudVideo_Converter/issues/22",Assigned (20191019),"None (candidate not yet proposed)","" CVE-2019-9718,Candidate,"In FFmpeg 3.2 and 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because ff_htmlmarkup_to_ass in libavcodec/htmlsubtitles.c has a complex format argument to sscanf.","BID:107382 | URL:http://www.securityfocus.com/bid/107382 | BUGTRAQ:20190523 [SECURITY] [DSA 4449-1] ffmpeg security update | URL:https://seclists.org/bugtraq/2019/May/60 | DEBIAN:DSA-4449 | URL:https://www.debian.org/security/2019/dsa-4449 | MISC:https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/1f00c97bc3475c477f3c468cf2d924d5761d0982 | MISC:https://github.com/FFmpeg/FFmpeg/commit/23ccf3cabb4baf6e8af4b1af3fcc59c904736f21 | UBUNTU:USN-3967-1 | URL:https://usn.ubuntu.com/3967-1/",Assigned (20190312),"None (candidate not yet proposed)","" CVE-2019-9721,Candidate,"A denial of service in the subtitle decoder in FFmpeg 3.2 and 4.1 allows attackers to hog the CPU via a crafted video file in Matroska format, because handle_open_brace in libavcodec/htmlsubtitles.c has a complex format argument to sscanf.","BID:107384 | URL:http://www.securityfocus.com/bid/107384 | MISC:https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/894995c41e0795c7a44f81adc4838dedc3932e65 | MISC:https://github.com/FFmpeg/FFmpeg/commit/273f2755ce8635d42da3cde0eeba15b2e7842774 | UBUNTU:USN-3967-1 | URL:https://usn.ubuntu.com/3967-1/",Assigned (20190312),"None (candidate not yet proposed)","" CVE-2020-12284,Candidate,"cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check.","DEBIAN:DSA-4722 | URL:https://www.debian.org/security/2020/dsa-4722 | GENTOO:GLSA-202007-58 | URL:https://security.gentoo.org/glsa/202007-58 | MISC:https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19734 | MISC:https://github.com/FFmpeg/FFmpeg/commit/1812352d767ccf5431aa440123e2e260a4db2726 | MISC:https://github.com/FFmpeg/FFmpeg/commit/a3a3730b5456ca00587455004d40c047f7b20a99 | UBUNTU:USN-4431-1 | URL:https://usn.ubuntu.com/4431-1/",Assigned (20200428),"None (candidate not yet proposed)","" CVE-2020-12473,Candidate,"MonoX through 5.1.40.5152 allows admins to execute arbitrary programs by reconfiguring the Converter Executable setting from ffmpeg.exe to a different program.","MISC:https://github.com/belong2yourself/vulnerabilities/tree/master/MonoX%20CMS/Privilege%20Escalation%20via%20ConvertVideo",Assigned (20200429),"None (candidate not yet proposed)","" CVE-2020-13904,Candidate,"FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c.","DEBIAN:DSA-4722 | URL:https://www.debian.org/security/2020/dsa-4722 | GENTOO:GLSA-202007-58 | URL:https://security.gentoo.org/glsa/202007-58 | MISC:https://github.com/FFmpeg/FFmpeg/commit/6959358683c7533f586c07a766acc5fe9544d8b2 | MISC:https://patchwork.ffmpeg.org/project/ffmpeg/patch/20200529033905.41926-1-lq@chinaffmpeg.org/ | MISC:https://trac.ffmpeg.org/ticket/8673 | MLIST:[debian-lts-announce] 20200727 [SECURITY] [DLA 2291-1] ffmpeg security update | URL:https://lists.debian.org/debian-lts-announce/2020/07/msg00022.html | UBUNTU:USN-4431-1 | URL:https://usn.ubuntu.com/4431-1/",Assigned (20200607),"None (candidate not yet proposed)","" CVE-2020-14212,Candidate,"FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_str in libavformat/aviobuf.c because dnn_backend_native.c calls ff_dnn_load_model_native and a certain index check is omitted.","GENTOO:GLSA-202007-58 | URL:https://security.gentoo.org/glsa/202007-58 | MISC:https://patchwork.ffmpeg.org/project/ffmpeg/list/?series=1463 | MISC:https://trac.ffmpeg.org/ticket/8716",Assigned (20200616),"None (candidate not yet proposed)","" CVE-2020-24995,Candidate,"Buffer overflow vulnerability in sniff_channel_order function in aacdec_template.c in ffmpeg 3.1.2, allows attackers to execute arbitrary code (local).","MISC:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6f293353c94c7ce200f6e0975ae3de49787f91f | MISC:https://trac.ffmpeg.org/ticket/8845 | MISC:https://trac.ffmpeg.org/ticket/8859 | MISC:https://trac.ffmpeg.org/ticket/8860",Assigned (20200828),"None (candidate not yet proposed)","" CVE-2020-35964,Candidate,"track_header in libavformat/vividas.c in FFmpeg 4.3.1 has an out-of-bounds write because of incorrect extradata packing.","MISC:https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26622 | MISC:https://github.com/FFmpeg/FFmpeg/commit/27a99e2c7d450fef15594671eef4465c8a166bd7",Assigned (20210103),"None (candidate not yet proposed)","" CVE-2020-35965,Candidate,"decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perform memset zero operations.","MISC:https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26532 | MISC:https://github.com/FFmpeg/FFmpeg/commit/3e5959b3457f7f1856d997261e6ac672bba49e8b | MISC:https://github.com/FFmpeg/FFmpeg/commit/b0a8b40294ea212c1938348ff112ef1b9bf16bb3 | MLIST:[debian-lts-announce] 20210131 [SECURITY] [DLA 2537-1] ffmpeg security update | URL:https://lists.debian.org/debian-lts-announce/2021/01/msg00026.html",Assigned (20210104),"None (candidate not yet proposed)","" CVE-2017-12474,Candidate,"The AP4_AtomSampleTable::GetSample function in Core/Ap4AtomSampleTable.cpp in Bento4 mp42ts before 1.5.0-616 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file.","MISC:https://drive.google.com/open?id=0B6wBkDmxMGMKUjNscThnbTlSZ2s | MISC:https://drive.google.com/open?id=0B9DojFnTUSNGZ1JfNUc1am9pcnc | MISC:https://github.com/axiomatic-systems/Bento4/commit/4d3f0bebd5f8518fd775f671c12bea58c68e814e",Assigned (20170804),"None (candidate not yet proposed)","" CVE-2017-12475,Candidate,"The AP4_Processor::Process function in Core/Ap4Processor.cpp in Bento4 mp4encrypt before 1.5.0-616 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file.","MISC:https://drive.google.com/open?id=0B6wBkDmxMGMKUjNscThnbTlSZ2s | MISC:https://drive.google.com/open?id=0B9DojFnTUSNGZ1JfNUc1am9pcnc | MISC:https://github.com/axiomatic-systems/Bento4/commit/4d3f0bebd5f8518fd775f671c12bea58c68e814e",Assigned (20170804),"None (candidate not yet proposed)","" CVE-2017-12476,Candidate,"The AP4_AvccAtom::InspectFields function in Core/Ap4AvccAtom.cpp in Bento4 mp4dump before 1.5.0-616 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file.","MISC:https://drive.google.com/open?id=0B6wBkDmxMGMKUjNscThnbTlSZ2s | MISC:https://drive.google.com/open?id=0B9DojFnTUSNGZ1JfNUc1am9pcnc | MISC:https://github.com/axiomatic-systems/Bento4/commit/4d3f0bebd5f8518fd775f671c12bea58c68e814e",Assigned (20170804),"None (candidate not yet proposed)","" CVE-2017-14257,Candidate,"In the SDK in Bento4 1.5.0-616, AP4_AtomSampleTable::GetSample in Core/Ap4AtomSampleTable.cpp contains a Read Memory Access Violation vulnerability. It is possible to exploit this vulnerability by opening a crafted .MP4 file.","CONFIRM:https://github.com/axiomatic-systems/Bento4/issues/181",Assigned (20170910),"None (candidate not yet proposed)","" CVE-2017-14258,Candidate,"In the SDK in Bento4 1.5.0-616, SetItemCount in Core/Ap4StscAtom.h file contains a Write Memory Access Violation vulnerability. It is possible to exploit this vulnerability and possibly execute arbitrary code by opening a crafted .MP4 file.","CONFIRM:https://github.com/axiomatic-systems/Bento4/issues/181",Assigned (20170910),"None (candidate not yet proposed)","" CVE-2017-14259,Candidate,"In the SDK in Bento4 1.5.0-616, the AP4_StscAtom class in Ap4StscAtom.cpp contains a Write Memory Access Violation vulnerability. It is possible to exploit this vulnerability and possibly execute arbitrary code by opening a crafted .MP4 file.","CONFIRM:https://github.com/axiomatic-systems/Bento4/issues/181",Assigned (20170910),"None (candidate not yet proposed)","" CVE-2017-14260,Candidate,"In the SDK in Bento4 1.5.0-616, the AP4_StssAtom class in Ap4StssAtom.cpp contains a Write Memory Access Violation vulnerability. It is possible to exploit this vulnerability and possibly execute arbitrary code by opening a crafted .MP4 file.","CONFIRM:https://github.com/axiomatic-systems/Bento4/issues/181",Assigned (20170910),"None (candidate not yet proposed)","" CVE-2017-14261,Candidate,"In the SDK in Bento4 1.5.0-616, the AP4_StszAtom class in Ap4StszAtom.cpp file contains a Read Memory Access Violation vulnerability. It is possible to exploit this vulnerability by opening a crafted .MP4 file.","CONFIRM:https://github.com/axiomatic-systems/Bento4/issues/181",Assigned (20170910),"None (candidate not yet proposed)","" CVE-2017-14638,Candidate,"AP4_AtomFactory::CreateAtomFromStream in Core/Ap4AtomFactory.cpp in Bento4 version 1.5.0-617 has missing NULL checks, leading to a NULL pointer dereference, segmentation fault, and application crash in AP4_Atom::SetType in Core/Ap4Atom.h.","MISC:https://blogs.gentoo.org/ago/2017/09/14/bento4-null-pointer-dereference-in-ap4_atomsettype-ap4atom-h/ | MISC:https://github.com/axiomatic-systems/Bento4/commit/be7185faf7f52674028977dcf501c6039ff03aa5 | MISC:https://github.com/axiomatic-systems/Bento4/issues/182",Assigned (20170921),"None (candidate not yet proposed)","" CVE-2017-14639,Candidate,"AP4_VisualSampleEntry::ReadFields in Core/Ap4SampleEntry.cpp in Bento4 1.5.0-617 uses incorrect character data types, which causes a stack-based buffer underflow and out-of-bounds write, leading to denial of service (application crash) or possibly unspecified other impact.","MISC:https://blogs.gentoo.org/ago/2017/09/14/bento4-stack-based-buffer-underflow-in-ap4_visualsampleentryreadfields-ap4sampleentry-cpp/ | MISC:https://github.com/axiomatic-systems/Bento4/commit/03d1222ab9c2ce779cdf01bdb96cdd69cbdcfeda | MISC:https://github.com/axiomatic-systems/Bento4/issues/190",Assigned (20170921),"None (candidate not yet proposed)","" CVE-2017-14640,Candidate,"A NULL pointer dereference was discovered in AP4_AtomSampleTable::GetSample in Core/Ap4AtomSampleTable.cpp in Bento4 version 1.5.0-617. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service.","MISC:https://blogs.gentoo.org/ago/2017/09/14/bento4-null-pointer-dereference-in-ap4_atomsampletablegetsample-ap4atomsampletable-cpp/ | MISC:https://github.com/axiomatic-systems/Bento4/commit/2f267f89f957088197f4b1fc254632d1645b415d | MISC:https://github.com/axiomatic-systems/Bento4/issues/183",Assigned (20170921),"None (candidate not yet proposed)","" CVE-2017-14641,Candidate,"A NULL pointer dereference was discovered in the AP4_DataAtom class in MetaData/Ap4MetaData.cpp in Bento4 version 1.5.0-617. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service.","MISC:https://blogs.gentoo.org/ago/2017/09/14/bento4-null-pointer-dereference-in-ap4_dataatomap4_dataatom-ap4metadata-cpp/ | MISC:https://github.com/axiomatic-systems/Bento4/commit/41cad602709436628f07b4c4f64e9ff7a611f687 | MISC:https://github.com/axiomatic-systems/Bento4/issues/184",Assigned (20170921),"None (candidate not yet proposed)","" CVE-2017-14642,Candidate,"A NULL pointer dereference was discovered in the AP4_HdlrAtom class in Bento4 version 1.5.0-617. The vulnerability causes a segmentation fault and application crash in AP4_StdcFileByteStream::ReadPartial in System/StdC/Ap4StdCFileByteStream.cpp, which leads to remote denial of service.","MISC:https://blogs.gentoo.org/ago/2017/09/14/bento4-null-pointer-dereference-in-ap4_stdcfilebytestreamreadpartial-ap4stdcfilebytestream-cpp/ | MISC:https://github.com/axiomatic-systems/Bento4/commit/22192de5367fa0cee985917f092be4060b7c00b0 | MISC:https://github.com/axiomatic-systems/Bento4/issues/185",Assigned (20170921),"None (candidate not yet proposed)","" CVE-2017-14643,Candidate,"The AP4_HdlrAtom class in Core/Ap4HdlrAtom.cpp in Bento4 version 1.5.0-617 uses an incorrect character data type, leading to a heap-based buffer over-read and application crash in AP4_BytesToUInt32BE in Core/Ap4Utils.h.","MISC:https://blogs.gentoo.org/ago/2017/09/14/bento4-heap-based-buffer-overflow-in-ap4_bytestouint32be-ap4utils-h/ | MISC:https://github.com/axiomatic-systems/Bento4/commit/5eb8cf89d724ccb0b4ce5f24171ec7c11f0a7647 | MISC:https://github.com/axiomatic-systems/Bento4/issues/187",Assigned (20170921),"None (candidate not yet proposed)","" CVE-2017-14644,Candidate,"A heap-based buffer overflow was discovered in the AP4_HdlrAtom class in Bento4 1.5.0-617. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution.","MISC:https://blogs.gentoo.org/ago/2017/09/14/bento4-heap-based-buffer-overflow-in-ap4_hdlratomap4_hdlratom-ap4hdlratom-cpp/",Assigned (20170921),"None (candidate not yet proposed)","" CVE-2017-14645,Candidate,"A heap-based buffer over-read was discovered in AP4_BitStream::ReadBytes in Codecs/Ap4BitStream.cpp in Bento4 version 1.5.0-617. The vulnerability causes an application crash, which leads to remote denial of service.","MISC:https://blogs.gentoo.org/ago/2017/09/14/bento4-heap-based-buffer-overflow-in-ap4_bitstreamreadbytes-ap4bitstream-cpp/",Assigned (20170921),"None (candidate not yet proposed)","" CVE-2017-14646,Candidate,"The AP4_AvccAtom and AP4_HvccAtom classes in Bento4 version 1.5.0-617 do not properly validate data sizes, leading to a heap-based buffer over-read and application crash in AP4_DataBuffer::SetData in Core/Ap4DataBuffer.cpp.","MISC:https://blogs.gentoo.org/ago/2017/09/14/bento4-heap-based-buffer-overflow-in-ap4_databuffersetdata-ap4databuffer-cpp/ | MISC:https://github.com/axiomatic-systems/Bento4/commit/53499d8d4c69142137c7c7f0097a444783fdeb90 | MISC:https://github.com/axiomatic-systems/Bento4/issues/188",Assigned (20170921),"None (candidate not yet proposed)","" CVE-2017-14647,Candidate,"A heap-based buffer overflow was discovered in AP4_VisualSampleEntry::ReadFields in Core/Ap4SampleEntry.cpp in Bento4 1.5.0-617. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution.","MISC:https://blogs.gentoo.org/ago/2017/09/14/bento4-stack-based-buffer-overflow-in-ap4_visualsampleentryreadfields-ap4sampleentry-cpp/",Assigned (20170921),"None (candidate not yet proposed)","" CVE-2018-13846,Candidate,"An issue has been found in Bento4 1.5.1-624. AP4_Mpeg2TsVideoSampleStream::WriteSample in Core/Ap4Mpeg2Ts.cpp has a heap-based buffer over-read after a call from Mp42Ts.cpp, a related issue to CVE-2018-14532.","MISC:https://github.com/axiomatic-systems/Bento4/issues/282",Assigned (20180710),"None (candidate not yet proposed)","" CVE-2018-13847,Candidate,"An issue has been found in Bento4 1.5.1-624. It is a SEGV in AP4_StcoAtom::AdjustChunkOffsets in Core/Ap4StcoAtom.cpp.","MISC:https://github.com/axiomatic-systems/Bento4/issues/283",Assigned (20180710),"None (candidate not yet proposed)","" CVE-2018-13848,Candidate,"An issue has been found in Bento4 1.5.1-624. It is a SEGV in AP4_StszAtom::GetSampleSize in Core/Ap4StszAtom.cpp.","MISC:https://github.com/axiomatic-systems/Bento4/issues/285",Assigned (20180710),"None (candidate not yet proposed)","" CVE-2018-14445,Candidate,"In Bento4 v1.5.1-624, AP4_File::ParseStream in Ap4File.cpp allows remote attackers to cause a denial of service (infinite loop) via a crafted MP4 file.","MISC:http://hac425.unaux.com/index.php/archives/62/ | MISC:https://github.com/axiomatic-systems/Bento4/issues/289",Assigned (20180720),"None (candidate not yet proposed)","" CVE-2018-14531,Candidate,"An issue was discovered in Bento4 1.5.1-624. There is an unspecified ""heap-buffer-overflow"" crash in the AP4_HvccAtom class in Core/Ap4HvccAtom.cpp.","MISC:https://github.com/axiomatic-systems/Bento4/issues/293",Assigned (20180723),"None (candidate not yet proposed)","" CVE-2018-14532,Candidate,"An issue was discovered in Bento4 1.5.1-624. There is a heap-based buffer over-read in AP4_Mpeg2TsVideoSampleStream::WriteSample in Core/Ap4Mpeg2Ts.cpp after a call from Mp42Hls.cpp, a related issue to CVE-2018-13846.","MISC:https://github.com/axiomatic-systems/Bento4/issues/294",Assigned (20180723),"None (candidate not yet proposed)","" CVE-2018-14543,Candidate,"There exists one NULL pointer dereference vulnerability in AP4_JsonInspector::AddField in Ap4Atom.cpp in Bento4 1.5.1-624, which can allow attackers to cause a denial-of-service via a crafted mp4 file. This vulnerability can be triggered by the executable mp4dump.","MISC:https://github.com/axiomatic-systems/Bento4/issues/292",Assigned (20180723),"None (candidate not yet proposed)","" CVE-2018-14544,Candidate,"There exists one invalid memory read bug in AP4_SampleDescription::GetFormat() in Ap4SampleDescription.h in Bento4 1.5.1-624, which can allow attackers to cause a denial-of-service via a crafted mp4 file. This vulnerability can be triggered by the executable mp42ts.","MISC:https://github.com/axiomatic-systems/Bento4/issues/291",Assigned (20180723),"None (candidate not yet proposed)","" CVE-2018-14545,Candidate,"There exists one invalid memory read bug in AP4_SampleDescription::GetType() in Ap4SampleDescription.h in Bento4 1.5.1-624, which can allow attackers to cause a denial-of-service via a crafted mp4 file. This vulnerability can be triggered by the executable mp42ts.","MISC:https://github.com/axiomatic-systems/Bento4/issues/291",Assigned (20180723),"None (candidate not yet proposed)","" CVE-2018-14584,Candidate,"An issue has been discovered in Bento4 1.5.1-624. AP4_AvccAtom::Create in Core/Ap4AvccAtom.cpp has a heap-based buffer over-read.","MISC:https://github.com/axiomatic-systems/Bento4/issues/298 | MISC:https://github.com/axiomatic-systems/Bento4/issues/304",Assigned (20180724),"None (candidate not yet proposed)","" CVE-2018-14585,Candidate,"An issue has been discovered in Bento4 1.5.1-624. AP4_BytesToUInt16BE in Core/Ap4Utils.h has a heap-based buffer over-read after a call from the AP4_Stz2Atom class.","MISC:https://github.com/axiomatic-systems/Bento4/issues/299",Assigned (20180724),"None (candidate not yet proposed)","" CVE-2018-14586,Candidate,"An issue has been discovered in Bento4 1.5.1-624. A SEGV can occur in AP4_Mpeg2TsAudioSampleStream::WriteSample in Core/Ap4Mpeg2Ts.cpp, a different vulnerability than CVE-2018-14532.","MISC:https://github.com/axiomatic-systems/Bento4/issues/300",Assigned (20180724),"None (candidate not yet proposed)","" CVE-2018-14587,Candidate,"An issue has been discovered in Bento4 1.5.1-624. AP4_MemoryByteStream::WritePartial in Core/Ap4ByteStream.cpp has a buffer over-read.","MISC:https://github.com/axiomatic-systems/Bento4/issues/301",Assigned (20180724),"None (candidate not yet proposed)","" CVE-2018-14588,Candidate,"An issue has been discovered in Bento4 1.5.1-624. A NULL pointer dereference can occur in AP4_DataBuffer::SetData in Core/Ap4DataBuffer.cpp.","MISC:https://github.com/axiomatic-systems/Bento4/issues/302",Assigned (20180724),"None (candidate not yet proposed)","" CVE-2018-14589,Candidate,"An issue has been discovered in Bento4 1.5.1-624. AP4_Mp4AudioDsiParser::ReadBits in Codecs/Ap4Mp4AudioInfo.cpp has a heap-based buffer over-read.","MISC:https://github.com/axiomatic-systems/Bento4/issues/303",Assigned (20180724),"None (candidate not yet proposed)","" CVE-2018-14590,Candidate,"An issue has been discovered in Bento4 1.5.1-624. A SEGV can occur in AP4_Processor::ProcessFragments in Core/Ap4Processor.cpp.","MISC:https://github.com/axiomatic-systems/Bento4/issues/305",Assigned (20180724),"None (candidate not yet proposed)","" CVE-2018-20095,Candidate,"An issue was discovered in EnsureCapacity in Core/Ap4Array.h in Bento4 1.5.1-627. Crafted MP4 input triggers an attempt at excessive memory allocation, as demonstrated by mp42hls.","MISC:https://github.com/axiomatic-systems/Bento4/issues/341",Assigned (20181212),"None (candidate not yet proposed)","" CVE-2018-20186,Candidate,"An issue was discovered in Bento4 1.5.1-627. AP4_Sample::ReadData in Core/Ap4Sample.cpp allows attackers to trigger an attempted excessive memory allocation, related to AP4_DataBuffer::SetDataSize and AP4_DataBuffer::ReallocateBuffer in Core/Ap4DataBuffer.cpp.","MISC:https://github.com/axiomatic-systems/Bento4/issues/342",Assigned (20181217),"None (candidate not yet proposed)","" CVE-2018-20407,Candidate,"An issue was discovered in Bento4 1.5.1-627. There is a memory leak in AP4_DescriptorFactory::CreateDescriptorFromStream in Core/Ap4DescriptorFactory.cpp, as demonstrated by mp42hls.","MISC:https://github.com/axiomatic-systems/Bento4/issues/343",Assigned (20181223),"None (candidate not yet proposed)","" CVE-2018-20408,Candidate,"An issue was discovered in Bento4 1.5.1-627. There is a memory leak in AP4_StdcFileByteStream::Create in System/StdC/Ap4StdCFileByteStream.cpp, as demonstrated by mp42hls.","MISC:https://github.com/axiomatic-systems/Bento4/issues/343",Assigned (20181223),"None (candidate not yet proposed)","" CVE-2018-20409,Candidate,"An issue was discovered in Bento4 1.5.1-627. There is a heap-based buffer over-read in AP4_AvccAtom::Create in Core/Ap4AvccAtom.cpp, as demonstrated by mp42hls.","MISC:https://github.com/axiomatic-systems/Bento4/issues/345",Assigned (20181223),"None (candidate not yet proposed)","" CVE-2018-20502,Candidate,"An issue was discovered in Bento4 1.5.1-627. There is an attempt at excessive memory allocation in the AP4_DataBuffer class when called from AP4_HvccAtom::Create in Core/Ap4HvccAtom.cpp.","MISC:https://github.com/axiomatic-systems/Bento4/issues/349",Assigned (20181226),"None (candidate not yet proposed)","" CVE-2018-20659,Candidate,"An issue was discovered in Bento4 1.5.1-627. The AP4_StcoAtom class in Core/Ap4StcoAtom.cpp has an attempted excessive memory allocation when called from AP4_AtomFactory::CreateAtomFromStream in Core/Ap4AtomFactory.cpp, as demonstrated by mp42hls.","MISC:https://github.com/axiomatic-systems/Bento4/issues/350",Assigned (20190102),"None (candidate not yet proposed)","" CVE-2018-5253,Candidate,"The AP4_FtypAtom class in Core/Ap4FtypAtom.cpp in Bento4 1.5.1.0 has an Infinite loop via a crafted MP4 file that triggers size mishandling.","MISC:https://github.com/axiomatic-systems/Bento4/issues/233",Assigned (20180105),"None (candidate not yet proposed)","" CVE-2019-13238,Candidate,"An issue was discovered in Bento4 1.5.1.0. A memory allocation failure is unhandled in Core/Ap4SdpAtom.cpp and leads to crashes. When parsing input video, the program allocates a new buffer to parse an atom in the stream. The unhandled memory allocation failure causes a direct copy to a NULL pointer.","MISC:https://github.com/axiomatic-systems/Bento4/issues/396",Assigned (20190704),"None (candidate not yet proposed)","" CVE-2019-13959,Candidate,"In Bento4 1.5.1-627, AP4_DataBuffer::SetDataSize does not handle reallocation failures, leading to a memory copy into a NULL pointer. This is different from CVE-2018-20186.","MISC:https://github.com/axiomatic-systems/Bento4/issues/394",Assigned (20190718),"None (candidate not yet proposed)","" CVE-2019-15047,Candidate,"An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in the function AP4_BitReader::SkipBits at Core/Ap4Utils.cpp.","MISC:https://github.com/axiomatic-systems/bento4/issues/408",Assigned (20190814),"None (candidate not yet proposed)","" CVE-2019-15048,Candidate,"An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer overflow in the AP4_RtpAtom class at Core/Ap4RtpAtom.cpp.","MISC:https://github.com/axiomatic-systems/bento4/issues/409",Assigned (20190814),"None (candidate not yet proposed)","" CVE-2019-15049,Candidate,"An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in the AP4_Dec3Atom class at Core/Ap4Dec3Atom.cpp.","MISC:https://github.com/axiomatic-systems/bento4/issues/408",Assigned (20190814),"None (candidate not yet proposed)","" CVE-2019-15050,Candidate,"An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in the AP4_AvccAtom class at Core/Ap4AvccAtom.cpp.","MISC:https://github.com/axiomatic-systems/bento4/issues/409",Assigned (20190814),"None (candidate not yet proposed)","" CVE-2019-16349,Candidate,"Bento4 1.5.1-628 has a NULL pointer dereference in AP4_ByteStream::ReadUI32 in Core/Ap4ByteStream.cpp when called from the AP4_TrunAtom class.","MISC:https://github.com/axiomatic-systems/Bento4/issues/422",Assigned (20190916),"None (candidate not yet proposed)","" CVE-2019-17452,Candidate,"Bento4 1.5.1.0 has a NULL pointer dereference in AP4_DescriptorListInspector::Action in Core/Ap4Descriptor.h, related to AP4_IodsAtom::InspectFields in Core/Ap4IodsAtom.cpp, as demonstrated by mp4dump.","MISC:https://github.com/axiomatic-systems/Bento4/issues/434",Assigned (20191010),"None (candidate not yet proposed)","" CVE-2019-17453,Candidate,"Bento4 1.5.1.0 has a NULL pointer dereference in AP4_DescriptorListWriter::Action in Core/Ap4Descriptor.h, related to AP4_IodsAtom::WriteFields in Core/Ap4IodsAtom.cpp, as demonstrated by mp4encrypt or mp4compact.","MISC:https://github.com/axiomatic-systems/Bento4/issues/436 | MISC:https://github.com/axiomatic-systems/Bento4/issues/437",Assigned (20191010),"None (candidate not yet proposed)","" CVE-2019-17454,Candidate,"Bento4 1.5.1.0 has a NULL pointer dereference in AP4_Descriptor::GetTag in Core/Ap4Descriptor.h, related to AP4_StsdAtom::GetSampleDescription in Core/Ap4StsdAtom.cpp, as demonstrated by mp4info.","MISC:https://github.com/axiomatic-systems/Bento4/issues/435",Assigned (20191010),"None (candidate not yet proposed)","" CVE-2019-17528,Candidate,"An issue was discovered in Bento4 1.5.1.0. There is a SEGV in the function AP4_TfhdAtom::SetDefaultSampleSize at Core/Ap4TfhdAtom.h when called from AP4_Processor::ProcessFragments in Core/Ap4Processor.cpp.","MISC:https://github.com/TeamSeri0us/pocs/tree/master/bento4 | MISC:https://github.com/axiomatic-systems/Bento4/issues/432",Assigned (20191012),"None (candidate not yet proposed)","" CVE-2019-17529,Candidate,"An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in AP4_CencSampleEncryption::DoInspectFields in Core/Ap4CommonEncryption.cpp when called from AP4_Atom::Inspect in Core/Ap4Atom.cpp.","MISC:https://github.com/TeamSeri0us/pocs/tree/master/bento4 | MISC:https://github.com/axiomatic-systems/Bento4/issues/430",Assigned (20191012),"None (candidate not yet proposed)","" CVE-2019-17530,Candidate,"An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in AP4_PrintInspector::AddField in Core/Ap4Atom.cpp when called from AP4_CencSampleEncryption::DoInspectFields in Core/Ap4CommonEncryption.cpp, when called from AP4_Atom::Inspect in Core/Ap4Atom.cpp.","MISC:https://github.com/TeamSeri0us/pocs/tree/master/bento4 | MISC:https://github.com/axiomatic-systems/Bento4/issues/431",Assigned (20191012),"None (candidate not yet proposed)","" CVE-2019-20090,Candidate,"An issue was discovered in Bento4 1.5.1.0. There is a use-after-free in AP4_Sample::GetOffset in Core/Ap4Sample.h when called from Ap4LinearReader.cpp.","MISC:https://github.com/axiomatic-systems/Bento4/issues/461",Assigned (20191230),"None (candidate not yet proposed)","" CVE-2019-20091,Candidate,"An issue was discovered in Bento4 1.5.1.0. There is a NULL pointer dereference in AP4_Descriptor::GetTag in mp42ts when called from AP4_DecoderConfigDescriptor::GetDecoderSpecificInfoDescriptor in Ap4DecoderConfigDescriptor.cpp.","MISC:https://github.com/axiomatic-systems/Bento4/issues/462",Assigned (20191230),"None (candidate not yet proposed)","" CVE-2019-20092,Candidate,"An issue was discovered in Bento4 1.5.1.0. There is a NULL pointer dereference in AP4_Descriptor::GetTag in mp42ts when called from AP4_EsDescriptor::GetDecoderConfigDescriptor in Ap4EsDescriptor.cpp.","MISC:https://github.com/axiomatic-systems/Bento4/issues/462",Assigned (20191230),"None (candidate not yet proposed)","" CVE-2019-6132,Candidate,"An issue was discovered in Bento4 v1.5.1-627. There is a memory leak in AP4_DescriptorFactory::CreateDescriptorFromStream in Core/Ap4DescriptorFactory.cpp when called from the AP4_EsdsAtom class in Core/Ap4EsdsAtom.cpp, as demonstrated by mp42aac.","MISC:https://github.com/axiomatic-systems/Bento4/issues/357",Assigned (20190110),"None (candidate not yet proposed)","" CVE-2019-6966,Candidate,"An issue was discovered in Bento4 1.5.1-628. The AP4_ElstAtom class in Core/Ap4ElstAtom.cpp has an attempted excessive memory allocation related to AP4_Array::EnsureCapacity in Core/Ap4Array.h, as demonstrated by mp42hls.","MISC:https://github.com/axiomatic-systems/Bento4/issues/361",Assigned (20190125),"None (candidate not yet proposed)","" CVE-2019-7697,Candidate,"An issue was discovered in Bento4 v1.5.1-627. There is an assertion failure in AP4_AtomListWriter::Action in Core/Ap4Atom.cpp, leading to a denial of service (program crash), as demonstrated by mp42hls.","MISC:https://github.com/axiomatic-systems/Bento4/issues/351",Assigned (20190210),"None (candidate not yet proposed)","" CVE-2019-7698,Candidate,"An issue was discovered in AP4_Array::EnsureCapacity in Core/Ap4Array.h in Bento4 1.5.1-627. Crafted MP4 input triggers an attempt at excessive memory allocation, as demonstrated by mp42hls, a related issue to CVE-2018-20095.","MISC:https://github.com/axiomatic-systems/Bento4/issues/354",Assigned (20190210),"None (candidate not yet proposed)","" CVE-2019-7699,Candidate,"A heap-based buffer over-read occurs in AP4_BitStream::WriteBytes in Codecs/Ap4BitStream.cpp in Bento4 v1.5.1-627. Remote attackers could leverage this vulnerability to cause an exception via crafted mp4 input, which leads to a denial of service.","MISC:https://github.com/axiomatic-systems/Bento4/issues/355",Assigned (20190210),"None (candidate not yet proposed)","" CVE-2019-8378,Candidate,"An issue was discovered in Bento4 1.5.1-628. A heap-based buffer over-read exists in AP4_BitStream::ReadBytes() in Codecs/Ap4BitStream.cpp, a similar issue to CVE-2017-14645. It can be triggered by sending a crafted file to the aac2mp4 binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.","MISC:https://github.com/axiomatic-systems/Bento4/issues/363 | MISC:https://research.loginsoft.com/bugs/a-heap-buffer-overflow-vulnerability-in-the-function-ap4_bitstreamreadbytes-bento4-1-5-1-628/",Assigned (20190216),"None (candidate not yet proposed)","" CVE-2019-8380,Candidate,"An issue was discovered in Bento4 1.5.1-628. A NULL pointer dereference occurs in AP4_Track::GetSampleIndexForTimeStampMs() located in Core/Ap4Track.cpp. It can triggered by sending a crafted file to the mp4audioclip binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.","MISC:https://github.com/axiomatic-systems/Bento4/issues/366 | MISC:https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-function-ap4_trackgetsampleindexfortimestampms-bento4-1-5-1-628/",Assigned (20190216),"None (candidate not yet proposed)","" CVE-2019-8382,Candidate,"An issue was discovered in Bento4 1.5.1-628. A NULL pointer dereference occurs in the function AP4_List:Find located in Core/Ap4List.h when called from Core/Ap4Movie.cpp. It can be triggered by sending a crafted file to the mp4dump binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.","MISC:https://github.com/axiomatic-systems/Bento4/issues/364 | MISC:https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-function-ap4_listfind-bento4-1-5-1-628/",Assigned (20190216),"None (candidate not yet proposed)","" CVE-2019-9544,Candidate,"An issue was discovered in Bento4 1.5.1-628. An out of bounds write occurs in AP4_CttsTableEntry::AP4_CttsTableEntry() located in Core/Ap4Array.h. It can be triggered by sending a crafted file to (for example) the mp42hls binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.","MISC:https://github.com/axiomatic-systems/Bento4/issues/374 | MISC:https://research.loginsoft.com/bugs/out-of-bounds-write-in-function-ap4_cttstableentryap4_cttstableentry-bento4-1-5-1-0/",Assigned (20190301),"None (candidate not yet proposed)","" CVE-2019-10331,Candidate,"A cross-site request forgery vulnerability in Jenkins ElectricFlow Plugin 1.1.5 and earlier in Configuration#doTestConnection allowed attackers to connect to an attacker-specified URL using attacker-specified credentials.","BID:108747 | URL:http://www.securityfocus.com/bid/108747 | CONFIRM:https://jenkins.io/security/advisory/2019-06-11/#SECURITY-1410%20(1) | MLIST:[oss-security] 20190611 Multiple vulnerabilities in Jenkins plugins | URL:http://www.openwall.com/lists/oss-security/2019/06/11/1",Assigned (20190329),"None (candidate not yet proposed)","" CVE-2019-10332,Candidate,"A missing permission check in Jenkins ElectricFlow Plugin 1.1.5 and earlier in Configuration#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials.","BID:108747 | URL:http://www.securityfocus.com/bid/108747 | CONFIRM:https://jenkins.io/security/advisory/2019-06-11/#SECURITY-1410%20(1) | MLIST:[oss-security] 20190611 Multiple vulnerabilities in Jenkins plugins | URL:http://www.openwall.com/lists/oss-security/2019/06/11/1",Assigned (20190329),"None (candidate not yet proposed)","" CVE-2019-10333,Candidate,"Missing permission checks in Jenkins ElectricFlow Plugin 1.1.5 and earlier in various HTTP endpoints allowed users with Overall/Read access to obtain information about the Jenkins ElectricFlow Plugin configuration and configuration of connected ElectricFlow instances.","BID:108747 | URL:http://www.securityfocus.com/bid/108747 | CONFIRM:https://jenkins.io/security/advisory/2019-06-11/#SECURITY-1410%20(2) | MLIST:[oss-security] 20190611 Multiple vulnerabilities in Jenkins plugins | URL:http://www.openwall.com/lists/oss-security/2019/06/11/1",Assigned (20190329),"None (candidate not yet proposed)","" CVE-2019-10334,Candidate,"Jenkins ElectricFlow Plugin 1.1.5 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM when MultipartUtility.java is used to upload files.","BID:108747 | URL:http://www.securityfocus.com/bid/108747 | CONFIRM:https://jenkins.io/security/advisory/2019-06-11/#SECURITY-1411 | MLIST:[oss-security] 20190611 Multiple vulnerabilities in Jenkins plugins | URL:http://www.openwall.com/lists/oss-security/2019/06/11/1",Assigned (20190329),"None (candidate not yet proposed)","" CVE-2019-10335,Candidate,"A stored cross site scripting vulnerability in Jenkins ElectricFlow Plugin 1.1.5 and earlier allowed attackers able to configure jobs in Jenkins or control the output of the ElectricFlow API to inject arbitrary HTML and JavaScript in the plugin-provided output on build status pages.","BID:108747 | URL:http://www.securityfocus.com/bid/108747 | CONFIRM:https://jenkins.io/security/advisory/2019-06-11/#SECURITY-1412 | MLIST:[oss-security] 20190611 Multiple vulnerabilities in Jenkins plugins | URL:http://www.openwall.com/lists/oss-security/2019/06/11/1",Assigned (20190329),"None (candidate not yet proposed)","" CVE-2019-10336,Candidate,"A reflected cross site scripting vulnerability in Jenkins ElectricFlow Plugin 1.1.6 and earlier allowed attackers able to control the output of the ElectricFlow API to inject arbitrary HTML and JavaScript in job configuration forms containing post-build steps provided by this plugin.","BID:108747 | URL:http://www.securityfocus.com/bid/108747 | CONFIRM:https://jenkins.io/security/advisory/2019-06-11/#SECURITY-1420 | MLIST:[oss-security] 20190611 Multiple vulnerabilities in Jenkins plugins | URL:http://www.openwall.com/lists/oss-security/2019/06/11/1",Assigned (20190329),"None (candidate not yet proposed)","" CVE-2019-16165,Candidate,"GNU cflow through 1.6 has a use-after-free in the reference function in parser.c.","MISC:https://lists.gnu.org/archive/html/bug-cflow/2019-04/msg00001.html",Assigned (20190909),"None (candidate not yet proposed)","" CVE-2019-16166,Candidate,"GNU cflow through 1.6 has a heap-based buffer over-read in the nexttoken function in parser.c.","MISC:https://lists.gnu.org/archive/html/bug-cflow/2019-04/msg00000.html",Assigned (20190909),"None (candidate not yet proposed)","" CVE-2020-13259,Candidate,"A vulnerability in the web-based management interface of RAD SecFlow-1v os-image SF_0290_2.3.01.26 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. This could be exploited in conjunction with CVE-2020-13260.","EXPLOIT-DB:48809 | URL:https://www.exploit-db.com/exploits/48809 | MISC:https://cxsecurity.com/issue/WLB-2020090064",Assigned (20200521),"None (candidate not yet proposed)","" CVE-2020-13260,Candidate,"A vulnerability in the web-based management interface of RAD SecFlow-1v through 2020-05-21 could allow an authenticated attacker to upload a JavaScript file, with a stored XSS payload, that will remain stored in the system as an OVPN file in Configuration-Services-Security-OpenVPN-Config or as the static key file in Configuration-Services-Security-OpenVPN-Static Keys. This payload will execute each time a user opens an affected web page. This could be exploited in conjunction with CVE-2020-13259.","MISC:https://cxsecurity.com/issue/WLB-2020090063 | MISC:https://www.exploit-db.com/exploits/48807 | MISC:https://www.rad.com/products/secflow-1v-IIoT-Gateway#panels-ipe-paneid-143837",Assigned (20200521),"None (candidate not yet proposed)","" CVE-2000-0963,Candidate,"Buffer overflow in ncurses library allows local users to execute arbitrary commands via long environmental information such as TERM or TERMINFO_DIRS.","BID:1142 | URL:http://www.securityfocus.com/bid/1142 | BUGTRAQ:20001009 ncurses buffer overflows | URL:http://www.securityfocus.com/archive/1/138550 | CALDERA:CSSA-2000-036.0 | URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-036.0.txt | XF:gnu-ncurses-term-terminfodirs-bo(44487) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/44487",Modified (20080819)," ACCEPT(2) Cole, Mell | MODIFY(1) Frech | REVIEWING(1) Christey","Christey> Various vendor writeups indicate that there are multiple | overflows, so maybe this needs to be SPLIT. | | ADDREF FREEBSD:FreeBSD-SA-00:68 | ADDREF DEBIAN:20001121 ncurses: local privilege escalation | http://www.debian.org/security/2000/20001121 | ADDREF REDHAT:RHSA-2000:115 | http://www.redhat.com/support/errata/RHSA-2000-115.html | BUGTRAQ:20001201 Immunix OS Security update for ncurses | http://marc.theaimsgroup.com/?l=bugtraq&m=97570745306444&w=2 | Frech> XF:libmytinfo-bo(4422) | CHANGE> [Christey changed vote from NOOP to REVIEWING] | Christey> This is all a library issue in which TERM/TERMINFO_DIRS are | one possible attack vector, but another is through entries | in the .terminfo file. Add .terminfo and termcap to the | description, as well as libncurses. | | ADDREF MANDRAKE:MDKSA-2001:052 | URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-052.php3 | | Now need to examine whether this is a dupe of CVE-2002-0062, | and/or BID:2116. There's certainly enough confusion to go | around. | CHANGE> [Christey changed vote from REVIEWING to NOOP] | Christey> This is not a dupe of CVE-2002-0062. As explained in | DEBIAN:DSA-113, the original patches for CVE-2000-0963 | didn't catch every problem. | | ADDREF SUSE:SuSE-SA:2000:043 | URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97267560724404&w=2 | CHANGE> [Christey changed vote from NOOP to REVIEWING]" CVE-2002-0062,Entry,"Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package as used in Red Hat Linux, allows local users to gain privileges, related to ""routines for moving the physical cursor and scrolling.""","BID:2116 | URL:http://www.securityfocus.com/bid/2116 | DEBIAN:DSA-113 | URL:http://www.debian.org/security/2002/dsa-113 | REDHAT:RHSA-2002:020 | URL:http://www.redhat.com/support/errata/RHSA-2002-020.html | XF:gnu-ncurses-window-bo(8222) | URL:http://www.iss.net/security_center/static/8222.php",,"","" CVE-2005-1796,Candidate,"Format string vulnerability in the curses_msg function in the Ncurses interface (ec_curses.c) for Ettercap before 0.7.3 allows remote attackers to execute arbitrary code.","BID:13820 | URL:http://www.securityfocus.com/bid/13820 | CONFIRM:http://ettercap.sourceforge.net/history.php | DEBIAN:DSA-749 | URL:http://www.debian.org/security/2005/dsa-749 | GENTOO:GLSA-200506-07 | URL:http://www.gentoo.org/security/en/glsa/glsa-200506-07.xml | SECTRACK:1014084 | URL:http://securitytracker.com/id?1014084 | SECUNIA:15535 | URL:http://secunia.com/advisories/15535 | SECUNIA:15664 | URL:http://secunia.com/advisories/15664 | SECUNIA:16000 | URL:http://secunia.com/advisories/16000 | VUPEN:ADV-2005-0670 | URL:http://www.vupen.com/english/advisories/2005/0670",Assigned (20050601),"None (candidate not yet proposed)","" CVE-2017-10684,Candidate,"In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.","GENTOO:GLSA-201804-13 | URL:https://security.gentoo.org/glsa/201804-13 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1464687",Assigned (20170629),"None (candidate not yet proposed)","" CVE-2017-10685,Candidate,"In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.","GENTOO:GLSA-201804-13 | URL:https://security.gentoo.org/glsa/201804-13 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1464692",Assigned (20170629),"None (candidate not yet proposed)","" CVE-2017-11112,Candidate,"In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.","GENTOO:GLSA-201804-13 | URL:https://security.gentoo.org/glsa/201804-13 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1464686",Assigned (20170708),"None (candidate not yet proposed)","" CVE-2017-11113,Candidate,"In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.","GENTOO:GLSA-201804-13 | URL:https://security.gentoo.org/glsa/201804-13 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1464691",Assigned (20170708),"None (candidate not yet proposed)","" CVE-2017-13728,Candidate,"There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.","GENTOO:GLSA-201804-13 | URL:https://security.gentoo.org/glsa/201804-13 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1484274",Assigned (20170829),"None (candidate not yet proposed)","" CVE-2017-13729,Candidate,"There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.","GENTOO:GLSA-201804-13 | URL:https://security.gentoo.org/glsa/201804-13 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1484276",Assigned (20170829),"None (candidate not yet proposed)","" CVE-2017-13730,Candidate,"There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.","GENTOO:GLSA-201804-13 | URL:https://security.gentoo.org/glsa/201804-13 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1484284",Assigned (20170829),"None (candidate not yet proposed)","" CVE-2017-13731,Candidate,"There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.","GENTOO:GLSA-201804-13 | URL:https://security.gentoo.org/glsa/201804-13 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1484285",Assigned (20170829),"None (candidate not yet proposed)","" CVE-2017-13732,Candidate,"There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.","GENTOO:GLSA-201804-13 | URL:https://security.gentoo.org/glsa/201804-13 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1484287",Assigned (20170829),"None (candidate not yet proposed)","" CVE-2017-13733,Candidate,"There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.","GENTOO:GLSA-201804-13 | URL:https://security.gentoo.org/glsa/201804-13 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1484290",Assigned (20170829),"None (candidate not yet proposed)","" CVE-2017-13734,Candidate,"There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack.","GENTOO:GLSA-201804-13 | URL:https://security.gentoo.org/glsa/201804-13 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1484291",Assigned (20170829),"None (candidate not yet proposed)","" CVE-2017-16879,Candidate,"Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.","CONFIRM:http://invisible-island.net/ncurses/NEWS.html#t20171125 | CONFIRM:https://tools.cisco.com/security/center/viewAlert.x?alertId=57695 | GENTOO:GLSA-201804-13 | URL:https://security.gentoo.org/glsa/201804-13 | MISC:http://packetstormsecurity.com/files/145045/GNU-ncurses-6.0-tic-Denial-Of-Service.html",Assigned (20171117),"None (candidate not yet proposed)","" CVE-2018-19211,Candidate,"In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a ""dubious character `*' in name or alias field"" detection.","MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1643754",Assigned (20181112),"None (candidate not yet proposed)","" CVE-2018-19217,Candidate,"** DISPUTED ** In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party.","MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1643753",Assigned (20181112),"None (candidate not yet proposed)","" CVE-2019-15546,Candidate,"An issue was discovered in the pancurses crate through 0.16.1 for Rust. printw and mvprintw have format string vulnerabilities.","MISC:https://rustsec.org/advisories/RUSTSEC-2019-0005.html",Assigned (20190825),"None (candidate not yet proposed)","" CVE-2019-15547,Candidate,"An issue was discovered in the ncurses crate through 5.99.0 for Rust. There are format string issues in printw functions because C format arguments are mishandled.","MISC:https://rustsec.org/advisories/RUSTSEC-2019-0006.html",Assigned (20190825),"None (candidate not yet proposed)","" CVE-2019-15548,Candidate,"An issue was discovered in the ncurses crate through 5.99.0 for Rust. There are instr and mvwinstr buffer overflows because interaction with C functions is mishandled.","MISC:https://rustsec.org/advisories/RUSTSEC-2019-0006.html",Assigned (20190825),"None (candidate not yet proposed)","" CVE-2019-17594,Candidate,"There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.","GENTOO:GLSA-202101-28 | URL:https://security.gentoo.org/glsa/202101-28 | MISC:https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html | MISC:https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html | SUSE:openSUSE-SU-2019:2550 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html | SUSE:openSUSE-SU-2019:2551 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html",Assigned (20191014),"None (candidate not yet proposed)","" CVE-2019-17595,Candidate,"There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.","GENTOO:GLSA-202101-28 | URL:https://security.gentoo.org/glsa/202101-28 | MISC:https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html | MISC:https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html | SUSE:openSUSE-SU-2019:2550 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html | SUSE:openSUSE-SU-2019:2551 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html",Assigned (20191014),"None (candidate not yet proposed)","" CVE-2001-0604,Candidate,"Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via URL requests (>8Kb) containing a large number of '/' characters.","BUGTRAQ:20010411 def-2001-20: Lotus Domino Multiple DoS | URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0174.html | XF:lotus-domino-url-dos(6351) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6351",Proposed (20010727)," ACCEPT(2) Baker, Frech | NOOP(4) Cole, Foat, Wall, Ziese | REVIEWING(1) Bishop","Frech> CONFIRM:http://www.notes.net/qmrdown.nsf/QMRWelcome; Lotus | does not seem to wax prolific with their DoS explanations. For 5.0.7, | any of these SPR#s have the explanation ""Fixed a potential Denial of | Service attack on HTTP."": JCHN4TQS2T, JCHN4RPKC2, JCHN4TQNL8, | JCHN4JQKYQ, JCHN4TGN32." CVE-2003-0959,Candidate,"Multiple integer overflows in the 32bit emulation for AMD64 architectures in Linux 2.4 kernel before 2.4.21 allows attackers to cause a denial of service or gain root privileges via unspecified vectors that trigger copy_from_user function calls with improper length arguments.","CONFIRM:http://linux.bkbits.net:8080/linux-2.4/cset@3ed382f7UfJ9Q2LKCJq1Tc5B7-EC5A | XF:linux-kernel-unspecified-priv-escalation(43072) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/43072",Assigned (20031126),"None (candidate not yet proposed)","" CVE-2007-2379,Candidate,"The jQuery framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka ""JavaScript Hijacking.""","CONFIRM:https://security.netapp.com/advisory/ntap-20190416-0007/ | MISC:http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf | OSVDB:43320 | URL:http://osvdb.org/43320",Assigned (20070430),"None (candidate not yet proposed)","" CVE-2008-4728,Candidate,"Multiple insecure method vulnerabilities in the DeployRun.DeploymentSetup.1 (DeployRun.dll) ActiveX control 10.0.0.44 in Hummingbird Deployment Wizard 2008 allow remote attackers to execute arbitrary programs via the (1) Run and (2) PerformUpdateAsync methods, and (3) modify arbitrary registry values via the SetRegistryValueAsString method. NOTE: the SetRegistryValueAsString method could be leveraged for code execution by specifying executable file values to Startup folders.","BID:31799 | URL:http://www.securityfocus.com/bid/31799 | EXPLOIT-DB:6773 | URL:https://www.exploit-db.com/exploits/6773 | EXPLOIT-DB:6774 | URL:https://www.exploit-db.com/exploits/6774 | EXPLOIT-DB:6776 | URL:https://www.exploit-db.com/exploits/6776 | MISC:http://www.shinnai.net/xplits/TXT_2XfQ1sHruhjaoePszNTG.html | MISC:http://www.shinnai.net/xplits/TXT_JqLchaIAfq4kSH0NsvJO.html | MISC:http://www.shinnai.net/xplits/TXT_L0z0Mimixdsko8kI6VFW.html | SECUNIA:32337 | URL:http://secunia.com/advisories/32337 | VUPEN:ADV-2008-2857 | URL:http://www.vupen.com/english/advisories/2008/2857 | XF:hummingbird-run-command-execution(45961) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/45961",Assigned (20081023),"None (candidate not yet proposed)","" CVE-2010-0670,Candidate,"Unspecified vulnerability in the IP-Tech JQuarks (com_jquarks) Component before 0.2.4 for Joomla! allows attackers to obtain the installation path for Joomla! via unknown vectors.","CONFIRM:http://www.iptechinside.com/labs/news/show/6 | XF:jquarks-unspecified-path-disclosure(56523) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/56523",Assigned (20100222),"None (candidate not yet proposed)","" CVE-2010-0692,Candidate,"SQL injection vulnerability in the IP-Tech JQuarks (com_jquarks) Component 0.2.3, and possibly earlier, for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. NOTE: some of these details are obtained from third party information.","BID:38203 | URL:http://www.securityfocus.com/bid/38203 | CONFIRM:http://www.iptechinside.com/labs/news/show/6 | OSVDB:62332 | URL:http://www.osvdb.org/62332 | SECUNIA:38623 | URL:http://secunia.com/advisories/38623",Assigned (20100223),"None (candidate not yet proposed)","" CVE-2010-0760,Candidate,"Multiple directory traversal vulnerabilities in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) file parameter to libraries/jquery/js/ui/jsloader.php and the (2) files[] parameter to libraries/jquery/js/jsloader.php, a different vector than CVE-2010-0759. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.","OSVDB:62484 | URL:http://www.osvdb.org/62484 | OSVDB:62485 | URL:http://www.osvdb.org/62485 | SECUNIA:38637 | URL:http://secunia.com/advisories/38637",Assigned (20100226),"None (candidate not yet proposed)","" CVE-2010-3798,Candidate,"Heap-based buffer overflow in xar in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted xar archive.","APPLE:APPLE-SA-2010-11-10-1 | URL:http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html | CONFIRM:http://support.apple.com/kb/HT4435 | FEDORA:FEDORA-2020-bbd24dd0cf | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2S2KRIILUKBJHXDNYJQQX74TFUQRG5ND/ | FEDORA:FEDORA-2020-edf53cd770 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YV6RF6VWM7AFYFTTS7VY5TNH26QUEEFC/ | SECTRACK:1024723 | URL:http://www.securitytracker.com/id?1024723",Assigned (20101007),"None (candidate not yet proposed)","" CVE-2010-4638,Candidate,"SQL injection vulnerability in the submitSurvey function in controller.php in JQuarks4s (com_jquarks4s) component 1.0.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the q parameter in a submitSurvey action to index.php.","EXPLOIT-DB:15466 | URL:http://www.exploit-db.com/exploits/15466 | MISC:http://adv.salvatorefresta.net/JQuarks4s_Joomla_Component_1.0.0_Blind_SQL_Injection_Vulnerability-08112010.txt | SECUNIA:42164 | URL:http://secunia.com/advisories/42164",Assigned (20101230),"None (candidate not yet proposed)","" CVE-2010-5312,Candidate,"Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.","BID:71106 | URL:http://www.securityfocus.com/bid/71106 | CONFIRM:http://bugs.jqueryui.com/ticket/6016 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://github.com/jquery/jquery-ui/commit/7e9060c109b928769a664dbcc2c17bd21231b6f3 | CONFIRM:https://security.netapp.com/advisory/ntap-20190416-0007/ | DEBIAN:DSA-3249 | URL:http://www.debian.org/security/2015/dsa-3249 | MLIST:[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities | URL:https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E | MLIST:[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities | URL:https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E | MLIST:[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities | URL:https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E | MLIST:[oss-security] 20141114 Re: old CVE assignments for JQuery 1.10.0 | URL:http://seclists.org/oss-sec/2014/q4/616 | MLIST:[oss-security] 20141114 old CVE assignments for JQuery 1.10.0 | URL:http://seclists.org/oss-sec/2014/q4/613 | REDHAT:RHSA-2015:0442 | URL:http://rhn.redhat.com/errata/RHSA-2015-0442.html | REDHAT:RHSA-2015:1462 | URL:http://rhn.redhat.com/errata/RHSA-2015-1462.html | SECTRACK:1037035 | URL:http://www.securitytracker.com/id/1037035 | XF:jqueryui-cve20105312-xss(98696) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/98696",Assigned (20141114),"None (candidate not yet proposed)","" CVE-2011-1214,Candidate,"Stack-based buffer overflow in rtfsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted link in a .rtf attachment, aka SPR PRAD8823JQ.","BID:47962 | URL:http://www.securityfocus.com/bid/47962 | CONFIRM:http://www.ibm.com/support/docview.wss?uid=swg21500034 | IDEFENSE:20110524 IBM Lotus Notes RTF Attachment Viewer Stack Buffer Overflow | URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=905 | OVAL:oval:org.mitre.oval:def:14309 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14309 | SECUNIA:44624 | URL:http://secunia.com/advisories/44624 | XF:lotus-notes-rtfsr-bo(67621) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/67621",Assigned (20110303),"None (candidate not yet proposed)","" CVE-2011-4969,Candidate,"Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.","BID:58458 | URL:http://www.securityfocus.com/bid/58458 | CONFIRM:http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/ | CONFIRM:http://bugs.jquery.com/ticket/9521 | CONFIRM:https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9 | CONFIRM:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017 | CONFIRM:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380 | CONFIRM:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730 | CONFIRM:https://security.netapp.com/advisory/ntap-20190416-0007/ | MISC:http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html | MLIST:[oss-security] 20130130 jQuery 1.6.2 XSS CVE assignment | URL:http://www.openwall.com/lists/oss-security/2013/01/31/3 | MLIST:[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1 | URL:https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E | OSVDB:80056 | URL:http://www.osvdb.org/80056 | SECTRACK:1036620 | URL:http://www.securitytracker.com/id/1036620 | UBUNTU:USN-1722-1 | URL:http://www.ubuntu.com/usn/USN-1722-1",Assigned (20111223),"None (candidate not yet proposed)","" CVE-2011-5180,Candidate,"Cross-site scripting (XSS) vulnerability in wp-1pluginjquery.php in the ZooEffect plugin 1.01 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. NOTE: some of these details are obtained from third party information. NOTE: this has been disputed by a third party.","BID:50860 | URL:http://www.securityfocus.com/bid/50860 | BUGTRAQ:20111130 Wordpress 1-jquery-photo-gallery-slideshow-flash plugin Cross-Site Scripting Vulnerabilities | URL:http://www.securityfocus.com/archive/1/520690/100/0/threaded | OSVDB:77648 | URL:http://www.osvdb.org/77648 | XF:wp1jqueryphotogallery-page-xss(71572) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/71572",Assigned (20120919),"None (candidate not yet proposed)","" CVE-2012-4027,Candidate,"Directory traversal vulnerability in Tridium Niagara AX Framework allows remote attackers to read files outside of the intended images, nav, and px folders by leveraging incorrect permissions, as demonstrated by reading the config.bog file.","CONFIRM:https://www.tridium.com/galleries/briefings/NiagaraAX_Framework_Software_Security_Alert.pdf | MISC:http://www.washingtonpost.com/investigations/tridiums-niagara-framework-marvel-of-connectivity-illustrates-new-cyber-risks/2012/07/11/gJQARJL6dW_story.html",Assigned (20120716),"None (candidate not yet proposed)","" CVE-2012-4028,Candidate,"Tridium Niagara AX Framework does not properly store credential data, which allows context-dependent attackers to bypass intended access restrictions by using the stored information for authentication.","CONFIRM:https://www.tridium.com/galleries/briefings/NiagaraAX_Framework_Software_Security_Alert.pdf | MISC:http://www.washingtonpost.com/investigations/tridiums-niagara-framework-marvel-of-connectivity-illustrates-new-cyber-risks/2012/07/11/gJQARJL6dW_story.html",Assigned (20120716),"None (candidate not yet proposed)","" CVE-2012-4458,Candidate,"The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.","CONFIRM:http://svn.apache.org/viewvc?view=revision&revision=1453031 | CONFIRM:https://issues.apache.org/jira/browse/QPID-4629 | CONFIRM:https://issues.apache.org/jira/issues/?jql=fixVersion%20%3D%20%220.21%22%20AND%20project%20%3D%20QPID | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=861234 | REDHAT:RHSA-2013:0561 | URL:http://rhn.redhat.com/errata/RHSA-2013-0561.html | REDHAT:RHSA-2013:0562 | URL:http://rhn.redhat.com/errata/RHSA-2013-0562.html | SECUNIA:52516 | URL:http://secunia.com/advisories/52516",Assigned (20120821),"None (candidate not yet proposed)","" CVE-2012-4459,Candidate,"Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.","CONFIRM:http://svn.apache.org/viewvc?view=revision&revision=1453031 | CONFIRM:https://issues.apache.org/jira/browse/QPID-4629 | CONFIRM:https://issues.apache.org/jira/issues/?jql=fixVersion%20%3D%20%220.21%22%20AND%20project%20%3D%20QPID | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=861241 | REDHAT:RHSA-2013:0561 | URL:http://rhn.redhat.com/errata/RHSA-2013-0561.html | REDHAT:RHSA-2013:0562 | URL:http://rhn.redhat.com/errata/RHSA-2013-0562.html | SECUNIA:52516 | URL:http://secunia.com/advisories/52516",Assigned (20120821),"None (candidate not yet proposed)","" CVE-2012-4460,Candidate,"The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.","CONFIRM:http://svn.apache.org/viewvc?view=revision&revision=1453031 | CONFIRM:https://issues.apache.org/jira/browse/QPID-4629 | CONFIRM:https://issues.apache.org/jira/issues/?jql=fixVersion%20%3D%20%220.21%22%20AND%20project%20%3D%20QPID | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=861242",Assigned (20120821),"None (candidate not yet proposed)","" CVE-2012-6662,Candidate,"Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo.","BID:71107 | URL:http://www.securityfocus.com/bid/71107 | CONFIRM:http://bugs.jqueryui.com/ticket/8859 | CONFIRM:http://bugs.jqueryui.com/ticket/8861 | CONFIRM:https://github.com/jquery/jquery-ui/commit/5fee6fd5000072ff32f2d65b6451f39af9e0e39e | CONFIRM:https://github.com/jquery/jquery-ui/commit/f2854408cce7e4b7fc6bf8676761904af9c96bde | MISC:https://github.com/jquery/jquery/issues/2432 | MLIST:[oss-security] 20141114 Re: old CVE assignments for JQuery 1.10.0 | URL:http://seclists.org/oss-sec/2014/q4/616 | MLIST:[oss-security] 20141114 old CVE assignments for JQuery 1.10.0 | URL:http://seclists.org/oss-sec/2014/q4/613 | REDHAT:RHSA-2015:0442 | URL:http://rhn.redhat.com/errata/RHSA-2015-0442.html | REDHAT:RHSA-2015:1462 | URL:http://rhn.redhat.com/errata/RHSA-2015-1462.html | XF:jqueryui-cve20126662-xss(98697) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/98697",Assigned (20141114),"None (candidate not yet proposed)","" CVE-2012-6708,Candidate,"jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.","BID:102792 | URL:http://www.securityfocus.com/bid/102792 | CONFIRM:https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 | MISC:http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html | MISC:http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html | MISC:https://bugs.jquery.com/ticket/11290 | MISC:https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d | MISC:https://snyk.io/vuln/npm:jquery:20120206 | MLIST:[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities | URL:https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E | MLIST:[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities | URL:https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E | MLIST:[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities | URL:https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E | SUSE:openSUSE-SU-2020:0395 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html",Assigned (20180118),"None (candidate not yet proposed)","" CVE-2013-0244,Candidate,"Cross-site scripting (XSS) vulnerability in Drupal 6.x before 6.28 and 7.x before 7.19, when running with older versions of jQuery that are vulnerable to CVE-2011-4969, allows remote attackers to inject arbitrary web script or HTML via vectors involving unspecified Javascript functions that are used to select DOM elements.","CONFIRM:https://drupal.org/SA-CORE-2013-001 | DEBIAN:DSA-2776 | URL:http://www.debian.org/security/2013/dsa-2776 | FULLDISC:20130116 [Security-news] SA-CORE-2013-001 - Drupal core - Multiple vulnerabilities | URL:http://seclists.org/fulldisclosure/2013/Jan/120 | MISC:http://packetstormsecurity.com/files/119598/Drupal-Core-6.x-7.x-Cross-Site-Scripting-Access-Bypass.html | MLIST:[oss-security] 20130130 Re: CVE | URL:http://seclists.org/oss-sec/2013/q1/211 | OSVDB:89306 | URL:http://osvdb.org/89306",Assigned (20121206),"None (candidate not yet proposed)","" CVE-2013-1808,Candidate,"Cross-site scripting (XSS) vulnerability in ZeroClipboard.swf and ZeroClipboard10.swf in ZeroClipboard before 1.0.8, as used in em-shorty, RepRapCalculator, Fulcrum, Django, aCMS, and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this is might be the same vulnerability as CVE-2013-1463. If so, it is likely that CVE-2013-1463 will be REJECTed.","BID:58257 | URL:http://www.securityfocus.com/bid/58257 | CONFIRM:http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb | CONFIRM:https://github.com/jonrohan/ZeroClipboard/blob/master/docs/releases.md#zeroclipboard-108 | CONFIRM:https://github.com/jonrohan/ZeroClipboard/commit/a0e02933f5f7ce5f364fbad36a005f0a349f0696 | FULLDISC:20130218 XSS vulnerabilities in ZeroClipboard | URL:http://seclists.org/fulldisclosure/2013/Feb/103 | FULLDISC:20130220 XSS vulnerabilities in YAML, Multiproject for Trac, UserCollections for Piwigo, TAO and TableTools for DataTables for jQuery | URL:http://seclists.org/fulldisclosure/2013/Feb/109 | FULLDISC:20130301 XSS vulnerabilities in em-shorty, RepRapCalculator, Fulcrum, Django and aCMS | URL:http://seclists.org/fulldisclosure/2013/Mar/5 | FULLDISC:20130409 XSS and FPD vulnerabilities in ZeroClipboard in multiple themes for WordPress | URL:http://seclists.org/fulldisclosure/2013/Apr/88 | FULLDISC:20130418 XSS vulnerabilities in ZeroClipboard in multiple plugins for WordPress | URL:http://seclists.org/fulldisclosure/2013/Apr/87 | MISC:http://securityvulns.ru/docs29103.html | MISC:http://securityvulns.ru/docs29104.html | MISC:http://securityvulns.ru/docs29105.html | MLIST:[oss-security] 20130302 Re: [Full-disclosure] XSS vulnerabilities in em-shorty, RepRapCalculator, Fulcrum, Django and aCMS - ZeroClipboard.swf | URL:http://www.openwall.com/lists/oss-security/2013/03/03/3 | MLIST:[oss-security] 20130310 WordPress plugins vulnerable to CVE-2013-1808 | URL:http://www.openwall.com/lists/oss-security/2013/03/10/2 | MLIST:[oss-security] 20130324 XSS vulnerabilities in ZeroClipboard and multiple web applications | URL:http://www.openwall.com/lists/oss-security/2013/03/25/1 | MLIST:[oss-security] 20130326 Re: WordPress plugins vulnerable to CVE-2013-1808 | URL:http://www.openwall.com/lists/oss-security/2013/03/26/8",Assigned (20130219),"None (candidate not yet proposed)","" CVE-2013-1942,Candidate,"Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.2.20, as used in ownCloud Server before 5.0.4 and other products, allow remote attackers to inject arbitrary web script or HTML via the (1) jQuery or (2) id parameters, as demonstrated using document.write in the jQuery parameter, a different vulnerability than CVE-2013-2022 and CVE-2013-2023.","BID:59030 | URL:http://www.securityfocus.com/bid/59030 | CONFIRM:http://owncloud.org/about/security/advisories/oC-SA-2013-014/ | CONFIRM:http://www.jplayer.org/2.3.0/release-notes/ | CONFIRM:https://github.com/happyworm/jPlayer/commit/e8ca190f7f972a6a421cb95f09e138720e40ed6d | FULLDISC:20130421 Vulnerabilities in jPlayer | URL:http://seclists.org/fulldisclosure/2013/Apr/192 | MLIST:[oss-security] 20130411 CVE-2013-1942 jPlayer 2.2.19 XSS | URL:http://marc.info/?l=oss-security&m=136570964825921&w=2 | MLIST:[oss-security] 20130429 Re: CVE-2013-1942 jPlayer 2.2.19 XSS | URL:http://marc.info/?l=oss-security&m=136726705917858&w=2 | MLIST:[oss-security] 20130505 Re: CVE-2013-1942 jPlayer 2.2.19 XSS | URL:http://marc.info/?l=oss-security&m=136773622321563&w=2",Assigned (20130219),"None (candidate not yet proposed)","" CVE-2013-2022,Candidate,"Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.2.23 allow remote attackers to inject arbitrary web script or HTML via the (1) jQuery or (2) id parameters, a different vulnerability than CVE-2013-1942 and CVE-2013-2023, as demonstrated by using the alert function in the jQuery parameter. NOTE: these are the same parameters as CVE-2013-1942, but the fix for CVE-2013-1942 uses a blacklist for the jQuery parameter.","CONFIRM:http://www.jplayer.org/2.3.0/release-notes/ | CONFIRM:https://github.com/happyworm/jPlayer/commit/c5fe17bb4459164bd59153b57248cf94b8867373 | FULLDISC:20130421 Vulnerabilities in jPlayer | URL:http://seclists.org/fulldisclosure/2013/Apr/192 | MLIST:[oss-security] 20130411 CVE-2013-1942 jPlayer 2.2.19 XSS | URL:http://marc.info/?l=oss-security&m=136570964825921&w=2 | MLIST:[oss-security] 20130429 Re: CVE-2013-1942 jPlayer 2.2.19 XSS | URL:http://marc.info/?l=oss-security&m=136726705917858&w=2 | MLIST:[oss-security] 20130505 Re: CVE-2013-1942 jPlayer 2.2.19 XSS | URL:http://marc.info/?l=oss-security&m=136773622321563&w=2 | MLIST:[oss-security] 20130627 Re: Re: CVE-2013-1942 jPlayer 2.2.19 XSS | URL:http://www.openwall.com/lists/oss-security/2013/06/27/7 | MLIST:[oss-security] 20130704 Re: Re: CVE-2013-1942 jPlayer 2.2.19 XSS | URL:http://www.openwall.com/lists/oss-security/2013/07/04/5",Assigned (20130219),"None (candidate not yet proposed)","" CVE-2013-4383,Candidate,"Cross-site scripting (XSS) vulnerability in the jQuery Countdown module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the ""access administration pages"" permission to inject arbitrary web script or HTML via unspecified vectors.","BID:62340 | URL:http://www.securityfocus.com/bid/62340 | CONFIRM:https://drupal.org/node/2087089 | MISC:https://drupal.org/node/2087095",Assigned (20130612),"None (candidate not yet proposed)","" CVE-2013-4634,Candidate,"SQL injection vulnerability in the jQuery autocomplete for indexed_search (rzautocomplete) extension before 0.0.9 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.","BID:60276 | URL:http://www.securityfocus.com/bid/60276 | CONFIRM:http://typo3.org/extensions/repository/view/rzautocomplete | MISC:http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-007/ | OSVDB:93815 | URL:http://osvdb.org/93815 | SECUNIA:53633 | URL:http://secunia.com/advisories/53633 | XF:typo3-jquery-unspecified-sql-injection(84659) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/84659",Assigned (20130620),"None (candidate not yet proposed)","" CVE-2013-5957,Candidate,"Multiple SQL injection vulnerabilities in CRM/Core/Page/AJAX/Location.php in CiviCRM before 4.2.12, 4.3.x before 4.3.7, and 4.4.x before 4.4.beta4 allow remote attackers to execute arbitrary SQL commands via the _value parameter to (1) ajax/jqState or (2) ajax/jqcounty.","CONFIRM:https://civicrm.org/advisory/civi-sa-2013-009-sql-injection-vulnerability | CONFIRM:https://github.com/civicrm/civicrm-core/pull/1708.diff | MISC:https://www.navixia.com/blog/entry/navixia-finds-critical-vulnerability-in-civicrm-cve-2013-5957.html | MISC:https://www.navixia.com/company/navixia-news/395-navixia-finds-critical-vulnerability-in-civicrm.html",Assigned (20130927),"None (candidate not yet proposed)","" CVE-2013-6837,Candidate,"Cross-site scripting (XSS) vulnerability in the setTimeout function in js/jquery.prettyPhoto.js in prettyPhoto 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted PATH_INTO to the default URI.","CONFIRM:http://themeforest.net/item/udesign-responsive-wordpress-theme/253220 | CONFIRM:http://www.no-margin-for-errors.com/projects/prettyphoto-jquery-lightbox-clone/ | CONFIRM:https://github.com/Duncaen/prettyphoto/commit/3ef0ddfefebbcc6bbe9245f9cea87e26838e9bbc | MISC:http://cxsecurity.com/issue/WLB-2013110149 | MISC:http://themeforest.net/forums/thread/security-vulnerability-affecting-prettyphoto-jquery-script/181180 | MISC:http://www.perucrack.net/2014/07/haciendo-un-xss-en-plugin-prettyphoto.html | MISC:http://www.rafayhackingarticles.net/2013/05/kali-linux-dom-based-xss-writeup.html",Assigned (20131120),"None (candidate not yet proposed)","" CVE-2013-7129,Candidate,"Cross-site scripting (XSS) vulnerability in ThemeBeans Blooog theme 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the jQuery parameter to assets/js/jplayer.swf.","BID:64046 | URL:http://www.securityfocus.com/bid/64046 | MISC:http://packetstormsecurity.com/files/124240 | XF:blooog-jplayer-xss(89356) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/89356",Assigned (20131217),"None (candidate not yet proposed)","" CVE-2014-3691,Candidate,"Smart Proxy (aka Smart-Proxy and foreman-proxy) in Foreman before 1.5.4 and 1.6.x before 1.6.2 does not validate SSL certificates, which allows remote attackers to bypass intended authentication and execute arbitrary API requests via a request without a certificate.","CONFIRM:http://projects.theforeman.org/issues/7822 | CONFIRM:https://github.com/theforeman/smart-proxy/pull/217 | CONFIRM:https://groups.google.com/forum/#!topic/foreman-announce/jXC5ixybjqo | REDHAT:RHSA-2015:0287 | URL:http://rhn.redhat.com/errata/RHSA-2015-0287.html | REDHAT:RHSA-2015:0288 | URL:http://rhn.redhat.com/errata/RHSA-2015-0288.html",Assigned (20140514),"None (candidate not yet proposed)","" CVE-2014-5259,Candidate,"Cross-site scripting (XSS) vulnerability in cattranslate.php in the CatTranslate JQuery plugin in BlackCat CMS 1.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter.","BID:69551 | URL:http://www.securityfocus.com/bid/69551 | BUGTRAQ:20140903 Reflected Cross-Site Scripting (XSS) in BlackCat CMS | URL:http://www.securityfocus.com/archive/1/533336/100/0/threaded | CONFIRM:http://forum.blackcat-cms.org/viewtopic.php?f=2&t=263 | MISC:http://packetstormsecurity.com/files/128141/BlackCat-CMS-1.0.3-Cross-Site-Scripting.html | MISC:https://www.htbridge.com/advisory/HTB23228 | XF:blackcatcms-cve20145259-xss(95717) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/95717",Assigned (20140815),"None (candidate not yet proposed)","" CVE-2014-6071,Candidate,"jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.","CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1136683 | CONFIRM:https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 | FULLDISC:20140902 XSS Reflected JQuery 1.4.2 - Create object option in runtime client-side | URL:http://seclists.org/fulldisclosure/2014/Sep/10",Assigned (20140902),"None (candidate not yet proposed)","" CVE-2014-6785,Candidate,"The Renny McLean Ministries (aka com.subsplash.thechurchapp.s_GJQX72) application 2.8.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.","CERT-VN:VU#582497 | URL:http://www.kb.cert.org/vuls/id/582497 | CERT-VN:VU#836553 | URL:http://www.kb.cert.org/vuls/id/836553 | MISC:https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",Assigned (20140919),"None (candidate not yet proposed)","" CVE-2014-7819,Candidate,"Multiple directory traversal vulnerabilities in server.rb in Sprockets before 2.0.5, 2.1.x before 2.1.4, 2.2.x before 2.2.3, 2.3.x before 2.3.3, 2.4.x before 2.4.6, 2.5.x before 2.5.1, 2.6.x and 2.7.x before 2.7.1, 2.8.x before 2.8.3, 2.9.x before 2.9.4, 2.10.x before 2.10.2, 2.11.x before 2.11.3, 2.12.x before 2.12.3, and 3.x before 3.0.0.beta.3, as distributed with Ruby on Rails 3.x and 4.x, allow remote attackers to determine the existence of files outside the application root via a ../ (dot dot slash) sequence with (1) double slashes or (2) URL encoding.","MLIST:[rubyonrails-security] 20141030 Arbitrary file existence disclosure in Sprockets (CVE-2014-7819) | URL:https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wQBeGXqGs3E/JqUMB6fhh3gJ | MLIST:[rubyonrails-security] 20141030 [AMENDED] [CVE-2014-7819] Arbitrary file existence disclosure in Sprockets | URL:https://groups.google.com/forum/message/raw?msg=rubyonrails-security/doAVp0YaTqY/aHFngBqNBoAJ | SUSE:openSUSE-SU-2014:1502 | URL:http://lists.opensuse.org/opensuse-updates/2014-11/msg00103.html | SUSE:openSUSE-SU-2014:1504 | URL:http://lists.opensuse.org/opensuse-updates/2014-11/msg00105.html | SUSE:openSUSE-SU-2014:1513 | URL:http://lists.opensuse.org/opensuse-updates/2014-11/msg00110.html | SUSE:openSUSE-SU-2014:1514 | URL:http://lists.opensuse.org/opensuse-updates/2014-11/msg00111.html",Assigned (20141003),"None (candidate not yet proposed)","" CVE-2014-8739,Candidate,"Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form (formerly Sexy Contact Form) before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute arbitrary code by uploading a PHP file with an PHP extension, then accessing it via a direct request to the file in files/, as exploited in the wild in October 2014.","MISC:http://osvdb.org/show/osvdb/113669 | MISC:http://osvdb.org/show/osvdb/113673 | MISC:http://www.openwall.com/lists/oss-security/2014/11/11/4 | MISC:http://www.openwall.com/lists/oss-security/2014/11/11/5 | MISC:http://www.openwall.com/lists/oss-security/2014/11/13/3 | MISC:https://wordpress.org/plugins/sexy-contact-form/changelog/ | MISC:https://www.exploit-db.com/exploits/35057/ | MISC:https://www.exploit-db.com/exploits/36811/",Assigned (20141113),"None (candidate not yet proposed)","" CVE-2015-1840,Candidate,"jquery_ujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server, via a leading space character in a URL within an attribute value.","BID:75239 | URL:http://www.securityfocus.com/bid/75239 | CONFIRM:https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md | CONFIRM:https://github.com/rails/jquery-ujs/blob/master/CHANGELOG.md | FEDORA:FEDORA-2015-10144 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-June/161043.html | FEDORA:FEDORA-2015-10258 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160906.html | MLIST:[oss-security] 20150616 [CVE-2015-1840] CSRF Vulnerability in jquery-ujs and jquery-rails | URL:http://openwall.com/lists/oss-security/2015/06/16/15 | MLIST:[rubyonrails-security] 20150616 [CVE-2015-1840] CSRF Vulnerability in jquery-ujs and jquery-rails | URL:https://groups.google.com/forum/message/raw?msg=rubyonrails-security/XIZPbobuwaY/fqnzzpuOlA4J | SUSE:openSUSE-SU-2015:1260 | URL:http://lists.opensuse.org/opensuse-updates/2015-07/msg00041.html",Assigned (20150217),"None (candidate not yet proposed)","" CVE-2015-2089,Candidate,"Multiple cross-site request forgery (CSRF) vulnerabilities in the CrossSlide jQuery (crossslide-jquery-plugin-for-wordpress) plugin 2.0.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings or conduct cross-site scripting (XSS) attacks via the (2) csj_width, (3) csj_height, (4) csj_sleep, (5) csj_fade, or (6) upload_image parameter in the thisismyurl_csj.php page to wp-admin/options-general.php.","BID:74894 | URL:http://www.securityfocus.com/bid/74894 | MISC:http://packetstormsecurity.com/files/130313/WordPress-Cross-Slide-2.0.5-Cross-Site-Request-Forgery-Cross-Site-Scripting.html",Assigned (20150226),"None (candidate not yet proposed)","" CVE-2015-2304,Candidate,"Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive.","CONFIRM:http://advisories.mageia.org/MGASA-2015-0106.html | CONFIRM:https://github.com/libarchive/libarchive/commit/59357157706d47c365b2227739e17daba3607526 | CONFIRM:https://github.com/libarchive/libarchive/pull/110 | CONFIRM:https://groups.google.com/forum/#!msg/libarchive-discuss/dN9y1VvE1Qk/Z9uerigjQn0J | DEBIAN:DSA-3180 | URL:http://www.debian.org/security/2015/dsa-3180 | FREEBSD:FreeBSD-SA-16:22 | URL:https://www.freebsd.org/security/advisories/FreeBSD-SA-16:22.libarchive.asc | GENTOO:GLSA-201701-03 | URL:https://security.gentoo.org/glsa/201701-03 | MANDRIVA:MDVSA-2015:157 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:157 | MLIST:[oss-security] 20150108 Directory traversals in cpio and friends? | URL:http://www.openwall.com/lists/oss-security/2015/01/07/5 | MLIST:[oss-security] 20150116 CVE Request: libarchive -- directory traversal in bsdcpio | URL:http://www.openwall.com/lists/oss-security/2015/01/16/7 | SECTRACK:1035996 | URL:http://www.securitytracker.com/id/1035996 | SUSE:openSUSE-SU-2015:0568 | URL:http://lists.opensuse.org/opensuse-updates/2015-03/msg00065.html | UBUNTU:USN-2549-1 | URL:http://www.ubuntu.com/usn/USN-2549-1",Assigned (20150315),"None (candidate not yet proposed)","" CVE-2015-2531,Candidate,"Cross-site scripting (XSS) vulnerability in the jQuery engine in Microsoft Lync Server 2013 and Skype for Business Server 2015 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka ""Skype for Business Server and Lync Server XSS Information Disclosure Vulnerability.""","MS:MS15-104 | URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-104 | SECTRACK:1033497 | URL:http://www.securitytracker.com/id/1033497",Assigned (20150319),"None (candidate not yet proposed)","" CVE-2015-2982,Candidate,"Cross-site scripting (XSS) vulnerability in jquery.lightbox-0.5.min.js in PHP Kobo Photo Gallery CMS for PC, smartphone and feature phone 1.0.1 Free and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified input to admin.php.","CONFIRM:http://www.php-factory.net/trivia/16.php | JVN:JVN#69175956 | URL:http://jvn.jp/en/jp/JVN69175956/index.html | JVNDB:JVNDB-2015-000113 | URL:http://jvndb.jvn.jp/jvndb/JVNDB-2015-000113",Assigned (20150407),"None (candidate not yet proposed)","" CVE-2015-3634,Candidate,"The SlideshowPluginSlideshowStylesheet::loadStylesheetByAJAX function in the Slideshow plugin 2.2.8 through 2.2.21 for Wordpress allows remote attackers to read arbitrary Wordpress option values.","BID:74453 | URL:http://www.securityfocus.com/bid/74453 | CONFIRM:https://github.com/Boonstra/Slideshow/commit/cac505e593cbe70a4d8af5b639f5385d4cc7aa04 | CONFIRM:https://wordpress.org/plugins/slideshow-jquery-image-gallery/#developers | MLIST:[oss-security] 20150502 Re: CVE request / Advisory: Slideshow (Wordpress plugin) - Wordpress option value disclosure | URL:http://www.openwall.com/lists/oss-security/2015/05/02/12",Assigned (20150502),"None (candidate not yet proposed)","" CVE-2015-6584,Candidate,"Cross-site scripting (XSS) vulnerability in the DataTables plugin 1.10.8 and earlier for jQuery allows remote attackers to inject arbitrary web script or HTML via the scripts parameter to media/unit_testing/templates/6776.php.","BUGTRAQ:20150910 DataTables Security Advisory - XSS Vulnerability - CVE-2015-6584 | URL:http://www.securityfocus.com/archive/1/536437/100/0/threaded | FULLDISC:20150910 DataTables Security Advisory - XSS Vulnerability - CVE-2015-6584 | URL:http://seclists.org/fulldisclosure/2015/Sep/37 | MISC:http://packetstormsecurity.com/files/133555/DataTables-1.10.8-Cross-Site-Scripting.html | MISC:https://www.netsparker.com/cve-2015-6384-xss-vulnerability-identified-in-datatables/",Assigned (20150821),"None (candidate not yet proposed)","" CVE-2015-6839,Candidate,"The parse function in MSA vot.Ar 3.1 does not check whether a candidate receives more than one vote, which allows physically proximate attackers to cast multiple votes for a candidate via a crafted RFID ballot tag.","CONFIRM:https://www.eleccionesciudad.gob.ar/uploads/resoluciones/Informe_05-BALOTAJE-2015-07-17.pdf | MISC:https://docs.google.com/document/d/13t1jqu-Upj4SyjYBMj3OMshdy6rGBrnb1R3P-goz-cs/edit?pli=1 | MISC:https://docs.google.com/document/d/1aH6kvoLR8O1qWOpEz89FAB2xFcBNB-QqHgZpXxg0vGE/preview?sle=true&pli=1 | MISC:https://www.youtube.com/watch?v=CTOCspLn6Zk",Assigned (20150908),"None (candidate not yet proposed)","" CVE-2015-7943,Candidate,"Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.41, the jQuery Update module 7.x-2.x before 7.x-2.7 for Drupal, and the LABjs module 7.x-1.x before 7.x-1.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3233.","BID:77293 | URL:http://www.securityfocus.com/bid/77293 | CONFIRM:https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2015-10-21/drupal-core-overlay-less-critical | DEBIAN:DSA-3897 | URL:http://www.debian.org/security/2017/dsa-3897 | MISC:https://www.drupal.org/node/2598426 | MISC:https://www.drupal.org/node/2598434",Assigned (20151023),"None (candidate not yet proposed)","" CVE-2015-8139,Candidate,"ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors.","BID:82105 | URL:http://www.securityfocus.com/bid/82105 | CERT-VN:VU#718152 | URL:https://www.kb.cert.org/vuls/id/718152 | CISCO:20160120 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016 | URL:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd | CONFIRM:http://support.ntp.org/bin/view/Main/NtpBug2946 | CONFIRM:https://bto.bluecoat.com/security-advisory/sa113 | CONFIRM:https://security.netapp.com/advisory/ntap-20200204-0003/ | FEDORA:FEDORA-2016-50b0066b7f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/ | FEDORA:FEDORA-2016-89e0874533 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/ | FEDORA:FEDORA-2016-c3bd6a3496 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/ | FREEBSD:FreeBSD-SA-16:09 | URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc | GENTOO:GLSA-201607-15 | URL:https://security.gentoo.org/glsa/201607-15 | SECTRACK:1034782 | URL:http://www.securitytracker.com/id/1034782 | SUSE:SUSE-SU-2016:1175 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html | SUSE:SUSE-SU-2016:1177 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html | SUSE:SUSE-SU-2016:1247 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html | SUSE:SUSE-SU-2016:1311 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html | SUSE:openSUSE-SU-2016:1292 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html | SUSE:openSUSE-SU-2016:1423 | URL:http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html",Assigned (20151113),"None (candidate not yet proposed)","" CVE-2015-8863,Candidate,"Off-by-one error in the tokenadd function in jv_parse.c in jq allows remote attackers to cause a denial of service (crash) via a long JSON-encoded number, which triggers a heap-based buffer overflow.","CONFIRM:https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802231 | CONFIRM:https://github.com/stedolan/jq/commit/8eb1367ca44e772963e704a700ef72ae2e12babd | CONFIRM:https://github.com/stedolan/jq/issues/995 | GENTOO:GLSA-201612-20 | URL:https://security.gentoo.org/glsa/201612-20 | MLIST:[oss-security] 20160423 CVE Request: jq: heap buffer overflow in tokenadd() function | URL:http://www.openwall.com/lists/oss-security/2016/04/23/1 | MLIST:[oss-security] 20160423 Re: CVE Request: jq: heap buffer overflow in tokenadd() function | URL:http://www.openwall.com/lists/oss-security/2016/04/23/2 | REDHAT:RHSA-2016:1098 | URL:http://rhn.redhat.com/errata/RHSA-2016-1098.html | REDHAT:RHSA-2016:1099 | URL:http://rhn.redhat.com/errata/RHSA-2016-1099.html | REDHAT:RHSA-2016:1106 | URL:http://rhn.redhat.com/errata/RHSA-2016-1106.html | SUSE:openSUSE-SU-2016:1212 | URL:http://lists.opensuse.org/opensuse-updates/2016-05/msg00012.html | SUSE:openSUSE-SU-2016:1214 | URL:http://lists.opensuse.org/opensuse-updates/2016-05/msg00014.html",Assigned (20160423),"None (candidate not yet proposed)","" CVE-2015-9251,Candidate,"jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.","BID:105658 | URL:http://www.securityfocus.com/bid/105658 | BUGTRAQ:20190509 dotCMS v5.1.1 Vulnerabilities | URL:https://seclists.org/bugtraq/2019/May/18 | CONFIRM:https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 | CONFIRM:https://security.netapp.com/advisory/ntap-20210108-0004/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | URL:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | URL:https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | CONFIRM:https://www.tenable.com/security/tns-2019-08 | URL:https://www.tenable.com/security/tns-2019-08 | FULLDISC:20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability | URL:http://seclists.org/fulldisclosure/2019/May/13 | FULLDISC:20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability | URL:http://seclists.org/fulldisclosure/2019/May/11 | FULLDISC:20190510 dotCMS v5.1.1 Vulnerabilities | URL:http://seclists.org/fulldisclosure/2019/May/10 | MISC:http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html | URL:http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html | MISC:http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html | URL:http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html | MISC:http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html | URL:http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html | MISC:https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc | URL:https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc | MISC:https://github.com/jquery/jquery/issues/2432 | URL:https://github.com/jquery/jquery/issues/2432 | MISC:https://github.com/jquery/jquery/pull/2588 | URL:https://github.com/jquery/jquery/pull/2588 | MISC:https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2 | URL:https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2 | MISC:https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04 | URL:https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04 | MISC:https://snyk.io/vuln/npm:jquery:20150627 | URL:https://snyk.io/vuln/npm:jquery:20150627 | MISC:https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf | URL:https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | URL:https://www.oracle.com/security-alerts/cpuapr2020.html | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | URL:https://www.oracle.com/security-alerts/cpujan2020.html | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html | MISC:https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | URL:https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | MISC:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | URL:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | MISC:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | URL:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | MLIST:[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities | URL:https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E | MLIST:[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities | URL:https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E | MLIST:[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities | URL:https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E | MLIST:[flink-dev] 20190811 Apache flink 1.7.2 security issues | URL:https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731@%3Cdev.flink.apache.org%3E | MLIST:[flink-user] 20190811 Apache flink 1.7.2 security issues | URL:https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854@%3Cuser.flink.apache.org%3E | MLIST:[flink-user] 20190813 Apache flink 1.7.2 security issues | URL:https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49@%3Cuser.flink.apache.org%3E | MLIST:[flink-user] 20190813 Re: Apache flink 1.7.2 security issues | URL:https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2@%3Cuser.flink.apache.org%3E | MLIST:[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js | URL:https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E | REDHAT:RHSA-2020:0481 | URL:https://access.redhat.com/errata/RHSA-2020:0481 | REDHAT:RHSA-2020:0729 | URL:https://access.redhat.com/errata/RHSA-2020:0729 | SUSE:openSUSE-SU-2020:0395 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html",Assigned (20180118),"None (candidate not yet proposed)","" CVE-2015-9444,Candidate,"The altos-connect plugin 1.3.0 for WordPress has XSS via the wp-content/plugins/altos-connect/jquery-validate/demo/demo/captcha/index.php/ PATH_SELF.","MISC:http://packetstormsecurity.com/files/132908/ | MISC:https://wordpress.org/plugins/altos-connect/#developers",Assigned (20190925),"None (candidate not yet proposed)","" CVE-2015-9478,Candidate,"prettyPhoto before 3.1.6 has js/jquery.prettyPhoto.js XSS.","MISC:https://github.com/scaron/prettyphoto/issues/149 | MISC:https://github.com/scaron/prettyphoto/releases/tag/3.1.6",Assigned (20191010),"None (candidate not yet proposed)","" CVE-2015-9479,Candidate,"The ACF-Frontend-Display plugin through 2015-07-03 for WordPress has arbitrary file upload via an action=upload request to js/blueimp-jQuery-File-Upload-d45deb1/server/php/index.php.","MISC:https://packetstormsecurity.com/files/132590/",Assigned (20191010),"None (candidate not yet proposed)","" CVE-2015-9500,Candidate,"The Exquisite Ultimate Newspaper theme 1.3.3 for WordPress has XSS via the anchor identifier to assets/js/jquery.foundation.plugins.js.","MISC:https://packetstormsecurity.com/files/131657/",Assigned (20191014),"None (candidate not yet proposed)","" CVE-2016-0753,Candidate,"Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation steps via crafted parameters.","BID:82247 | URL:http://www.securityfocus.com/bid/82247 | DEBIAN:DSA-3464 | URL:http://www.debian.org/security/2016/dsa-3464 | FEDORA:FEDORA-2016-73fe05d878 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178041.html | FEDORA:FEDORA-2016-94e71ee673 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html | FEDORA:FEDORA-2016-cb30088b06 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178047.html | FEDORA:FEDORA-2016-cc465a34df | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178065.html | FEDORA:FEDORA-2016-eb4d6e8aab | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178066.html | MLIST:[oss-security] 20160125 [CVE-2016-0753] Possible Input Validation Circumvention in Active Model | URL:http://www.openwall.com/lists/oss-security/2016/01/25/14 | MLIST:[ruby-security-ann] 20160125 [CVE-2016-0753] Possible Input Validation Circumvention in Active Model | URL:https://groups.google.com/forum/message/raw?msg=ruby-security-ann/6jQVC1geukQ/3Iy0GU1ZEgAJ | REDHAT:RHSA-2016:0296 | URL:http://rhn.redhat.com/errata/RHSA-2016-0296.html | SECTRACK:1034816 | URL:http://www.securitytracker.com/id/1034816 | SUSE:SUSE-SU-2016:1146 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html | SUSE:openSUSE-SU-2016:0372 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html",Assigned (20151216),"None (candidate not yet proposed)","" CVE-2016-1000110,Candidate,"The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests.","MISC:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000110 | MISC:https://bugzilla.suse.com/show_bug.cgi?id=CVE-2016-1000110 | MISC:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7K3WFJO3SJQCODKRKU6EQV3ZGHH53YPU/ | MISC:https://security-tracker.debian.org/tracker/CVE-2016-1000110 | SUSE:openSUSE-SU-2020:0086 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html",Assigned (20160718),"None (candidate not yet proposed)","" CVE-2016-10707,Candidate,"jQuery 3.0.0-rc.1 is vulnerable to Denial of Service (DoS) due to removing a logic that lowercased attribute names. Any attribute getter using a mixed-cased name for boolean attributes goes into an infinite recursion, exceeding the stack call limit.","MISC:https://github.com/jquery/jquery/issues/3133 | MISC:https://github.com/jquery/jquery/pull/3134 | MISC:https://snyk.io/vuln/npm:jquery:20160529",Assigned (20180118),"None (candidate not yet proposed)","" CVE-2016-4074,Candidate,"The jv_dump_term function in jq 1.5 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted JSON file.","MISC:https://github.com/NixOS/nixpkgs/pull/18908 | MISC:https://github.com/stedolan/jq/ | MISC:https://github.com/stedolan/jq/issues/1136 | MLIST:[oss-security] 20160424 CVE Request: jq: stack exhaustion using jv_dump_term() function | URL:http://www.openwall.com/lists/oss-security/2016/04/24/3 | MLIST:[oss-security] 20160424 Re: CVE Request: jq: stack exhaustion using jv_dump_term() function | URL:http://www.openwall.com/lists/oss-security/2016/04/24/4",Assigned (20160424),"None (candidate not yet proposed)","" CVE-2016-5407,Candidate,"The (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXv before 1.0.11 allow remote X servers to trigger out-of-bounds memory access operations via vectors involving length specifications in received data.","BID:93368 | URL:http://www.securityfocus.com/bid/93368 | CONFIRM:https://cgit.freedesktop.org/xorg/lib/libXv/commit/?id=d9da580b46a28ab497de2e94fdc7b9ff953dab17 | FEDORA:FEDORA-2016-5aa206bd16 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AE2VJOFA3EZA566RERQB54TFY56FROZR/ | FEDORA:FEDORA-2016-f71cc44cf8 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3IA7BLB4C3JOYVU6UASGUJQJKUF6TO7E/ | GENTOO:GLSA-201704-03 | URL:https://security.gentoo.org/glsa/201704-03 | MLIST:[oss-security] 20161004 Re: X.Org security advisory: Protocol handling issues in X Window System client libraries | URL:http://www.openwall.com/lists/oss-security/2016/10/04/4 | MLIST:[oss-security] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries | URL:http://www.openwall.com/lists/oss-security/2016/10/04/2 | MLIST:[xorg-announce] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries | URL:https://lists.x.org/archives/xorg-announce/2016-October/002720.html | SECTRACK:1036945 | URL:http://www.securitytracker.com/id/1036945",Assigned (20160610),"None (candidate not yet proposed)","" CVE-2016-6494,Candidate,"The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by reading these files.","BID:92204 | URL:http://www.securityfocus.com/bid/92204 | CONFIRM:https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832908 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1362553 | CONFIRM:https://github.com/mongodb/mongo/commit/035cf2afc04988b22cb67f4ebfd77e9b344cb6e0 | CONFIRM:https://jira.mongodb.org/browse/SERVER-25335 | FEDORA:FEDORA-2016-9a8e2bbc04 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5MCE2ZLFBNOK3TTWSTXZJQGZVP4EEJDL/ | MLIST:[oss-security] 20160729 CVE request: mongodb: world-readable .dbshell history file | URL:http://www.openwall.com/lists/oss-security/2016/07/29/4 | MLIST:[oss-security] 20160729 Re: CVE request: mongodb: world-readable .dbshell history file | URL:http://www.openwall.com/lists/oss-security/2016/07/29/8",Assigned (20160729),"None (candidate not yet proposed)","" CVE-2016-6866,Candidate,"slock allows attackers to bypass the screen lock via vectors involving an invalid password hash, which triggers a NULL pointer dereference and crash.","BID:92546 | URL:http://www.securityfocus.com/bid/92546 | CONFIRM:http://git.suckless.org/slock/commit/?id=d8bec0f6fdc8a246d78cb488a0068954b46fcb29 | FEDORA:FEDORA-2016-1b7e66c08b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2FYPV6QQPPYBL3Z2BYNYEJB67FSC55OR/ | FEDORA:FEDORA-2016-985b68721b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RZPEJQNVODYSI4WQXM5GQKXRO7TPK2VG/ | MISC:http://s1m0n.dft-labs.eu/files/slock/slock.txt | MLIST:[oss-security] 20160818 CVE request - slock, all versions NULL pointer dereference | URL:http://www.openwall.com/lists/oss-security/2016/08/18/22 | MLIST:[oss-security] 20160818 Re: CVE request - slock, all versions NULL pointer dereference | URL:http://www.openwall.com/lists/oss-security/2016/08/18/24",Assigned (20160818),"None (candidate not yet proposed)","" CVE-2016-7103,Candidate,"Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.","BID:104823 | URL:http://www.securityfocus.com/bid/104823 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://github.com/jquery/api.jqueryui.com/issues/281 | CONFIRM:https://github.com/jquery/jquery-ui/commit/9644e7bae9116edaf8d37c5b38cb32b892f10ff6 | CONFIRM:https://jqueryui.com/changelog/1.12.0/ | CONFIRM:https://security.netapp.com/advisory/ntap-20190416-0007/ | CONFIRM:https://www.tenable.com/security/tns-2016-19 | FEDORA:FEDORA-2019-a96124345a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2I4UHPIW26FIALH7GGZ3IYUUA53VOOJ/ | MISC:https://nodesecurity.io/advisories/127 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | MISC:https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | MISC:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | MISC:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | MLIST:[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities | URL:https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E | MLIST:[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities | URL:https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E | MLIST:[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities | URL:https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E | MLIST:[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1 | URL:https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E | MLIST:[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js | URL:https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E | REDHAT:RHSA-2016:2932 | URL:http://rhn.redhat.com/errata/RHSA-2016-2932.html | REDHAT:RHSA-2016:2933 | URL:http://rhn.redhat.com/errata/RHSA-2016-2933.html | REDHAT:RHSA-2017:0161 | URL:http://rhn.redhat.com/errata/RHSA-2017-0161.html",Assigned (20160827),"None (candidate not yet proposed)","" CVE-2016-7167,Candidate,"Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow.","BID:92975 | URL:http://www.securityfocus.com/bid/92975 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://curl.haxx.se/docs/adv_20160914.html | FEDORA:FEDORA-2016-08533fc59c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B3IU2FRXQNU6UJIQT4NGLWWTP2GJQXO7/ | FEDORA:FEDORA-2016-7a2ed52d41 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTH54DFOS4TSYPG5XKJDGAG4XPAR4T7M/ | FEDORA:FEDORA-2016-80f4f71eff | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZMRWVISG7VUCYRMF23A2UHMYD72VQWAK/ | GENTOO:GLSA-201701-47 | URL:https://security.gentoo.org/glsa/201701-47 | MLIST:[debian-lts-announce] 20181106 [SECURITY] [DLA 1568-1] curl security update | URL:https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html | REDHAT:RHSA-2017:2016 | URL:https://access.redhat.com/errata/RHSA-2017:2016 | REDHAT:RHSA-2018:2486 | URL:https://access.redhat.com/errata/RHSA-2018:2486 | REDHAT:RHSA-2018:3558 | URL:https://access.redhat.com/errata/RHSA-2018:3558 | SECTRACK:1036813 | URL:http://www.securitytracker.com/id/1036813 | SLACKWARE:SSA:2016-259-01 | URL:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.538632",Assigned (20160908),"None (candidate not yet proposed)","" CVE-2016-7966,Candidate,"Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign (=) or a space into the injected HTML, which greatly reduces the available HTML functionality. Although it is possible to include an HTML comment indicator to hide content.","BID:93360 | URL:http://www.securityfocus.com/bid/93360 | DEBIAN:DSA-3697 | URL:http://www.debian.org/security/2016/dsa-3697 | FEDORA:FEDORA-2016-92c112a380 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNMM5TVPTJQFPJ3YDF4DPXDFW3GQLWLY/ | MLIST:[oss-security] 20161004 Re: KMail vulnerabilites: need 3 CVE | URL:http://www.openwall.com/lists/oss-security/2016/10/05/1 | SUSE:openSUSE-SU-2016:2559 | URL:http://lists.opensuse.org/opensuse-updates/2016-10/msg00065.html",Assigned (20160909),"None (candidate not yet proposed)","" CVE-2017-1000170,Candidate,"jqueryFileTree 2.1.5 and older Directory Traversal","MISC:http://packetstormsecurity.com/files/161900/WordPress-Delightful-Downloads-Jquery-File-Tree-1.6.6-Path-Traversal.html | MISC:https://github.com/jqueryfiletree/jqueryfiletree/issues/66",Assigned (20171117),"None (candidate not yet proposed)","" CVE-2017-1000234,Candidate,"I, Librarian version <=4.6 & 4.7 is vulnerable to Directory Enumeration in the jqueryFileTree.php resulting in attacker enumerating directories simply by navigating through the ""dir"" parameter","MISC:https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170509-0_I_Librarian_Multiple_vulnerabilities_v10.txt",Assigned (20171116),"None (candidate not yet proposed)","" CVE-2017-11124,Candidate,"libxar.so in xar 1.6.1 has a NULL pointer dereference in the xar_unserialize function in archive.c.","FEDORA:FEDORA-2020-bbd24dd0cf | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2S2KRIILUKBJHXDNYJQQX74TFUQRG5ND/ | FEDORA:FEDORA-2020-edf53cd770 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YV6RF6VWM7AFYFTTS7VY5TNH26QUEEFC/ | MISC:https://blogs.gentoo.org/ago/2017/06/28/xar-null-pointer-dereference-in-xar_unserialize-archive-c/",Assigned (20170709),"None (candidate not yet proposed)","" CVE-2017-11125,Candidate,"libxar.so in xar 1.6.1 has a NULL pointer dereference in the xar_get_path function in util.c.","FEDORA:FEDORA-2020-bbd24dd0cf | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2S2KRIILUKBJHXDNYJQQX74TFUQRG5ND/ | FEDORA:FEDORA-2020-edf53cd770 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YV6RF6VWM7AFYFTTS7VY5TNH26QUEEFC/ | MISC:https://blogs.gentoo.org/ago/2017/06/28/xar-null-pointer-dereference-in-xar_get_path-util-c/",Assigned (20170709),"None (candidate not yet proposed)","" CVE-2017-12966,Candidate,"The asn1f_lookup_symbol_impl function in asn1fix_retrieve.c in libasn1fix.a in asn1c 0.9.28 allows remote attackers to cause a denial of service (segmentation fault) via a crafted .asn1 file.","MISC:https://drive.google.com/open?id=0B9DojFnTUSNGd05zSHI1RmpKQjQ",Assigned (20170819),"None (candidate not yet proposed)","" CVE-2017-1376,Candidate,"A flaw in the IBM J9 VM class verifier allows untrusted code to disable the security manager and elevate its privileges. IBM X-Force ID: 126873.","CONFIRM:http://www.ibm.com/support/docview.wss?uid=swg22007305&myns=swgtiv&mynp=OCSSJQQ3&mync=E&cm_sp=swgtiv-_-OCSSJQQ3-_-E | MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/126873 | REDHAT:RHSA-2017:2469 | URL:https://access.redhat.com/errata/RHSA-2017:2469 | REDHAT:RHSA-2017:2481 | URL:https://access.redhat.com/errata/RHSA-2017:2481",Assigned (20161130),"None (candidate not yet proposed)","" CVE-2017-14594,Candidate,"The printable searchrequest issue resource in Atlassian Jira before version 7.2.12 and from version 7.3.0 before 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the jqlQuery query parameter.","CONFIRM:https://jira.atlassian.com/browse/JRASERVER-66495",Assigned (20170919),"None (candidate not yet proposed)","" CVE-2017-15232,Candidate,"libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file.","MISC:https://github.com/libjpeg-turbo/libjpeg-turbo/pull/182 | MISC:https://github.com/mozilla/mozjpeg/issues/268 | UBUNTU:USN-3706-1 | URL:https://usn.ubuntu.com/3706-1/",Assigned (20171010),"None (candidate not yet proposed)","" CVE-2017-15719,Candidate,"In Wicket jQuery UI 6.28.0 and earlier, 7.9.1 and earlier, and 8.0.0-M8 and earlier, a security issue has been discovered in the WYSIWYG editor that allows an attacker to submit arbitrary JS code to WYSIWYG editor.","CONFIRM:http://openmeetings.apache.org/security.html#_toc_cve-2017-15719_-_wicket_jquery_ui_xss_in_wysiwyg_e | CONFIRM:https://github.com/sebfz1/wicket-jquery-ui/wiki#cve-2017-15719---xss-in-wysiwyg-editor",Assigned (20171021),"None (candidate not yet proposed)","" CVE-2017-16045,Candidate,"`jquery.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.","MISC:https://nodesecurity.io/advisories/496",Assigned (20171029),"None (candidate not yet proposed)","" CVE-2017-16204,Candidate,"The jquey module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.","MISC:https://nodesecurity.io/advisories/544",Assigned (20171029),"None (candidate not yet proposed)","" CVE-2017-16534,Candidate,"The cdc_parse_cdc_header function in drivers/usb/core/message.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.","MISC:https://github.com/torvalds/linux/commit/2e1c42391ff2556387b3cb6308b24f6f65619feb | MISC:https://groups.google.com/d/msg/syzkaller/nXnjqI73uPo/6sUyq6kqAgAJ | SUSE:SUSE-SU-2018:0011 | URL:http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html",Assigned (20171103),"None (candidate not yet proposed)","" CVE-2017-16648,Candidate,"The dvb_frontend_free function in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device. NOTE: the function was later renamed __dvb_frontend_free.","BID:101758 | URL:http://www.securityfocus.com/bid/101758 | MISC:https://groups.google.com/d/msg/syzkaller/0HJQqTm0G_g/T931ItskBAAJ | MISC:https://patchwork.kernel.org/patch/10046189/ | REDHAT:RHSA-2018:2948 | URL:https://access.redhat.com/errata/RHSA-2018:2948",Assigned (20171107),"None (candidate not yet proposed)","" CVE-2017-16808,Candidate,"tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c.","BUGTRAQ:20191002 [slackware-security] tcpdump (SSA:2019-274-01) | URL:https://seclists.org/bugtraq/2019/Oct/2 | BUGTRAQ:20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra | URL:https://seclists.org/bugtraq/2019/Dec/23 | CONFIRM:https://github.com/the-tcpdump-group/tcpdump/issues/645 | CONFIRM:https://support.apple.com/kb/HT210788 | FEDORA:FEDORA-2019-6db0d5b9d9 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/ | FEDORA:FEDORA-2019-85d92df70f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/ | FEDORA:FEDORA-2019-d06bc63433 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/ | FULLDISC:20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra | URL:http://seclists.org/fulldisclosure/2019/Dec/26 | MISC:http://packetstormsecurity.com/files/154710/Slackware-Security-Advisory-tcpdump-Updates.html | MISC:https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES | SECTRACK:1039773 | URL:http://www.securitytracker.com/id/1039773 | SUSE:openSUSE-SU-2019:1964 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00065.html | SUSE:openSUSE-SU-2019:2344 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html | SUSE:openSUSE-SU-2019:2348 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html | UBUNTU:USN-4252-1 | URL:https://usn.ubuntu.com/4252-1/ | UBUNTU:USN-4252-2 | URL:https://usn.ubuntu.com/4252-2/",Assigned (20171113),"None (candidate not yet proposed)","" CVE-2017-16818,Candidate,"RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service (assertion failure and application exit) by leveraging ""full"" (not necessarily admin) privileges to post an invalid profile to the admin API, related to rgw/rgw_iam_policy.cc, rgw/rgw_basic_types.h, and rgw/rgw_iam_types.h.","CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1515872 | CONFIRM:https://github.com/ceph/ceph/commit/b3118cabb8060a8cc6a01c4e8264cb18e7b1745a | FEDORA:FEDORA-2017-97b730736f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6VJA32U7HKGDRJQDJVM7JBYWD4T7BJL/",Assigned (20171114),"None (candidate not yet proposed)","" CVE-2017-17560,Candidate,"An issue was discovered on Western Digital MyCloud PR4100 2.30.172 devices. The web administration component, /web/jquery/uploader/multi_uploadify.php, provides multipart upload functionality that is accessible without authentication and can be used to place a file anywhere on the device's file system. This allows an attacker the ability to upload a PHP shell onto the device and obtain arbitrary code execution as root.","EXPLOIT-DB:43356 | URL:https://www.exploit-db.com/exploits/43356/ | MISC:https://download.exploitee.rs/file/generic/Exploiteers-DEFCON25.pdf | MISC:https://github.com/rapid7/metasploit-framework/pull/9248",Assigned (20171212),"None (candidate not yet proposed)","" CVE-2017-18104,Candidate,"The Webhooks component of Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.11.0 allows remote attackers who are able to observe or otherwise intercept webhook events to learn information about changes in issues that should not be sent because they are not contained within the results of a specified JQL query.","CONFIRM:https://jira.atlassian.com/browse/JRASERVER-59980",Assigned (20180201),"None (candidate not yet proposed)","" CVE-2017-6929,Candidate,"A jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. This vulnerability is mitigated by the fact that it requires contributed or custom modules in order to exploit. For Drupal 8, this vulnerability was already fixed in Drupal 8.4.0 in the Drupal core upgrade to jQuery 3. For Drupal 7, it is fixed in the current release (Drupal 7.57) for jQuery 1.4.4 (the version that ships with Drupal 7 core) as well as for other newer versions of jQuery that might be used on the site, for example using the jQuery Update module.","CONFIRM:https://www.drupal.org/sa-core-2018-001 | DEBIAN:DSA-4123 | URL:https://www.debian.org/security/2018/dsa-4123 | MLIST:[debian-lts-announce] 20180228 [SECURITY] [DLA 1295-1] drupal7 security update | URL:https://lists.debian.org/debian-lts-announce/2018/02/msg00030.html",Assigned (20170316),"None (candidate not yet proposed)","" CVE-2017-7683,Candidate,"Apache OpenMeetings 1.0.0 displays Tomcat version and detailed error stack trace, which is not secure.","MLIST:[user] 20170713 CVE-2017-7683 - Apache OpenMeetings - Information Disclosure | URL:http://markmail.org/message/hint6fp66lijqdvu",Assigned (20170411),"None (candidate not yet proposed)","" CVE-2018-0645,Candidate,"MTAppjQuery 1.8.1 and earlier allows remote PHP code execution via unspecified vectors.","CONFIRM:http://www.tinybeans.net/blog/2015/06/26-230919.html | CONFIRM:https://bit-part.net/news/2018/07/mtappjquery-20180717.html | JVN:JVN#62423700 | URL:http://jvn.jp/en/jp/JVN62423700/index.html",Assigned (20171127),"None (candidate not yet proposed)","" CVE-2018-1000802,Candidate,"Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive. This attack appear to be exploitable via Passage of unfiltered user input to the function. This vulnerability appears to have been fixed in after commit add531a1e55b0a739b0f42582f1c9747e5649ace.","CONFIRM:https://bugs.python.org/issue34540 | CONFIRM:https://github.com/python/cpython/pull/8985 | CONFIRM:https://github.com/python/cpython/pull/8985/commits/add531a1e55b0a739b0f42582f1c9747e5649ace | DEBIAN:DSA-4306 | URL:https://www.debian.org/security/2018/dsa-4306 | MISC:https://mega.nz/#!JUFiCC4R!mq-jQ8ySFwIhX6WMDujaZuNBfttDVt7DETlfOIQE1ig | MLIST:[debian-lts-announce] 20180925 [SECURITY] [DLA 1519-1] python2.7 security update | URL:https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html | MLIST:[debian-lts-announce] 20180926 [SECURITY] [DLA 1520-1] python3.4 security update | URL:https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html | SUSE:openSUSE-SU-2020:0086 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html | UBUNTU:USN-3817-1 | URL:https://usn.ubuntu.com/3817-1/ | UBUNTU:USN-3817-2 | URL:https://usn.ubuntu.com/3817-2/",Assigned (20180918),"None (candidate not yet proposed)","" CVE-2018-10103,Candidate,"tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2).","BUGTRAQ:20191021 [SECURITY] [DSA 4547-1] tcpdump security update | URL:https://seclists.org/bugtraq/2019/Oct/28 | BUGTRAQ:20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra | URL:https://seclists.org/bugtraq/2019/Dec/23 | CONFIRM:https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES | CONFIRM:https://security.netapp.com/advisory/ntap-20200120-0001/ | CONFIRM:https://support.apple.com/kb/HT210788 | CONFIRM:https://support.f5.com/csp/article/K44551633?utm_source=f5support&utm_medium=RSS | DEBIAN:DSA-4547 | URL:https://www.debian.org/security/2019/dsa-4547 | FEDORA:FEDORA-2019-6db0d5b9d9 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/ | FEDORA:FEDORA-2019-85d92df70f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/ | FEDORA:FEDORA-2019-d06bc63433 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/ | FULLDISC:20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra | URL:http://seclists.org/fulldisclosure/2019/Dec/26 | MLIST:[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update | URL:https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html | SUSE:openSUSE-SU-2019:2344 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html | SUSE:openSUSE-SU-2019:2348 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html | UBUNTU:USN-4252-1 | URL:https://usn.ubuntu.com/4252-1/ | UBUNTU:USN-4252-2 | URL:https://usn.ubuntu.com/4252-2/",Assigned (20180414),"None (candidate not yet proposed)","" CVE-2018-10105,Candidate,"tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2).","BUGTRAQ:20191021 [SECURITY] [DSA 4547-1] tcpdump security update | URL:https://seclists.org/bugtraq/2019/Oct/28 | BUGTRAQ:20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra | URL:https://seclists.org/bugtraq/2019/Dec/23 | CONFIRM:https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES | CONFIRM:https://security.netapp.com/advisory/ntap-20200120-0001/ | CONFIRM:https://support.apple.com/kb/HT210788 | CONFIRM:https://support.f5.com/csp/article/K44551633?utm_source=f5support&utm_medium=RSS | DEBIAN:DSA-4547 | URL:https://www.debian.org/security/2019/dsa-4547 | FEDORA:FEDORA-2019-6db0d5b9d9 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/ | FEDORA:FEDORA-2019-85d92df70f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/ | FEDORA:FEDORA-2019-d06bc63433 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/ | FULLDISC:20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra | URL:http://seclists.org/fulldisclosure/2019/Dec/26 | MLIST:[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update | URL:https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html | SUSE:openSUSE-SU-2019:2344 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html | SUSE:openSUSE-SU-2019:2348 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html | UBUNTU:USN-4252-1 | URL:https://usn.ubuntu.com/4252-1/ | UBUNTU:USN-4252-2 | URL:https://usn.ubuntu.com/4252-2/",Assigned (20180414),"None (candidate not yet proposed)","" CVE-2018-12983,Candidate,"A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey() function in PdfEncrypt.cpp in PoDoFo 0.9.6-rc1 could be leveraged by remote attackers to cause a denial-of-service via a crafted pdf file.","FEDORA:FEDORA-2020-2d80e03190 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LEJQUDZT4JRJSPZYY3UPSCTFPAC5TUHK/ | FEDORA:FEDORA-2020-71e2092ebc | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UMEMSUUXA3SL3AZAKKCTZFXVPHTBBK3O/ | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1595693",Assigned (20180628),"None (candidate not yet proposed)","" CVE-2018-1325,Candidate,"In Apache wicket-jquery-ui <= 6.29.0, <= 7.10.1, <= 8.0.0-M9.1, JS code created in WYSIWYG editor will be executed on display.","MLIST:[openmeetings-user] 20180418 [ANNOUNCE] CVE-2018-1325 - Wicket jQuery UI: XSS while displaying value in WYSIWYG editor | URL:https://markmail.org/message/6bxjyaolehhq7jrl",Assigned (20171207),"None (candidate not yet proposed)","" CVE-2018-14461,Candidate,"The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print().","BUGTRAQ:20191021 [SECURITY] [DSA 4547-1] tcpdump security update | URL:https://seclists.org/bugtraq/2019/Oct/28 | BUGTRAQ:20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra | URL:https://seclists.org/bugtraq/2019/Dec/23 | CONFIRM:https://github.com/the-tcpdump-group/tcpdump/commit/aa5c6b710dfd8020d2c908d6b3bd41f1da719b3b | CONFIRM:https://security.netapp.com/advisory/ntap-20200120-0001/ | CONFIRM:https://support.apple.com/kb/HT210788 | DEBIAN:DSA-4547 | URL:https://www.debian.org/security/2019/dsa-4547 | FEDORA:FEDORA-2019-6db0d5b9d9 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/ | FEDORA:FEDORA-2019-85d92df70f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/ | FEDORA:FEDORA-2019-d06bc63433 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/ | FULLDISC:20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra | URL:http://seclists.org/fulldisclosure/2019/Dec/26 | MISC:https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES | MLIST:[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update | URL:https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html | SUSE:openSUSE-SU-2019:2344 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html | SUSE:openSUSE-SU-2019:2348 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html | UBUNTU:USN-4252-1 | URL:https://usn.ubuntu.com/4252-1/ | UBUNTU:USN-4252-2 | URL:https://usn.ubuntu.com/4252-2/",Assigned (20180720),"None (candidate not yet proposed)","" CVE-2018-14462,Candidate,"The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().","BUGTRAQ:20191021 [SECURITY] [DSA 4547-1] tcpdump security update | URL:https://seclists.org/bugtraq/2019/Oct/28 | BUGTRAQ:20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra | URL:https://seclists.org/bugtraq/2019/Dec/23 | CONFIRM:https://github.com/the-tcpdump-group/tcpdump/commit/1a1bce0526a77b62e41531b00f8bb5e21fd4f3a3 | CONFIRM:https://security.netapp.com/advisory/ntap-20200120-0001/ | CONFIRM:https://support.apple.com/kb/HT210788 | DEBIAN:DSA-4547 | URL:https://www.debian.org/security/2019/dsa-4547 | FEDORA:FEDORA-2019-6db0d5b9d9 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/ | FEDORA:FEDORA-2019-85d92df70f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/ | FEDORA:FEDORA-2019-d06bc63433 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/ | FULLDISC:20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra | URL:http://seclists.org/fulldisclosure/2019/Dec/26 | MISC:https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES | MLIST:[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update | URL:https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html | SUSE:openSUSE-SU-2019:2344 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html | SUSE:openSUSE-SU-2019:2348 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html | UBUNTU:USN-4252-1 | URL:https://usn.ubuntu.com/4252-1/ | UBUNTU:USN-4252-2 | URL:https://usn.ubuntu.com/4252-2/",Assigned (20180720),"None (candidate not yet proposed)","" CVE-2018-14463,Candidate,"The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print().","BUGTRAQ:20191021 [SECURITY] [DSA 4547-1] tcpdump security update | URL:https://seclists.org/bugtraq/2019/Oct/28 | BUGTRAQ:20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra | URL:https://seclists.org/bugtraq/2019/Dec/23 | CONFIRM:https://github.com/the-tcpdump-group/tcpdump/commit/3de07c772166b7e8e8bb4b9d1d078f1d901b570b | CONFIRM:https://security.netapp.com/advisory/ntap-20200120-0001/ | CONFIRM:https://support.apple.com/kb/HT210788 | DEBIAN:DSA-4547 | URL:https://www.debian.org/security/2019/dsa-4547 | FEDORA:FEDORA-2019-6db0d5b9d9 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/ | FEDORA:FEDORA-2019-85d92df70f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/ | FEDORA:FEDORA-2019-d06bc63433 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/ | FULLDISC:20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra | URL:http://seclists.org/fulldisclosure/2019/Dec/26 | MISC:https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES | MLIST:[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update | URL:https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html | SUSE:openSUSE-SU-2019:2344 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html | SUSE:openSUSE-SU-2019:2348 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html | UBUNTU:USN-4252-1 | URL:https://usn.ubuntu.com/4252-1/ | UBUNTU:USN-4252-2 | URL:https://usn.ubuntu.com/4252-2/",Assigned (20180720),"None (candidate not yet proposed)","" CVE-2018-14464,Candidate,"The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs().","BUGTRAQ:20191021 [SECURITY] [DSA 4547-1] tcpdump security update | URL:https://seclists.org/bugtraq/2019/Oct/28 | BUGTRAQ:20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra | URL:https://seclists.org/bugtraq/2019/Dec/23 | CONFIRM:https://github.com/the-tcpdump-group/tcpdump/commit/d97e94223720684c6aa740ff219e0d19426c2220 | CONFIRM:https://security.netapp.com/advisory/ntap-20200120-0001/ | CONFIRM:https://support.apple.com/kb/HT210788 | DEBIAN:DSA-4547 | URL:https://www.debian.org/security/2019/dsa-4547 | FEDORA:FEDORA-2019-6db0d5b9d9 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/ | FEDORA:FEDORA-2019-85d92df70f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/ | FEDORA:FEDORA-2019-d06bc63433 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/ | FULLDISC:20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra | URL:http://seclists.org/fulldisclosure/2019/Dec/26 | MISC:https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES | MLIST:[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update | URL:https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html | SUSE:openSUSE-SU-2019:2344 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html | SUSE:openSUSE-SU-2019:2348 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html | UBUNTU:USN-4252-1 | URL:https://usn.ubuntu.com/4252-1/ | UBUNTU:USN-4252-2 | URL:https://usn.ubuntu.com/4252-2/",Assigned (20180720),"None (candidate not yet proposed)","" CVE-2018-14465,Candidate,"The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().","BUGTRAQ:20191021 [SECURITY] [DSA 4547-1] tcpdump security update | URL:https://seclists.org/bugtraq/2019/Oct/28 | BUGTRAQ:20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra | URL:https://seclists.org/bugtraq/2019/Dec/23 | CONFIRM:https://github.com/the-tcpdump-group/tcpdump/commit/bea2686c296b79609060a104cc139810785b0739 | CONFIRM:https://security.netapp.com/advisory/ntap-20200120-0001/ | CONFIRM:https://support.apple.com/kb/HT210788 | DEBIAN:DSA-4547 | URL:https://www.debian.org/security/2019/dsa-4547 | FEDORA:FEDORA-2019-6db0d5b9d9 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/ | FEDORA:FEDORA-2019-85d92df70f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/ | FEDORA:FEDORA-2019-d06bc63433 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/ | FULLDISC:20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra | URL:http://seclists.org/fulldisclosure/2019/Dec/26 | MISC:https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES | MLIST:[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update | URL:https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html | SUSE:openSUSE-SU-2019:2344 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html | SUSE:openSUSE-SU-2019:2348 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html | UBUNTU:USN-4252-1 | URL:https://usn.ubuntu.com/4252-1/ | UBUNTU:USN-4252-2 | URL:https://usn.ubuntu.com/4252-2/",Assigned (20180720),"None (candidate not yet proposed)","" CVE-2018-14466,Candidate,"The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert().","BUGTRAQ:20191021 [SECURITY] [DSA 4547-1] tcpdump security update | URL:https://seclists.org/bugtraq/2019/Oct/28 | BUGTRAQ:20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra | URL:https://seclists.org/bugtraq/2019/Dec/23 | CONFIRM:https://github.com/the-tcpdump-group/tcpdump/commit/c24922e692a52121e853a84ead6b9337f4c08a94 | CONFIRM:https://security.netapp.com/advisory/ntap-20200120-0001/ | CONFIRM:https://support.apple.com/kb/HT210788 | DEBIAN:DSA-4547 | URL:https://www.debian.org/security/2019/dsa-4547 | FEDORA:FEDORA-2019-6db0d5b9d9 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/ | FEDORA:FEDORA-2019-85d92df70f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/ | FEDORA:FEDORA-2019-d06bc63433 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/ | FULLDISC:20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra | URL:http://seclists.org/fulldisclosure/2019/Dec/26 | MISC:https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES | MLIST:[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update | URL:https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html | SUSE:openSUSE-SU-2019:2344 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html | SUSE:openSUSE-SU-2019:2348 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html | UBUNTU:USN-4252-1 | URL:https://usn.ubuntu.com/4252-1/ | UBUNTU:USN-4252-2 | URL:https://usn.ubuntu.com/4252-2/",Assigned (20180720),"None (candidate not yet proposed)","" CVE-2018-14467,Candidate,"The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP).","BUGTRAQ:20191021 [SECURITY] [DSA 4547-1] tcpdump security update | URL:https://seclists.org/bugtraq/2019/Oct/28 | BUGTRAQ:20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra | URL:https://seclists.org/bugtraq/2019/Dec/23 | CONFIRM:https://github.com/the-tcpdump-group/tcpdump/commit/e3f3b445e2d20ac5d5b7fcb7559ce6beb55da0c9 | CONFIRM:https://security.netapp.com/advisory/ntap-20200120-0001/ | CONFIRM:https://support.apple.com/kb/HT210788 | DEBIAN:DSA-4547 | URL:https://www.debian.org/security/2019/dsa-4547 | FEDORA:FEDORA-2019-6db0d5b9d9 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/ | FEDORA:FEDORA-2019-85d92df70f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/ | FEDORA:FEDORA-2019-d06bc63433 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/ | FULLDISC:20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra | URL:http://seclists.org/fulldisclosure/2019/Dec/26 | MISC:https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES | MLIST:[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update | URL:https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html | SUSE:openSUSE-SU-2019:2344 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html | SUSE:openSUSE-SU-2019:2348 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html | UBUNTU:USN-4252-1 | URL:https://usn.ubuntu.com/4252-1/ | UBUNTU:USN-4252-2 | URL:https://usn.ubuntu.com/4252-2/",Assigned (20180720),"None (candidate not yet proposed)","" CVE-2018-14468,Candidate,"The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().","BUGTRAQ:20191021 [SECURITY] [DSA 4547-1] tcpdump security update | URL:https://seclists.org/bugtraq/2019/Oct/28 | BUGTRAQ:20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra | URL:https://seclists.org/bugtraq/2019/Dec/23 | CONFIRM:https://github.com/the-tcpdump-group/tcpdump/commit/aa3e54f594385ce7e1e319b0c84999e51192578b | CONFIRM:https://security.netapp.com/advisory/ntap-20200120-0001/ | CONFIRM:https://support.apple.com/kb/HT210788 | CONFIRM:https://support.f5.com/csp/article/K04367730?utm_source=f5support&utm_medium=RSS | DEBIAN:DSA-4547 | URL:https://www.debian.org/security/2019/dsa-4547 | FEDORA:FEDORA-2019-6db0d5b9d9 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/ | FEDORA:FEDORA-2019-85d92df70f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/ | FEDORA:FEDORA-2019-d06bc63433 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/ | FULLDISC:20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra | URL:http://seclists.org/fulldisclosure/2019/Dec/26 | MISC:https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES | MLIST:[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update | URL:https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html | SUSE:openSUSE-SU-2019:2344 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html | SUSE:openSUSE-SU-2019:2348 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html | UBUNTU:USN-4252-1 | URL:https://usn.ubuntu.com/4252-1/ | UBUNTU:USN-4252-2 | URL:https://usn.ubuntu.com/4252-2/",Assigned (20180720),"None (candidate not yet proposed)","" CVE-2018-14469,Candidate,"The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().","BUGTRAQ:20191021 [SECURITY] [DSA 4547-1] tcpdump security update | URL:https://seclists.org/bugtraq/2019/Oct/28 | BUGTRAQ:20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra | URL:https://seclists.org/bugtraq/2019/Dec/23 | CONFIRM:https://github.com/the-tcpdump-group/tcpdump/commit/396e94ff55a80d554b1fe46bf107db1e91008d6c | CONFIRM:https://security.netapp.com/advisory/ntap-20200120-0001/ | CONFIRM:https://support.apple.com/kb/HT210788 | DEBIAN:DSA-4547 | URL:https://www.debian.org/security/2019/dsa-4547 | FEDORA:FEDORA-2019-6db0d5b9d9 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/ | FEDORA:FEDORA-2019-85d92df70f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/ | FEDORA:FEDORA-2019-d06bc63433 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/ | FULLDISC:20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra | URL:http://seclists.org/fulldisclosure/2019/Dec/26 | MISC:https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES | MLIST:[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update | URL:https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html | SUSE:openSUSE-SU-2019:2344 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html | SUSE:openSUSE-SU-2019:2348 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html | UBUNTU:USN-4252-1 | URL:https://usn.ubuntu.com/4252-1/ | UBUNTU:USN-4252-2 | URL:https://usn.ubuntu.com/4252-2/",Assigned (20180720),"None (candidate not yet proposed)","" CVE-2018-14470,Candidate,"The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2().","BUGTRAQ:20191021 [SECURITY] [DSA 4547-1] tcpdump security update | URL:https://seclists.org/bugtraq/2019/Oct/28 | BUGTRAQ:20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra | URL:https://seclists.org/bugtraq/2019/Dec/23 | CONFIRM:https://github.com/the-tcpdump-group/tcpdump/commit/12f66f69f7bf1ec1266ddbee90a7616cbf33696b | CONFIRM:https://security.netapp.com/advisory/ntap-20200120-0001/ | CONFIRM:https://support.apple.com/kb/HT210788 | DEBIAN:DSA-4547 | URL:https://www.debian.org/security/2019/dsa-4547 | FEDORA:FEDORA-2019-6db0d5b9d9 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/ | FEDORA:FEDORA-2019-85d92df70f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/ | FEDORA:FEDORA-2019-d06bc63433 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/ | FULLDISC:20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra | URL:http://seclists.org/fulldisclosure/2019/Dec/26 | MISC:https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES | MLIST:[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update | URL:https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html | SUSE:openSUSE-SU-2019:2344 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html | SUSE:openSUSE-SU-2019:2348 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html | UBUNTU:USN-4252-1 | URL:https://usn.ubuntu.com/4252-1/ | UBUNTU:USN-4252-2 | URL:https://usn.ubuntu.com/4252-2/",Assigned (20180720),"None (candidate not yet proposed)","" CVE-2018-14879,Candidate,"The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file().","BUGTRAQ:20191021 [SECURITY] [DSA 4547-1] tcpdump security update | URL:https://seclists.org/bugtraq/2019/Oct/28 | BUGTRAQ:20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra | URL:https://seclists.org/bugtraq/2019/Dec/23 | CONFIRM:https://github.com/the-tcpdump-group/tcpdump/commit/9ba91381954ad325ea4fd26b9c65a8bd9a2a85b6 | CONFIRM:https://security.netapp.com/advisory/ntap-20200120-0001/ | CONFIRM:https://support.apple.com/kb/HT210788 | CONFIRM:https://support.f5.com/csp/article/K51512510?utm_source=f5support&utm_medium=RSS | DEBIAN:DSA-4547 | URL:https://www.debian.org/security/2019/dsa-4547 | FEDORA:FEDORA-2019-6db0d5b9d9 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/ | FEDORA:FEDORA-2019-85d92df70f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/ | FEDORA:FEDORA-2019-d06bc63433 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/ | FULLDISC:20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra | URL:http://seclists.org/fulldisclosure/2019/Dec/26 | MISC:https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES | MLIST:[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update | URL:https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html | SUSE:openSUSE-SU-2019:2344 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html | SUSE:openSUSE-SU-2019:2348 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html | UBUNTU:USN-4252-1 | URL:https://usn.ubuntu.com/4252-1/ | UBUNTU:USN-4252-2 | URL:https://usn.ubuntu.com/4252-2/",Assigned (20180803),"None (candidate not yet proposed)","" CVE-2018-14880,Candidate,"The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().","BUGTRAQ:20191021 [SECURITY] [DSA 4547-1] tcpdump security update | URL:https://seclists.org/bugtraq/2019/Oct/28 | BUGTRAQ:20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra | URL:https://seclists.org/bugtraq/2019/Dec/23 | CONFIRM:https://github.com/the-tcpdump-group/tcpdump/commit/e01c9bf76740802025c9328901b55ee4a0c49ed6 | CONFIRM:https://security.netapp.com/advisory/ntap-20200120-0001/ | CONFIRM:https://support.apple.com/kb/HT210788 | CONFIRM:https://support.f5.com/csp/article/K56551263?utm_source=f5support&utm_medium=RSS | DEBIAN:DSA-4547 | URL:https://www.debian.org/security/2019/dsa-4547 | FEDORA:FEDORA-2019-6db0d5b9d9 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/ | FEDORA:FEDORA-2019-85d92df70f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/ | FEDORA:FEDORA-2019-d06bc63433 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/ | FULLDISC:20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra | URL:http://seclists.org/fulldisclosure/2019/Dec/26 | MISC:https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES | MLIST:[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update | URL:https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html | SUSE:openSUSE-SU-2019:2344 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html | SUSE:openSUSE-SU-2019:2348 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html | UBUNTU:USN-4252-1 | URL:https://usn.ubuntu.com/4252-1/ | UBUNTU:USN-4252-2 | URL:https://usn.ubuntu.com/4252-2/",Assigned (20180803),"None (candidate not yet proposed)","" CVE-2018-14881,Candidate,"The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART).","BUGTRAQ:20191021 [SECURITY] [DSA 4547-1] tcpdump security update | URL:https://seclists.org/bugtraq/2019/Oct/28 | BUGTRAQ:20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra | URL:https://seclists.org/bugtraq/2019/Dec/23 | CONFIRM:https://github.com/the-tcpdump-group/tcpdump/commit/86326e880d31b328a151d45348c35220baa9a1ff | CONFIRM:https://security.netapp.com/advisory/ntap-20200120-0001/ | CONFIRM:https://support.apple.com/kb/HT210788 | DEBIAN:DSA-4547 | URL:https://www.debian.org/security/2019/dsa-4547 | FEDORA:FEDORA-2019-6db0d5b9d9 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/ | FEDORA:FEDORA-2019-85d92df70f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/ | FEDORA:FEDORA-2019-d06bc63433 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/ | FULLDISC:20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra | URL:http://seclists.org/fulldisclosure/2019/Dec/26 | MISC:https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES | MLIST:[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update | URL:https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html | SUSE:openSUSE-SU-2019:2344 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html | SUSE:openSUSE-SU-2019:2348 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html | UBUNTU:USN-4252-1 | URL:https://usn.ubuntu.com/4252-1/ | UBUNTU:USN-4252-2 | URL:https://usn.ubuntu.com/4252-2/",Assigned (20180803),"None (candidate not yet proposed)","" CVE-2018-14882,Candidate,"The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c.","BUGTRAQ:20191021 [SECURITY] [DSA 4547-1] tcpdump security update | URL:https://seclists.org/bugtraq/2019/Oct/28 | BUGTRAQ:20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra | URL:https://seclists.org/bugtraq/2019/Dec/23 | CONFIRM:https://github.com/the-tcpdump-group/tcpdump/commit/d7505276842e85bfd067fa21cdb32b8a2dc3c5e4 | CONFIRM:https://security.netapp.com/advisory/ntap-20200120-0001/ | CONFIRM:https://support.apple.com/kb/HT210788 | DEBIAN:DSA-4547 | URL:https://www.debian.org/security/2019/dsa-4547 | FEDORA:FEDORA-2019-6db0d5b9d9 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/ | FEDORA:FEDORA-2019-85d92df70f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/ | FEDORA:FEDORA-2019-d06bc63433 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/ | FULLDISC:20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra | URL:http://seclists.org/fulldisclosure/2019/Dec/26 | MISC:https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES | MLIST:[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update | URL:https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html | SUSE:openSUSE-SU-2019:2344 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html | SUSE:openSUSE-SU-2019:2348 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html | UBUNTU:USN-4252-1 | URL:https://usn.ubuntu.com/4252-1/ | UBUNTU:USN-4252-2 | URL:https://usn.ubuntu.com/4252-2/",Assigned (20180803),"None (candidate not yet proposed)","" CVE-2018-16227,Candidate,"The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield.","BUGTRAQ:20191021 [SECURITY] [DSA 4547-1] tcpdump security update | URL:https://seclists.org/bugtraq/2019/Oct/28 | BUGTRAQ:20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra | URL:https://seclists.org/bugtraq/2019/Dec/23 | CONFIRM:https://github.com/the-tcpdump-group/tcpdump/commit/4846b3c5d0a850e860baf4f07340495d29837d09 | CONFIRM:https://security.netapp.com/advisory/ntap-20200120-0001/ | CONFIRM:https://support.apple.com/kb/HT210788 | DEBIAN:DSA-4547 | URL:https://www.debian.org/security/2019/dsa-4547 | FEDORA:FEDORA-2019-6db0d5b9d9 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/ | FEDORA:FEDORA-2019-85d92df70f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/ | FEDORA:FEDORA-2019-d06bc63433 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/ | FULLDISC:20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra | URL:http://seclists.org/fulldisclosure/2019/Dec/26 | MISC:https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES | MLIST:[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update | URL:https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html | SUSE:openSUSE-SU-2019:2344 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html | SUSE:openSUSE-SU-2019:2348 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html | UBUNTU:USN-4252-1 | URL:https://usn.ubuntu.com/4252-1/ | UBUNTU:USN-4252-2 | URL:https://usn.ubuntu.com/4252-2/",Assigned (20180830),"None (candidate not yet proposed)","" CVE-2018-16228,Candidate,"The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().","BUGTRAQ:20191021 [SECURITY] [DSA 4547-1] tcpdump security update | URL:https://seclists.org/bugtraq/2019/Oct/28 | BUGTRAQ:20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra | URL:https://seclists.org/bugtraq/2019/Dec/23 | CONFIRM:https://github.com/the-tcpdump-group/tcpdump/commit/83a412a5275cac973c5841eca3511c766bed778d | CONFIRM:https://security.netapp.com/advisory/ntap-20200120-0001/ | CONFIRM:https://support.apple.com/kb/HT210788 | DEBIAN:DSA-4547 | URL:https://www.debian.org/security/2019/dsa-4547 | FEDORA:FEDORA-2019-6db0d5b9d9 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/ | FEDORA:FEDORA-2019-85d92df70f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/ | FEDORA:FEDORA-2019-d06bc63433 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/ | FULLDISC:20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra | URL:http://seclists.org/fulldisclosure/2019/Dec/26 | MISC:https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES | MLIST:[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update | URL:https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html | SUSE:openSUSE-SU-2019:2344 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html | SUSE:openSUSE-SU-2019:2348 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html | UBUNTU:USN-4252-1 | URL:https://usn.ubuntu.com/4252-1/ | UBUNTU:USN-4252-2 | URL:https://usn.ubuntu.com/4252-2/",Assigned (20180830),"None (candidate not yet proposed)","" CVE-2018-16229,Candidate,"The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().","BUGTRAQ:20191021 [SECURITY] [DSA 4547-1] tcpdump security update | URL:https://seclists.org/bugtraq/2019/Oct/28 | BUGTRAQ:20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra | URL:https://seclists.org/bugtraq/2019/Dec/23 | CONFIRM:https://github.com/the-tcpdump-group/tcpdump/commit/211124b972e74f0da66bc8b16f181f78793e2f66 | CONFIRM:https://security.netapp.com/advisory/ntap-20200120-0001/ | CONFIRM:https://support.apple.com/kb/HT210788 | DEBIAN:DSA-4547 | URL:https://www.debian.org/security/2019/dsa-4547 | FEDORA:FEDORA-2019-6db0d5b9d9 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/ | FEDORA:FEDORA-2019-85d92df70f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/ | FEDORA:FEDORA-2019-d06bc63433 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/ | FULLDISC:20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra | URL:http://seclists.org/fulldisclosure/2019/Dec/26 | MISC:https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES | MLIST:[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update | URL:https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html | SUSE:openSUSE-SU-2019:2344 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html | SUSE:openSUSE-SU-2019:2348 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html | UBUNTU:USN-4252-1 | URL:https://usn.ubuntu.com/4252-1/ | UBUNTU:USN-4252-2 | URL:https://usn.ubuntu.com/4252-2/",Assigned (20180830),"None (candidate not yet proposed)","" CVE-2018-16230,Candidate,"The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI).","BUGTRAQ:20191021 [SECURITY] [DSA 4547-1] tcpdump security update | URL:https://seclists.org/bugtraq/2019/Oct/28 | BUGTRAQ:20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra | URL:https://seclists.org/bugtraq/2019/Dec/23 | CONFIRM:https://github.com/the-tcpdump-group/tcpdump/commit/13d52e9c0e7caf7e6325b0051bc90a49968be67f | CONFIRM:https://security.netapp.com/advisory/ntap-20200120-0001/ | CONFIRM:https://support.apple.com/kb/HT210788 | DEBIAN:DSA-4547 | URL:https://www.debian.org/security/2019/dsa-4547 | FEDORA:FEDORA-2019-6db0d5b9d9 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/ | FEDORA:FEDORA-2019-85d92df70f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/ | FEDORA:FEDORA-2019-d06bc63433 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/ | FULLDISC:20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra | URL:http://seclists.org/fulldisclosure/2019/Dec/26 | MISC:https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES | MLIST:[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update | URL:https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html | SUSE:openSUSE-SU-2019:2344 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html | SUSE:openSUSE-SU-2019:2348 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html | UBUNTU:USN-4252-1 | URL:https://usn.ubuntu.com/4252-1/ | UBUNTU:USN-4252-2 | URL:https://usn.ubuntu.com/4252-2/",Assigned (20180830),"None (candidate not yet proposed)","" CVE-2018-16300,Candidate,"The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion.","BUGTRAQ:20191021 [SECURITY] [DSA 4547-1] tcpdump security update | URL:https://seclists.org/bugtraq/2019/Oct/28 | BUGTRAQ:20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra | URL:https://seclists.org/bugtraq/2019/Dec/23 | CONFIRM:https://github.com/the-tcpdump-group/tcpdump/commit/af2cf04a9394c1a56227c2289ae8da262828294a | CONFIRM:https://security.netapp.com/advisory/ntap-20200120-0001/ | CONFIRM:https://support.apple.com/kb/HT210788 | DEBIAN:DSA-4547 | URL:https://www.debian.org/security/2019/dsa-4547 | FEDORA:FEDORA-2019-6db0d5b9d9 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/ | FEDORA:FEDORA-2019-85d92df70f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/ | FEDORA:FEDORA-2019-d06bc63433 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/ | FULLDISC:20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra | URL:http://seclists.org/fulldisclosure/2019/Dec/26 | MISC:https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES | MLIST:[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update | URL:https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html | SUSE:openSUSE-SU-2019:2344 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html | SUSE:openSUSE-SU-2019:2348 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html | UBUNTU:USN-4252-1 | URL:https://usn.ubuntu.com/4252-1/ | UBUNTU:USN-4252-2 | URL:https://usn.ubuntu.com/4252-2/",Assigned (20180831),"None (candidate not yet proposed)","" CVE-2018-16451,Candidate,"The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN.","BUGTRAQ:20191021 [SECURITY] [DSA 4547-1] tcpdump security update | URL:https://seclists.org/bugtraq/2019/Oct/28 | BUGTRAQ:20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra | URL:https://seclists.org/bugtraq/2019/Dec/23 | CONFIRM:https://github.com/the-tcpdump-group/tcpdump/commit/96480ab95308cd9234b4f09b175ebf60e17792c6 | CONFIRM:https://security.netapp.com/advisory/ntap-20200120-0001/ | CONFIRM:https://support.apple.com/kb/HT210788 | DEBIAN:DSA-4547 | URL:https://www.debian.org/security/2019/dsa-4547 | FEDORA:FEDORA-2019-6db0d5b9d9 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/ | FEDORA:FEDORA-2019-85d92df70f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/ | FEDORA:FEDORA-2019-d06bc63433 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/ | FULLDISC:20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra | URL:http://seclists.org/fulldisclosure/2019/Dec/26 | MISC:https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES | MLIST:[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update | URL:https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html | SUSE:openSUSE-SU-2019:2344 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html | SUSE:openSUSE-SU-2019:2348 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html | UBUNTU:USN-4252-1 | URL:https://usn.ubuntu.com/4252-1/ | UBUNTU:USN-4252-2 | URL:https://usn.ubuntu.com/4252-2/",Assigned (20180903),"None (candidate not yet proposed)","" CVE-2018-16452,Candidate,"The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion.","BUGTRAQ:20191021 [SECURITY] [DSA 4547-1] tcpdump security update | URL:https://seclists.org/bugtraq/2019/Oct/28 | BUGTRAQ:20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra | URL:https://seclists.org/bugtraq/2019/Dec/23 | CONFIRM:https://github.com/the-tcpdump-group/tcpdump/commit/24182d959f661327525a20d9a94c98a8ec016778 | CONFIRM:https://security.netapp.com/advisory/ntap-20200120-0001/ | CONFIRM:https://support.apple.com/kb/HT210788 | DEBIAN:DSA-4547 | URL:https://www.debian.org/security/2019/dsa-4547 | FEDORA:FEDORA-2019-6db0d5b9d9 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/ | FEDORA:FEDORA-2019-85d92df70f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/ | FEDORA:FEDORA-2019-d06bc63433 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/ | FULLDISC:20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra | URL:http://seclists.org/fulldisclosure/2019/Dec/26 | MISC:https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES | MLIST:[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update | URL:https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html | SUSE:openSUSE-SU-2019:2344 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html | SUSE:openSUSE-SU-2019:2348 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html | UBUNTU:USN-4252-1 | URL:https://usn.ubuntu.com/4252-1/ | UBUNTU:USN-4252-2 | URL:https://usn.ubuntu.com/4252-2/",Assigned (20180903),"None (candidate not yet proposed)","" CVE-2018-17062,Candidate,"An issue was discovered in SeaCMS 6.64. XSS exists in admin_video.php via the action, area, type, yuyan, jqtype, v_isunion, v_recycled, v_ismoney, or v_ispsd parameter.","MISC:https://secwk.blogspot.com/2018/09/seacms-664-xss-vulnerability.html",Assigned (20180915),"None (candidate not yet proposed)","" CVE-2018-17189,Candidate,"In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections.","BID:106685 | URL:http://www.securityfocus.com/bid/106685 | BUGTRAQ:20190403 [SECURITY] [DSA 4422-1] apache2 security update | URL:https://seclists.org/bugtraq/2019/Apr/5 | CONFIRM:https://httpd.apache.org/security/vulnerabilities_24.html | CONFIRM:https://security.netapp.com/advisory/ntap-20190125-0001/ | CONFIRM:https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us | CONFIRM:https://www.tenable.com/security/tns-2019-09 | DEBIAN:DSA-4422 | URL:https://www.debian.org/security/2019/dsa-4422 | FEDORA:FEDORA-2019-0300c36537 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7N3DUEBFVGQWQEME5HTPTTKDHGHBAC6/ | FEDORA:FEDORA-2019-133a8a7cb5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IY7SJQOO3PYFVINZW6H5EK4EZ3HSGZNM/ | GENTOO:GLSA-201903-21 | URL:https://security.gentoo.org/glsa/201903-21 | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | MISC:https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | MISC:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | MLIST:[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html | URL:https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E | MLIST:[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html | URL:https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E | MLIST:[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html | URL:https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E | MLIST:[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html | URL:https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E | MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ | URL:https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E | MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [11/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ | URL:https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c@%3Ccvs.httpd.apache.org%3E | MLIST:[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html | URL:https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E | MLIST:[httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/ | URL:https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E | MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ | URL:https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E | MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ | URL:https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9@%3Ccvs.httpd.apache.org%3E | MLIST:[httpd-cvs] 20210330 svn commit: r1888194 [12/13] - /httpd/site/trunk/content/security/json/ | URL:https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3Ccvs.httpd.apache.org%3E | REDHAT:RHSA-2019:3932 | URL:https://access.redhat.com/errata/RHSA-2019:3932 | REDHAT:RHSA-2019:3933 | URL:https://access.redhat.com/errata/RHSA-2019:3933 | REDHAT:RHSA-2019:3935 | URL:https://access.redhat.com/errata/RHSA-2019:3935 | REDHAT:RHSA-2019:4126 | URL:https://access.redhat.com/errata/RHSA-2019:4126 | UBUNTU:USN-3937-1 | URL:https://usn.ubuntu.com/3937-1/",Assigned (20180919),"None (candidate not yet proposed)","" CVE-2018-18405,Candidate,"** DISPUTED ** jQuery v2.2.2 allows XSS via a crafted onerror attribute of an IMG element. NOTE: this vulnerability has been reported to be spam entry.","FEDORA:FEDORA-2020-11be4b36d4 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/ | MISC:https://gist.github.com/CyberSecurityUP/26c5b032897630fe8407da4a8ef216d4 | MISC:https://gitter.im/jquery/jquery?at=5ea844a05cd4fe50a3d7ddc9 | MISC:https://twitter.com/DanielRufde/status/1255185961866145792",Assigned (20181016),"None (candidate not yet proposed)","" CVE-2018-19340,Candidate,"Guriddo Form PHP 5.3 has XSS via the demos/jqform/defaultnodb/default.php OrderID, ShipName, ShipAddress, ShipCity, ShipPostalCode, ShipCountry, Freight, or details parameter.","MISC:https://github.com/0xUhaw/CVE-Bins/tree/master/Guriddo%20Form%20PHP",Assigned (20181117),"None (candidate not yet proposed)","" CVE-2018-19519,Candidate,"In tcpdump 4.9.2, a stack-based buffer over-read exists in the print_prefix function of print-hncp.c via crafted packet data because of missing initialization.","BID:106098 | URL:http://www.securityfocus.com/bid/106098 | CONFIRM:https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516 | FEDORA:FEDORA-2019-6db0d5b9d9 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/ | FEDORA:FEDORA-2019-85d92df70f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/ | FEDORA:FEDORA-2019-d06bc63433 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/ | MISC:https://github.com/zyingp/temp/blob/master/tcpdump.md | REDHAT:RHSA-2019:3976 | URL:https://access.redhat.com/errata/RHSA-2019:3976 | UBUNTU:USN-4252-1 | URL:https://usn.ubuntu.com/4252-1/ | UBUNTU:USN-4252-2 | URL:https://usn.ubuntu.com/4252-2/",Assigned (20181125),"None (candidate not yet proposed)","" CVE-2018-19800,Candidate,"aubio v0.4.0 to v0.4.8 has a Buffer Overflow in new_aubio_tempo.","FEDORA:FEDORA-2019-00ca0acb47 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ/ | FEDORA:FEDORA-2019-b1157fdfdc | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W/ | MISC:https://github.com/aubio/aubio/blob/0.4.9/ChangeLog | SUSE:openSUSE-SU-2019:1618 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00063.html | SUSE:openSUSE-SU-2019:1624 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00067.html",Assigned (20181203),"None (candidate not yet proposed)","" CVE-2018-19801,Candidate,"aubio v0.4.0 to v0.4.8 has a NULL pointer dereference in new_aubio_filterbank via invalid n_filters.","FEDORA:FEDORA-2019-00ca0acb47 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ/ | FEDORA:FEDORA-2019-b1157fdfdc | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W/ | MISC:https://github.com/aubio/aubio/blob/0.4.9/ChangeLog | SUSE:openSUSE-SU-2019:1618 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00063.html | SUSE:openSUSE-SU-2019:1624 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00067.html",Assigned (20181203),"None (candidate not yet proposed)","" CVE-2018-19802,Candidate,"aubio v0.4.0 to v0.4.8 has a new_aubio_onset NULL pointer dereference.","FEDORA:FEDORA-2019-00ca0acb47 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ/ | FEDORA:FEDORA-2019-b1157fdfdc | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W/ | MISC:https://github.com/aubio/aubio/blob/0.4.9/ChangeLog | SUSE:openSUSE-SU-2019:1618 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00063.html | SUSE:openSUSE-SU-2019:1624 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00067.html | SUSE:openSUSE-SU-2019:1834 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00003.html | SUSE:openSUSE-SU-2019:1852 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00012.html",Assigned (20181203),"None (candidate not yet proposed)","" CVE-2018-20349,Candidate,"The igraph_i_strdiff function in igraph_trie.c in igraph through 0.7.1 has an NULL pointer dereference that allows attackers to cause a denial of service (application crash) via a crafted object.","FEDORA:FEDORA-2019-060e7b383c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NCGDUNQYLSZLSGN6JJBORVFW46U3A75Y/ | FEDORA:FEDORA-2019-5d52865475 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OWCGXEINKJM3JQUPVCSN4RBTRKWBTYI7/ | MISC:https://github.com/igraph/igraph/issues/1141 | MLIST:[debian-lts-announce] 20191231 [SECURITY] [DLA 2055-1] igraph security update | URL:https://lists.debian.org/debian-lts-announce/2019/12/msg00038.html",Assigned (20181221),"None (candidate not yet proposed)","" CVE-2018-20536,Candidate,"There is a heap-based buffer over-read at liblas::SpatialReference::GetGTIF() (spatialreference.cpp) in libLAS 1.8.1 that will cause a denial of service.","FEDORA:FEDORA-2020-6dbbecb893 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3TPVZSUWM5TEAMCBL3Y7QLGQSLCCJFIT/ | FEDORA:FEDORA-2020-b0695fcdf7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YFI3F3PRKPXOITWD47LF6ON4L5MJQQYM/ | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1652610",Assigned (20181227),"None (candidate not yet proposed)","" CVE-2018-20537,Candidate,"There is a NULL pointer dereference at liblas::SpatialReference::GetGTIF() (spatialreference.cpp) in libLAS 1.8.1 that will cause a denial of service.","FEDORA:FEDORA-2020-6dbbecb893 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3TPVZSUWM5TEAMCBL3Y7QLGQSLCCJFIT/ | FEDORA:FEDORA-2020-b0695fcdf7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YFI3F3PRKPXOITWD47LF6ON4L5MJQQYM/ | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1652611",Assigned (20181227),"None (candidate not yet proposed)","" CVE-2018-20539,Candidate,"There is a Segmentation fault triggered by illegal address access at liblas::SpatialReference::GetGTIF() (spatialreference.cpp) in libLAS 1.8.1 that will cause a denial of service.","FEDORA:FEDORA-2020-6dbbecb893 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3TPVZSUWM5TEAMCBL3Y7QLGQSLCCJFIT/ | FEDORA:FEDORA-2020-b0695fcdf7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YFI3F3PRKPXOITWD47LF6ON4L5MJQQYM/ | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1652609",Assigned (20181227),"None (candidate not yet proposed)","" CVE-2018-20540,Candidate,"There is memory leak at liblas::Open (liblas/liblas.hpp) in libLAS 1.8.1.","FEDORA:FEDORA-2020-6dbbecb893 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3TPVZSUWM5TEAMCBL3Y7QLGQSLCCJFIT/ | FEDORA:FEDORA-2020-b0695fcdf7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YFI3F3PRKPXOITWD47LF6ON4L5MJQQYM/ | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1652612",Assigned (20181227),"None (candidate not yet proposed)","" CVE-2018-20662,Candidate,"In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing.","FEDORA:FEDORA-2019-13ba3be562 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZWP5XSUG6GNRI75NYKF53KIB2CZY6QQ6/ | FEDORA:FEDORA-2019-14040bfa27 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JQ6RABASMSIMMWMDZTP6ZWUWZPTBSVB5/ | FEDORA:FEDORA-2019-8b5e704a73 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BI7NLDN2HUEU4ZW3D7XPHOAEGT2CKDRO/ | FEDORA:FEDORA-2019-d04944813d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OSCOYM3AMFFBJWSBWY6VJVLNE5JD7YS/ | MISC:https://gitlab.freedesktop.org/poppler/poppler/commit/9fd5ec0e6e5f763b190f2a55ceb5427cfe851d5f | MISC:https://gitlab.freedesktop.org/poppler/poppler/issues/706 | MLIST:[debian-lts-announce] 20190308 [SECURITY] [DLA 1706-1] poppler security update | URL:https://lists.debian.org/debian-lts-announce/2019/03/msg00008.html | MLIST:[debian-lts-announce] 20201108 [SECURITY] [DLA 2440-1] poppler security update | URL:https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html | REDHAT:RHSA-2019:2022 | URL:https://access.redhat.com/errata/RHSA-2019:2022 | REDHAT:RHSA-2019:2713 | URL:https://access.redhat.com/errata/RHSA-2019:2713 | UBUNTU:USN-4042-1 | URL:https://usn.ubuntu.com/4042-1/",Assigned (20190103),"None (candidate not yet proposed)","" CVE-2018-5983,Candidate,"SQL Injection exists in the JquickContact 1.3.2.2.1 component for Joomla! via a task=refresh&sid= request.","EXPLOIT-DB:44118 | URL:https://exploit-db.com/exploits/44118",Assigned (20180122),"None (candidate not yet proposed)","" CVE-2018-6891,Candidate,"Bookly #1 WordPress Booking Plugin Lite before 14.5 has XSS via a jQuery.ajax request to ng-payment_details_dialog.js.","MISC:https://wordpress.org/plugins/bookly-responsive-appointment-booking-tool/#developers | MISC:https://www.gubello.me/blog/bookly-blind-stored-xss/",Assigned (20180211),"None (candidate not yet proposed)","" CVE-2018-8741,Candidate,"A directory traversal flaw in SquirrelMail 1.4.22 allows an authenticated attacker to exfiltrate (or potentially delete) files from the hosting server, related to ../ in the att_local_name field in Deliver.class.php.","DEBIAN:DSA-4168 | URL:https://www.debian.org/security/2018/dsa-4168 | FEDORA:FEDORA-2019-1a87523729 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T5FP5O562A4FM5TCFNEW73SS6PZONSAC/ | FEDORA:FEDORA-2019-ad02f64a79 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CVXTYMZ35IC5KPNMAE6BWAQWURMX7KZO/ | MISC:http://www.openwall.com/lists/oss-security/2018/03/17/2 | MISC:https://gist.github.com/hannob/3c4f86863c418930ad08853c1109364e | MISC:https://insinuator.net/2018/03/squirrelmail-full-disclosure-troopers18/ | MISC:https://paste.pound-python.org/show/OjSLiFTxiBrTk63jqEUu/ | MLIST:[debian-lts-announce] 20180416 [SECURITY] [DLA 1344-1] squirrelmail security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00012.html | SECTRACK:1040554 | URL:http://www.securitytracker.com/id/1040554",Assigned (20180317),"None (candidate not yet proposed)","" CVE-2018-8768,Candidate,"In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous.","CONFIRM:http://openwall.com/lists/oss-security/2018/03/15/2 | MLIST:[debian-lts-announce] 20201119 [SECURITY] [DLA 2432-1] jupyter-notebook security update | URL:https://lists.debian.org/debian-lts-announce/2020/11/msg00033.html",Assigned (20180318),"None (candidate not yet proposed)","" CVE-2018-9206,Candidate,"Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0","BID:105679 | URL:http://www.securityfocus.com/bid/105679 | BID:106629 | URL:http://www.securityfocus.com/bid/106629 | CONFIRM:https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | EXPLOIT-DB:45790 | URL:https://www.exploit-db.com/exploits/45790/ | EXPLOIT-DB:46182 | URL:https://www.exploit-db.com/exploits/46182/ | MISC:http://www.vapidlabs.com/advisory.php?v=204 | MISC:https://wpvulndb.com/vulnerabilities/9136",Assigned (20180402),"None (candidate not yet proposed)","" CVE-2018-9207,Candidate,"Arbitrary file upload in jQuery Upload File <= 4.0.2","MISC:http://www.vapidlabs.com/advisory.php?v=206",Assigned (20180402),"None (candidate not yet proposed)","" CVE-2018-9208,Candidate,"Unauthenticated arbitrary file upload vulnerability in jQuery Picture Cut <= v1.1Beta","MISC:http://www.vapidlabs.com/advisory.php?v=207",Assigned (20180402),"None (candidate not yet proposed)","" CVE-2019-1000018,Candidate,"rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp permission.","DEBIAN:DSA-4377 | URL:https://www.debian.org/security/2019/dsa-4377 | FEDORA:FEDORA-2019-bfb407659e | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/ | FEDORA:FEDORA-2019-d1487c13ac | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T42YYNWJZG422GATWAHAEK4A24OKY557/ | FEDORA:FEDORA-2019-e47add6b2b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/ | GENTOO:GLSA-202007-29 | URL:https://security.gentoo.org/glsa/202007-29 | MISC:https://esnet-security.github.io/vulnerabilities/20190115_rssh | MLIST:[debian-lts-announce] 20190130 [SECURITY] [DLA 1650-1] rssh security update | URL:https://lists.debian.org/debian-lts-announce/2019/01/msg00027.html | UBUNTU:USN-3946-1 | URL:https://usn.ubuntu.com/3946-1/",Assigned (20190204),"None (candidate not yet proposed)","" CVE-2019-1010113,Candidate,"Premium Software CLEditor 1.4.5 and earlier is affected by: Cross Site Scripting (XSS). The impact is: An attacker might be able to inject arbitrary html and script code into the web site. The component is: jQuery plug-in. The attack vector is: the victim must open a crafted href attribute of a link (A) element.","MISC:https://drive.google.com/drive/folders/1UxgdL8SJO6KKnG3bh0-LTl7C6i41VwoW?usp=sharing",Assigned (20190320),"None (candidate not yet proposed)","" CVE-2019-1010220,Candidate,"tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: ""ND_PRINT((ndo, ""%s"", buf));"", in function named ""print_prefix"", in ""print-hncp.c"". The attack vector is: The victim must open a specially crafted pcap file.","FEDORA:FEDORA-2019-6db0d5b9d9 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/ | FEDORA:FEDORA-2019-85d92df70f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/ | FEDORA:FEDORA-2019-d06bc63433 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/ | MISC:https://github.com/the-tcpdump-group/tcpdump/blob/master/print-hncp.c | MISC:https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9.2/print-hncp.c | MISC:https://github.com/the-tcpdump-group/tcpdump/commits/master/print-hncp.c | SUSE:openSUSE-SU-2019:1964 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00065.html | SUSE:openSUSE-SU-2019:2344 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html | SUSE:openSUSE-SU-2019:2348 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html | UBUNTU:USN-4252-1 | URL:https://usn.ubuntu.com/4252-1/ | UBUNTU:USN-4252-2 | URL:https://usn.ubuntu.com/4252-2/",Assigned (20190320),"None (candidate not yet proposed)","" CVE-2019-1010228,Candidate,"OFFIS.de DCMTK 3.6.3 and below is affected by: Buffer Overflow. The impact is: Possible code execution and confirmed Denial of Service. The component is: DcmRLEDecoder::decompress() (file dcrledec.h, line 122). The attack vector is: Many scenarios of DICOM file processing (e.g. DICOM to image conversion). The fixed version is: 3.6.4, after commit 40917614e.","FEDORA:FEDORA-2019-12650a34d8 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBKP2O24CTYIANEJTP4TVEPYEVSYV2RX/ | FEDORA:FEDORA-2019-4349fc0afb | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NQOAULR72EYJQ4HS6YGLK2S6YNEXY2ET/ | MISC:https://support.dcmtk.org/redmine/issues/858",Assigned (20190320),"None (candidate not yet proposed)","" CVE-2019-1010249,Candidate,"The Linux Foundation ONOS 2.0.0 and earlier is affected by: Integer Overflow. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: createFlow() and createFlows() functions in FlowWebResource.java (RESTful service). The attack vector is: network management and connectivity.","MISC:https://drive.google.com/open?id=1HtdRdf88Nv3RNeQJM9fQ6egY5X-tuewD | MISC:https://drive.google.com/open?id=1LxmTXZS-FRJQHAzO2JPgDx5SbLNEJHuJ",Assigned (20190320),"None (candidate not yet proposed)","" CVE-2019-11026,Candidate,"FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infinite recursion, leading to a call to the error function in Error.cc.","FEDORA:FEDORA-2019-1ddce0c095 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T5JWQE2WP4W4F2FEYPYJQBPQIOG75MVH/ | FEDORA:FEDORA-2019-3193a75b06 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XGYLZZ4DZUDBQEGCNDWSZPSFNNZJF4S6/ | FEDORA:FEDORA-2019-95eb49ef49 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWWVIYFXM74KJFIDHP4W67HR4FRF2LDE/ | MISC:https://gitlab.freedesktop.org/poppler/poppler/issues/752 | MISC:https://research.loginsoft.com/bugs/1508/",Assigned (20190408),"None (candidate not yet proposed)","" CVE-2019-11358,Candidate,"jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.","BID:108023 | URL:http://www.securityfocus.com/bid/108023 | BUGTRAQ:20190421 [SECURITY] [DSA 4434-1] drupal7 security update | URL:https://seclists.org/bugtraq/2019/Apr/32 | BUGTRAQ:20190509 dotCMS v5.1.1 Vulnerabilities | URL:https://seclists.org/bugtraq/2019/May/18 | BUGTRAQ:20190612 [SECURITY] [DSA 4460-1] mediawiki security update | URL:https://seclists.org/bugtraq/2019/Jun/12 | CONFIRM:https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 | URL:https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 | CONFIRM:https://security.netapp.com/advisory/ntap-20190919-0001/ | URL:https://security.netapp.com/advisory/ntap-20190919-0001/ | CONFIRM:https://www.synology.com/security/advisory/Synology_SA_19_19 | URL:https://www.synology.com/security/advisory/Synology_SA_19_19 | CONFIRM:https://www.tenable.com/security/tns-2019-08 | URL:https://www.tenable.com/security/tns-2019-08 | CONFIRM:https://www.tenable.com/security/tns-2020-02 | URL:https://www.tenable.com/security/tns-2020-02 | DEBIAN:DSA-4434 | URL:https://www.debian.org/security/2019/dsa-4434 | DEBIAN:DSA-4460 | URL:https://www.debian.org/security/2019/dsa-4460 | FEDORA:FEDORA-2019-1a3edd7e8a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/ | FEDORA:FEDORA-2019-2a0ce0c58c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/ | FEDORA:FEDORA-2019-7eaf0bbe7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/ | FEDORA:FEDORA-2019-a06dffab1c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/ | FEDORA:FEDORA-2019-eba8e44ee6 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/ | FEDORA:FEDORA-2019-f563e66380 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/ | FULLDISC:20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability | URL:http://seclists.org/fulldisclosure/2019/May/13 | FULLDISC:20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability | URL:http://seclists.org/fulldisclosure/2019/May/11 | FULLDISC:20190510 dotCMS v5.1.1 Vulnerabilities | URL:http://seclists.org/fulldisclosure/2019/May/10 | MISC:http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html | URL:http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html | MISC:http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html | URL:http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html | MISC:http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html | URL:http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html | MISC:https://backdropcms.org/security/backdrop-sa-core-2019-009 | URL:https://backdropcms.org/security/backdrop-sa-core-2019-009 | MISC:https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/ | URL:https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/ | MISC:https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b | URL:https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b | MISC:https://github.com/jquery/jquery/pull/4333 | URL:https://github.com/jquery/jquery/pull/4333 | MISC:https://snyk.io/vuln/SNYK-JS-JQUERY-174006 | URL:https://snyk.io/vuln/SNYK-JS-JQUERY-174006 | MISC:https://www.drupal.org/sa-core-2019-006 | URL:https://www.drupal.org/sa-core-2019-006 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | URL:https://www.oracle.com/security-alerts/cpuapr2020.html | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | URL:https://www.oracle.com/security-alerts/cpujan2020.html | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html | MISC:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | URL:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | MISC:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | URL:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | MISC:https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/ | URL:https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/ | MLIST:[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358 | URL:https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f@%3Ccommits.airflow.apache.org%3E | MLIST:[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG merged pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358 | URL:https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844@%3Ccommits.airflow.apache.org%3E | MLIST:[airflow-commits] 20190428 [GitHub] [airflow] codecov-io commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358 | URL:https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7@%3Ccommits.airflow.apache.org%3E | MLIST:[airflow-commits] 20190428 [GitHub] [airflow] feng-tao commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358 | URL:https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc@%3Ccommits.airflow.apache.org%3E | MLIST:[airflow-commits] 20190428 [GitHub] [airflow] feng-tao opened a new pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358 | URL:https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205@%3Ccommits.airflow.apache.org%3E | MLIST:[debian-lts-announce] 20190506 [SECURITY] [DLA 1777-1] jquery security update | URL:https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html | MLIST:[debian-lts-announce] 20190520 [SECURITY] [DLA 1797-1] drupal7 security update | URL:https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html | MLIST:[debian-lts-announce] 20200224 [SECURITY] [DLA 2118-1] otrs2 security update | URL:https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html | MLIST:[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities | URL:https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E | MLIST:[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities | URL:https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E | MLIST:[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities | URL:https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E | MLIST:[flink-dev] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery | URL:https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355@%3Cdev.flink.apache.org%3E | MLIST:[flink-issues] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery | URL:https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d@%3Cissues.flink.apache.org%3E | MLIST:[flink-issues] 20200518 [jira] [Assigned] (FLINK-17675) Resolve CVE-2019-11358 from jquery | URL:https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08@%3Cissues.flink.apache.org%3E | MLIST:[flink-issues] 20200518 [jira] [Commented] (FLINK-17675) Resolve CVE-2019-11358 from jquery | URL:https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9@%3Cissues.flink.apache.org%3E | MLIST:[flink-issues] 20200518 [jira] [Updated] (FLINK-17675) Resolve CVE-2019-11358 from jquery | URL:https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73@%3Cissues.flink.apache.org%3E | MLIST:[flink-issues] 20200520 [jira] [Closed] (FLINK-17675) Resolve CVE-2019-11358 from jquery | URL:https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa@%3Cissues.flink.apache.org%3E | MLIST:[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E | MLIST:[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E | MLIST:[oss-security] 20190603 Django: CVE-2019-12308 AdminURLFieldWidget XSS (plus patched bundled jQuery for CVE-2019-11358) | URL:http://www.openwall.com/lists/oss-security/2019/06/03/2 | MLIST:[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js | URL:https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E | MLIST:[storm-dev] 20200708 [GitHub] [storm] Crim opened a new pull request #3305: [STORM-3553] Upgrade jQuery from 1.11.1 to 3.5.1 | URL:https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734@%3Cdev.storm.apache.org%3E | MLIST:[syncope-dev] 20200423 Jquery version on 2.1.x/2.0.x | URL:https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766@%3Cdev.syncope.apache.org%3E | REDHAT:RHBA-2019:1570 | URL:https://access.redhat.com/errata/RHBA-2019:1570 | REDHAT:RHSA-2019:1456 | URL:https://access.redhat.com/errata/RHSA-2019:1456 | REDHAT:RHSA-2019:2587 | URL:https://access.redhat.com/errata/RHSA-2019:2587 | REDHAT:RHSA-2019:3023 | URL:https://access.redhat.com/errata/RHSA-2019:3023 | REDHAT:RHSA-2019:3024 | URL:https://access.redhat.com/errata/RHSA-2019:3024 | SUSE:openSUSE-SU-2019:1839 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html | SUSE:openSUSE-SU-2019:1872 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html",Assigned (20190419),"None (candidate not yet proposed)","" CVE-2019-12086,Candidate,"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.","BID:109227 | URL:http://www.securityfocus.com/bid/109227 | BUGTRAQ:20190527 [SECURITY] [DSA 4452-1] jackson-databind security update | URL:https://seclists.org/bugtraq/2019/May/68 | CONFIRM:https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9 | URL:https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9 | CONFIRM:https://security.netapp.com/advisory/ntap-20190530-0003/ | URL:https://security.netapp.com/advisory/ntap-20190530-0003/ | DEBIAN:DSA-4452 | URL:https://www.debian.org/security/2019/dsa-4452 | FEDORA:FEDORA-2019-99ff6aa32c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/ | FEDORA:FEDORA-2019-ae6a703b8f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/ | FEDORA:FEDORA-2019-fb23eccc03 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/ | MISC:http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/ | URL:http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/ | MISC:https://github.com/FasterXML/jackson-databind/issues/2326 | URL:https://github.com/FasterXML/jackson-databind/issues/2326 | MISC:https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 | URL:https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | URL:https://www.oracle.com/security-alerts/cpuapr2020.html | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | URL:https://www.oracle.com/security-alerts/cpujan2020.html | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html | MISC:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | URL:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | MISC:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | URL:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | MLIST:[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to >= 2.9.9.3 to address security vulnerabilities | URL:https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E | MLIST:[debian-lts-announce] 20190521 [SECURITY] [DLA 1798-1] jackson-databind security update | URL:https://lists.debian.org/debian-lts-announce/2019/05/msg00030.html | MLIST:[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities | URL:https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E | MLIST:[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities | URL:https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E | MLIST:[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities | URL:https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E | MLIST:[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1 | URL:https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E | MLIST:[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E | MLIST:[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E | MLIST:[nifi-commits] 20200930 svn commit: r1882168 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3Ccommits.nifi.apache.org%3E | MLIST:[spark-reviews] 20190520 [GitHub] [spark] Fokko opened a new pull request #24646: Spark 27757 | URL:https://lists.apache.org/thread.html/88cd25375805950ae7337e669b0cb0eeda98b9604c1b8d806dccbad2@%3Creviews.spark.apache.org%3E | REDHAT:RHSA-2019:2858 | URL:https://access.redhat.com/errata/RHSA-2019:2858 | REDHAT:RHSA-2019:2935 | URL:https://access.redhat.com/errata/RHSA-2019:2935 | REDHAT:RHSA-2019:2936 | URL:https://access.redhat.com/errata/RHSA-2019:2936 | REDHAT:RHSA-2019:2937 | URL:https://access.redhat.com/errata/RHSA-2019:2937 | REDHAT:RHSA-2019:2938 | URL:https://access.redhat.com/errata/RHSA-2019:2938 | REDHAT:RHSA-2019:2998 | URL:https://access.redhat.com/errata/RHSA-2019:2998 | REDHAT:RHSA-2019:3044 | URL:https://access.redhat.com/errata/RHSA-2019:3044 | REDHAT:RHSA-2019:3045 | URL:https://access.redhat.com/errata/RHSA-2019:3045 | REDHAT:RHSA-2019:3046 | URL:https://access.redhat.com/errata/RHSA-2019:3046 | REDHAT:RHSA-2019:3050 | URL:https://access.redhat.com/errata/RHSA-2019:3050 | REDHAT:RHSA-2019:3149 | URL:https://access.redhat.com/errata/RHSA-2019:3149 | REDHAT:RHSA-2019:3200 | URL:https://access.redhat.com/errata/RHSA-2019:3200",Assigned (20190513),"None (candidate not yet proposed)","" CVE-2019-12308,Candidate,"An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. The clickable Current URL value displayed by the AdminURLFieldWidget displays the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provided as a URL query parameter payload, could result in an clickable JavaScript link.","BID:108559 | URL:http://www.securityfocus.com/bid/108559 | BUGTRAQ:20190708 [SECURITY] [DSA 4476-1] python-django security update | URL:https://seclists.org/bugtraq/2019/Jul/10 | CONFIRM:https://docs.djangoproject.com/en/dev/releases/1.11.21/ | CONFIRM:https://docs.djangoproject.com/en/dev/releases/2.1.9/ | CONFIRM:https://docs.djangoproject.com/en/dev/releases/2.2.2/ | CONFIRM:https://www.djangoproject.com/weblog/2019/jun/03/security-releases/ | DEBIAN:DSA-4476 | URL:https://www.debian.org/security/2019/dsa-4476 | FEDORA:FEDORA-2019-57a4324120 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/USYRARSYB7PE3S2ZQO7PZNWMH7RPGL5G/ | GENTOO:GLSA-202004-17 | URL:https://security.gentoo.org/glsa/202004-17 | MISC:https://docs.djangoproject.com/en/dev/releases/security/ | MISC:https://groups.google.com/forum/#!topic/django-announce/GEbHU7YoVz8 | MLIST:[debian-lts-announce] 20190605 [SECURITY] [DLA 1814-1] python-django security update | URL:https://lists.debian.org/debian-lts-announce/2019/06/msg00001.html | MLIST:[debian-lts-announce] 20190701 [SECURITY] [DLA 1842-1] python-django security update | URL:https://lists.debian.org/debian-lts-announce/2019/07/msg00001.html | MLIST:[oss-security] 20190603 Django: CVE-2019-12308 AdminURLFieldWidget XSS (plus patched bundled jQuery for CVE-2019-11358) | URL:http://www.openwall.com/lists/oss-security/2019/06/03/2 | SUSE:openSUSE-SU-2019:1839 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html | SUSE:openSUSE-SU-2019:1872 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html | UBUNTU:USN-4043-1 | URL:https://usn.ubuntu.com/4043-1/",Assigned (20190523),"None (candidate not yet proposed)","" CVE-2019-12384,Candidate,"FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible.","BUGTRAQ:20191007 [SECURITY] [DSA 4542-1] jackson-databind security update | URL:https://seclists.org/bugtraq/2019/Oct/6 | CONFIRM:https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html | URL:https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html | CONFIRM:https://security.netapp.com/advisory/ntap-20190703-0002/ | URL:https://security.netapp.com/advisory/ntap-20190703-0002/ | DEBIAN:DSA-4542 | URL:https://www.debian.org/security/2019/dsa-4542 | FEDORA:FEDORA-2019-99ff6aa32c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/ | FEDORA:FEDORA-2019-ae6a703b8f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/ | FEDORA:FEDORA-2019-fb23eccc03 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/ | MISC:https://blog.doyensec.com/2019/07/22/jackson-gadgets.html | URL:https://blog.doyensec.com/2019/07/22/jackson-gadgets.html | MISC:https://doyensec.com/research.html | URL:https://doyensec.com/research.html | MISC:https://github.com/FasterXML/jackson-databind/compare/74b90a4...a977aad | URL:https://github.com/FasterXML/jackson-databind/compare/74b90a4...a977aad | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | URL:https://www.oracle.com/security-alerts/cpuapr2020.html | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | URL:https://www.oracle.com/security-alerts/cpujan2020.html | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html | MISC:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | URL:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | MLIST:[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to >= 2.9.9.3 to address security vulnerabilities | URL:https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E | MLIST:[debian-lts-announce] 20190621 [SECURITY] [DLA 1831-1] jackson-databind security update | URL:https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html | MLIST:[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities | URL:https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E | MLIST:[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities | URL:https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E | MLIST:[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities | URL:https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E | MLIST:[geode-notifications] 20191007 [GitHub] [geode] jmelchio commented on issue #4102: Fix for GEODE-7255: Pickup Jackson CVE fix | URL:https://lists.apache.org/thread.html/e0733058c0366b703e6757d8d2a7a04b943581f659e9c271f0841dfe@%3Cnotifications.geode.apache.org%3E | MLIST:[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E | MLIST:[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E | MLIST:[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204 | URL:https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E | MLIST:[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439 | URL:https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9@%3Cdev.tomee.apache.org%3E | MLIST:[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439 | URL:https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9@%3Cdev.tomee.apache.org%3E | MLIST:[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439 | URL:https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be@%3Cdev.tomee.apache.org%3E | MLIST:[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439 | URL:https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4@%3Cdev.tomee.apache.org%3E | MLIST:[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439 | URL:https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3Cdev.tomee.apache.org%3E | MLIST:[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439 | URL:https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319@%3Cdev.tomee.apache.org%3E | MLIST:[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439 | URL:https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b@%3Cdev.tomee.apache.org%3E | MLIST:[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439 | URL:https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1@%3Cdev.tomee.apache.org%3E | REDHAT:RHSA-2019:1820 | URL:https://access.redhat.com/errata/RHSA-2019:1820 | REDHAT:RHSA-2019:2720 | URL:https://access.redhat.com/errata/RHSA-2019:2720 | REDHAT:RHSA-2019:2858 | URL:https://access.redhat.com/errata/RHSA-2019:2858 | REDHAT:RHSA-2019:2935 | URL:https://access.redhat.com/errata/RHSA-2019:2935 | REDHAT:RHSA-2019:2936 | URL:https://access.redhat.com/errata/RHSA-2019:2936 | REDHAT:RHSA-2019:2937 | URL:https://access.redhat.com/errata/RHSA-2019:2937 | REDHAT:RHSA-2019:2938 | URL:https://access.redhat.com/errata/RHSA-2019:2938 | REDHAT:RHSA-2019:2998 | URL:https://access.redhat.com/errata/RHSA-2019:2998 | REDHAT:RHSA-2019:3149 | URL:https://access.redhat.com/errata/RHSA-2019:3149 | REDHAT:RHSA-2019:3200 | URL:https://access.redhat.com/errata/RHSA-2019:3200 | REDHAT:RHSA-2019:3292 | URL:https://access.redhat.com/errata/RHSA-2019:3292 | REDHAT:RHSA-2019:3297 | URL:https://access.redhat.com/errata/RHSA-2019:3297 | REDHAT:RHSA-2019:3901 | URL:https://access.redhat.com/errata/RHSA-2019:3901 | REDHAT:RHSA-2019:4352 | URL:https://access.redhat.com/errata/RHSA-2019:4352",Assigned (20190527),"None (candidate not yet proposed)","" CVE-2019-12447,Candidate,"An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used.","FEDORA:FEDORA-2019-6ed5523cc0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M2DQVOL5H5BVLXYCEB763DCIYJQ7ZUQ2/ | FEDORA:FEDORA-2019-e6b02af8b8 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FP6BFQUPQRVRRFIYHFWWB6RHJNEB4LGQ/ | MISC:https://gitlab.gnome.org/GNOME/gvfs/commit/d7d362995aa0cb8905c8d5c2a2a4c305d2ffff80 | MLIST:[oss-security] 20190709 Privileged File Access from Desktop Applications | URL:http://www.openwall.com/lists/oss-security/2019/07/09/3 | SUSE:openSUSE-SU-2019:1697 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00009.html | SUSE:openSUSE-SU-2019:1699 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00008.html | UBUNTU:USN-4053-1 | URL:https://usn.ubuntu.com/4053-1/",Assigned (20190529),"None (candidate not yet proposed)","" CVE-2019-12448,Candidate,"An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement query_info_on_read/write.","FEDORA:FEDORA-2019-6ed5523cc0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M2DQVOL5H5BVLXYCEB763DCIYJQ7ZUQ2/ | FEDORA:FEDORA-2019-e6b02af8b8 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FP6BFQUPQRVRRFIYHFWWB6RHJNEB4LGQ/ | MISC:https://gitlab.gnome.org/GNOME/gvfs/commit/764e9af7522e3096c0f44613c330377d31c9bbb5 | MLIST:[oss-security] 20190709 Privileged File Access from Desktop Applications | URL:http://www.openwall.com/lists/oss-security/2019/07/09/3 | SUSE:openSUSE-SU-2019:1697 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00009.html | SUSE:openSUSE-SU-2019:1699 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00008.html | UBUNTU:USN-4053-1 | URL:https://usn.ubuntu.com/4053-1/",Assigned (20190529),"None (candidate not yet proposed)","" CVE-2019-12449,Candidate,"An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations from admin:// to file:// URIs, because root privileges are unavailable.","FEDORA:FEDORA-2019-6ed5523cc0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M2DQVOL5H5BVLXYCEB763DCIYJQ7ZUQ2/ | FEDORA:FEDORA-2019-e6b02af8b8 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FP6BFQUPQRVRRFIYHFWWB6RHJNEB4LGQ/ | MISC:https://gitlab.gnome.org/GNOME/gvfs/commit/409619412e11be146a31b9a99ed965925f1aabb8 | MLIST:[oss-security] 20190709 Privileged File Access from Desktop Applications | URL:http://www.openwall.com/lists/oss-security/2019/07/09/3 | SUSE:openSUSE-SU-2019:1697 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00009.html | SUSE:openSUSE-SU-2019:1699 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00008.html | UBUNTU:USN-4053-1 | URL:https://usn.ubuntu.com/4053-1/",Assigned (20190529),"None (candidate not yet proposed)","" CVE-2019-12795,Candidate,"daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. (Note that the server socket only accepts a single connection, so the attacker would have to discover the server and connect to the socket before its owner does.)","BID:108741 | URL:http://www.securityfocus.com/bid/108741 | FEDORA:FEDORA-2019-6ed5523cc0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M2DQVOL5H5BVLXYCEB763DCIYJQ7ZUQ2/ | FEDORA:FEDORA-2019-e6b02af8b8 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FP6BFQUPQRVRRFIYHFWWB6RHJNEB4LGQ/ | MISC:https://gitlab.gnome.org/GNOME/gvfs/commit/70dbfc68a79faac49bd3423e079cb6902522082a | MISC:https://gitlab.gnome.org/GNOME/gvfs/commit/d8c9138bf240975848b1c54db648ec4cd516a48f | MISC:https://gitlab.gnome.org/GNOME/gvfs/commit/e3808a1b4042761055b1d975333a8243d67b8bfe | MLIST:[debian-lts-announce] 20190619 [SECURITY] [DLA 1827-1] gvfs security update | URL:https://lists.debian.org/debian-lts-announce/2019/06/msg00014.html | REDHAT:RHSA-2019:3553 | URL:https://access.redhat.com/errata/RHSA-2019:3553 | SUSE:openSUSE-SU-2019:1697 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00009.html | SUSE:openSUSE-SU-2019:1699 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00008.html | UBUNTU:USN-4053-1 | URL:https://usn.ubuntu.com/4053-1/",Assigned (20190611),"None (candidate not yet proposed)","" CVE-2019-12814,Candidate,"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server.","CONFIRM:https://github.com/FasterXML/jackson-databind/issues/2341 | URL:https://github.com/FasterXML/jackson-databind/issues/2341 | CONFIRM:https://security.netapp.com/advisory/ntap-20190625-0006/ | URL:https://security.netapp.com/advisory/ntap-20190625-0006/ | FEDORA:FEDORA-2019-99ff6aa32c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/ | FEDORA:FEDORA-2019-ae6a703b8f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/ | FEDORA:FEDORA-2019-fb23eccc03 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/ | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | URL:https://www.oracle.com/security-alerts/cpujan2020.html | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html | MISC:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | URL:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | MISC:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | URL:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | MLIST:[accumulo-commits] 20190723 [accumulo] branch 2.0 updated: Fix CVE-2019-12814 Use jackson-databind 2.9.9.1 | URL:https://lists.apache.org/thread.html/bf20574dbc2db255f1fd489942b5720f675e32a2c4f44eb6a36060cd@%3Ccommits.accumulo.apache.org%3E | MLIST:[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to >= 2.9.9.3 to address security vulnerabilities | URL:https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E | MLIST:[debian-lts-announce] 20190621 [SECURITY] [DLA 1831-1] jackson-databind security update | URL:https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html | MLIST:[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities | URL:https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E | MLIST:[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities | URL:https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E | MLIST:[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities | URL:https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E | MLIST:[geode-notifications] 20191007 [GitHub] [geode] jmelchio commented on issue #4102: Fix for GEODE-7255: Pickup Jackson CVE fix | URL:https://lists.apache.org/thread.html/e0733058c0366b703e6757d8d2a7a04b943581f659e9c271f0841dfe@%3Cnotifications.geode.apache.org%3E | MLIST:[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E | MLIST:[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E | MLIST:[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204 | URL:https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E | MLIST:[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439 | URL:https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9@%3Cdev.tomee.apache.org%3E | MLIST:[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439 | URL:https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9@%3Cdev.tomee.apache.org%3E | MLIST:[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439 | URL:https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be@%3Cdev.tomee.apache.org%3E | MLIST:[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439 | URL:https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4@%3Cdev.tomee.apache.org%3E | MLIST:[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439 | URL:https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3Cdev.tomee.apache.org%3E | MLIST:[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439 | URL:https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319@%3Cdev.tomee.apache.org%3E | MLIST:[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439 | URL:https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b@%3Cdev.tomee.apache.org%3E | MLIST:[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439 | URL:https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1@%3Cdev.tomee.apache.org%3E | MLIST:[zookeeper-dev] 20190623 [jira] [Created] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814 | URL:https://lists.apache.org/thread.html/129da0204c876f746636018751a086cc581e0e07bcdeb3ee22ff5731@%3Cdev.zookeeper.apache.org%3E | MLIST:[zookeeper-issues] 20190623 [jira] [Created] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814 | URL:https://lists.apache.org/thread.html/15a55e1d837fa686db493137cc0330c7ee1089ed9a9eea7ae7151ef1@%3Cissues.zookeeper.apache.org%3E | MLIST:[zookeeper-issues] 20190623 [jira] [Updated] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814 | URL:https://lists.apache.org/thread.html/a78239b1f11cddfa86e4edee19064c40b6272214630bfef070c37957@%3Cissues.zookeeper.apache.org%3E | MLIST:[zookeeper-issues] 20190708 [jira] [Commented] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814 | URL:https://lists.apache.org/thread.html/a3ae8a8c5e32c413cd27071d3a204166050bf79ce7f1299f6866338f@%3Cissues.zookeeper.apache.org%3E | MLIST:[zookeeper-issues] 20190712 [jira] [Assigned] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814 | URL:https://lists.apache.org/thread.html/71f9ffd92410a889e27b95a219eaa843fd820f8550898633d85d4ea3@%3Cissues.zookeeper.apache.org%3E | MLIST:[zookeeper-issues] 20190712 [jira] [Commented] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814 | URL:https://lists.apache.org/thread.html/2ff264b6a94c5363a35c4c88fa93216f60ec54d1d973ed6b76a9f560@%3Cissues.zookeeper.apache.org%3E | MLIST:[zookeeper-issues] 20190712 [jira] [Resolved] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814 | URL:https://lists.apache.org/thread.html/28be28ffd6471d230943a255c36fe196a54ef5afc494a4781d16e37c@%3Cissues.zookeeper.apache.org%3E | MLIST:[zookeeper-issues] 20190713 [jira] [Updated] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814 | URL:https://lists.apache.org/thread.html/b0a2b2cca072650dbd5882719976c3d353972c44f6736ddf0ba95209@%3Cissues.zookeeper.apache.org%3E | MLIST:[zookeeper-notifications] 20190623 [GitHub] [zookeeper] eolivelli opened a new pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814 | URL:https://lists.apache.org/thread.html/1e04d9381c801b31ab28dec813c31c304b2a596b2a3707fa5462c5c0@%3Cnotifications.zookeeper.apache.org%3E | MLIST:[zookeeper-notifications] 20190624 [GitHub] [zookeeper] eolivelli closed pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814 | URL:https://lists.apache.org/thread.html/4b832d1327703d6b287a6d223307f8f884d798821209a10647e93324@%3Cnotifications.zookeeper.apache.org%3E | MLIST:[zookeeper-notifications] 20190624 [GitHub] [zookeeper] eolivelli commented on issue #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814 | URL:https://lists.apache.org/thread.html/8fe2983f6d9fee0aa737e4bd24483f8f5cf9b938b9adad0c4e79b2a4@%3Cnotifications.zookeeper.apache.org%3E | MLIST:[zookeeper-notifications] 20190624 [GitHub] [zookeeper] phunt commented on a change in pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814 | URL:https://lists.apache.org/thread.html/a62aa2706105d68f1c02023fe24aaa3c13b4d8a1826181fed07d9682@%3Cnotifications.zookeeper.apache.org%3E | MLIST:[zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt closed pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814 | URL:https://lists.apache.org/thread.html/b148fa2e9ef468c4de00de255dd728b74e2a97d935f8ced31eb41ba2@%3Cnotifications.zookeeper.apache.org%3E | MLIST:[zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt opened a new pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814 | URL:https://lists.apache.org/thread.html/eff7280055fc717ea8129cd28a9dd57b8446d00b36260c1caee10b87@%3Cnotifications.zookeeper.apache.org%3E | REDHAT:RHSA-2019:2858 | URL:https://access.redhat.com/errata/RHSA-2019:2858 | REDHAT:RHSA-2019:2935 | URL:https://access.redhat.com/errata/RHSA-2019:2935 | REDHAT:RHSA-2019:2936 | URL:https://access.redhat.com/errata/RHSA-2019:2936 | REDHAT:RHSA-2019:2937 | URL:https://access.redhat.com/errata/RHSA-2019:2937 | REDHAT:RHSA-2019:2938 | URL:https://access.redhat.com/errata/RHSA-2019:2938 | REDHAT:RHSA-2019:3044 | URL:https://access.redhat.com/errata/RHSA-2019:3044 | REDHAT:RHSA-2019:3045 | URL:https://access.redhat.com/errata/RHSA-2019:3045 | REDHAT:RHSA-2019:3046 | URL:https://access.redhat.com/errata/RHSA-2019:3046 | REDHAT:RHSA-2019:3050 | URL:https://access.redhat.com/errata/RHSA-2019:3050 | REDHAT:RHSA-2019:3149 | URL:https://access.redhat.com/errata/RHSA-2019:3149 | REDHAT:RHSA-2019:3200 | URL:https://access.redhat.com/errata/RHSA-2019:3200 | REDHAT:RHSA-2019:3292 | URL:https://access.redhat.com/errata/RHSA-2019:3292 | REDHAT:RHSA-2019:3297 | URL:https://access.redhat.com/errata/RHSA-2019:3297",Assigned (20190613),"None (candidate not yet proposed)","" CVE-2019-12817,Candidate,"arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1.15 for powerpc has a bug where unrelated processes may be able to read/write to one another's virtual memory under certain conditions via an mmap above 512 TB. Only a subset of powerpc systems are affected.","BID:108884 | URL:http://www.securityfocus.com/bid/108884 | BUGTRAQ:20190812 [SECURITY] [DSA 4495-1] linux security update | URL:https://seclists.org/bugtraq/2019/Aug/13 | CONFIRM:https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.15 | CONFIRM:https://support.f5.com/csp/article/K12876166 | CONFIRM:https://support.f5.com/csp/article/K12876166?utm_source=f5support&utm_medium=RSS | DEBIAN:DSA-4495 | URL:https://www.debian.org/security/2019/dsa-4495 | FEDORA:FEDORA-2019-6817686c4d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSKLL2374YGFQR6LSVCFGTTCRGBTLAWZ/ | FEDORA:FEDORA-2019-69c132b061 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OTLN3KQYEEWWAJYA4BUYYDMWWXCJQNV2/ | MISC:https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ca72d88378b2f2444d3ec145dd442d449d3fefbc | MLIST:[oss-security] 20190625 CVE-2019-12817: Linux kernel: powerpc: Unrelated processes may be able to read/write to each other's virtual memory | URL:http://www.openwall.com/lists/oss-security/2019/06/24/5 | REDHAT:RHSA-2019:2703 | URL:https://access.redhat.com/errata/RHSA-2019:2703 | SUSE:openSUSE-SU-2019:1757 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html | UBUNTU:USN-4031-1 | URL:https://usn.ubuntu.com/4031-1/",Assigned (20190613),"None (candidate not yet proposed)","" CVE-2019-13115,Candidate,"In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. This is related to an _libssh2_check_length mistake, and is different from the various issues fixed in 1.8.1, such as CVE-2019-3855.","CONFIRM:https://security.netapp.com/advisory/ntap-20190806-0002/ | CONFIRM:https://support.f5.com/csp/article/K13322484 | CONFIRM:https://support.f5.com/csp/article/K13322484?utm_source=f5support&utm_medium=RSS | FEDORA:FEDORA-2019-5885663621 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M7IF3LNHOA75O4WZWIHJLIRMA5LJUED3/ | FEDORA:FEDORA-2019-9d85600fc7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6LUNHPW64IGCASZ4JQ2J5KDXNZN53DWW/ | MISC:https://blog.semmle.com/libssh2-integer-overflow/ | MISC:https://github.com/libssh2/libssh2/compare/02ecf17...42d37aa | MISC:https://github.com/libssh2/libssh2/pull/350 | MISC:https://libssh2.org/changes.html | MLIST:[debian-lts-announce] 20190725 [SECURITY] [DLA 1730-3] libssh2 regression update | URL:https://lists.debian.org/debian-lts-announce/2019/07/msg00024.html",Assigned (20190630),"None (candidate not yet proposed)","" CVE-2019-13488,Candidate,"A cross-site scripting (XSS) vulnerability in static/js/trape.js in Trape through 2019-05-08 allows remote attackers to inject arbitrary web script or HTML via the country, query, or refer parameter to the /register URI, because the jQuery prepend() method is used.","MISC:https://github.com/jofpin/trape/issues/169",Assigned (20190710),"None (candidate not yet proposed)","" CVE-2019-13604,Candidate,"There is a short key vulnerability in HID Global DigitalPersona (formerly Crossmatch) U.are.U 4500 Fingerprint Reader v24. The key for obfuscating the fingerprint image is vulnerable to brute-force attacks. This allows an attacker to recover the key and decrypt that image using the key. Successful exploitation causes a sensitive biometric information leak.","MISC:https://github.com/sungjungk/fp-img-key-crack | MISC:https://www.youtube.com/watch?v=7tKJQdKRm2k | MISC:https://www.youtube.com/watch?v=BwYK_xZlKi4",Assigned (20190714),"None (candidate not yet proposed)","" CVE-2019-14287,Candidate,"In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a ""sudo -u \#$((0xffffffff))"" command.","BUGTRAQ:20191015 [SECURITY] [DSA 4543-1] sudo security update | URL:https://seclists.org/bugtraq/2019/Oct/21 | BUGTRAQ:20191015 [slackware-security] sudo (SSA:2019-287-01) | URL:https://seclists.org/bugtraq/2019/Oct/20 | CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0003/ | CONFIRM:https://support.f5.com/csp/article/K53746212?utm_source=f5support&utm_medium=RSS | CONFIRM:https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03976en_us | CONFIRM:https://www.sudo.ws/alerts/minus_1_uid.html | DEBIAN:DSA-4543 | URL:https://www.debian.org/security/2019/dsa-4543 | FEDORA:FEDORA-2019-67998e9f7e | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUVAOZBYUHZS56A5FQSCDVGXT7PW7FL2/ | FEDORA:FEDORA-2019-72755db9c7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NPLAM57TPJQGKQMNG6RHFBLACD6K356N/ | FEDORA:FEDORA-2019-9cb221f2be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IP7SIOAVLSKJGMTIULX52VQUPTVSC43U/ | GENTOO:GLSA-202003-12 | URL:https://security.gentoo.org/glsa/202003-12 | MISC:http://packetstormsecurity.com/files/154853/Slackware-Security-Advisory-sudo-Updates.html | MISC:https://resources.whitesourcesoftware.com/blog-whitesource/new-vulnerability-in-sudo-cve-2019-14287 | MLIST:[debian-lts-announce] 20191017 [SECURITY] [DLA 1964-1] sudo security update | URL:https://lists.debian.org/debian-lts-announce/2019/10/msg00022.html | MLIST:[oss-security] 20191014 Sudo: CVE-2019-14287 | URL:http://www.openwall.com/lists/oss-security/2019/10/14/1 | MLIST:[oss-security] 20191015 Re: Sudo: CVE-2019-14287 | URL:https://www.openwall.com/lists/oss-security/2019/10/15/2 | MLIST:[oss-security] 20191023 Membership application for linux-distros - VMware | URL:http://www.openwall.com/lists/oss-security/2019/10/24/1 | MLIST:[oss-security] 20191029 Re: Membership application for linux-distros - VMware | URL:http://www.openwall.com/lists/oss-security/2019/10/29/3 | REDHAT:RHBA-2019:3248 | URL:https://access.redhat.com/errata/RHBA-2019:3248 | REDHAT:RHSA-2019:3197 | URL:https://access.redhat.com/errata/RHSA-2019:3197 | REDHAT:RHSA-2019:3204 | URL:https://access.redhat.com/errata/RHSA-2019:3204 | REDHAT:RHSA-2019:3205 | URL:https://access.redhat.com/errata/RHSA-2019:3205 | REDHAT:RHSA-2019:3209 | URL:https://access.redhat.com/errata/RHSA-2019:3209 | REDHAT:RHSA-2019:3219 | URL:https://access.redhat.com/errata/RHSA-2019:3219 | REDHAT:RHSA-2019:3278 | URL:https://access.redhat.com/errata/RHSA-2019:3278 | REDHAT:RHSA-2019:3694 | URL:https://access.redhat.com/errata/RHSA-2019:3694 | REDHAT:RHSA-2019:3754 | URL:https://access.redhat.com/errata/RHSA-2019:3754 | REDHAT:RHSA-2019:3755 | URL:https://access.redhat.com/errata/RHSA-2019:3755 | REDHAT:RHSA-2019:3895 | URL:https://access.redhat.com/errata/RHSA-2019:3895 | REDHAT:RHSA-2019:3916 | URL:https://access.redhat.com/errata/RHSA-2019:3916 | REDHAT:RHSA-2019:3941 | URL:https://access.redhat.com/errata/RHSA-2019:3941 | REDHAT:RHSA-2019:4191 | URL:https://access.redhat.com/errata/RHSA-2019:4191 | REDHAT:RHSA-2020:0388 | URL:https://access.redhat.com/errata/RHSA-2020:0388 | SUSE:openSUSE-SU-2019:2316 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00042.html | SUSE:openSUSE-SU-2019:2333 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00047.html | UBUNTU:USN-4154-1 | URL:https://usn.ubuntu.com/4154-1/",Assigned (20190727),"None (candidate not yet proposed)","" CVE-2019-14379,Candidate,"SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.","CONFIRM:https://security.netapp.com/advisory/ntap-20190814-0001/ | URL:https://security.netapp.com/advisory/ntap-20190814-0001/ | FEDORA:FEDORA-2019-99ff6aa32c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/ | FEDORA:FEDORA-2019-ae6a703b8f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/ | FEDORA:FEDORA-2019-fb23eccc03 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/ | MISC:https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2 | URL:https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2 | MISC:https://github.com/FasterXML/jackson-databind/issues/2387 | URL:https://github.com/FasterXML/jackson-databind/issues/2387 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | URL:https://www.oracle.com/security-alerts/cpuapr2020.html | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | URL:https://www.oracle.com/security-alerts/cpujan2020.html | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html | MISC:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | URL:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | MLIST:[ambari-commits] 20190813 [ambari] branch branch-2.7 updated: AMBARI-25352 : Upgrade fasterxml jackson dependency due to CVE-2019-14379 (#3066) | URL:https://lists.apache.org/thread.html/e25e734c315f70d8876a846926cfe3bfa1a4888044f146e844caf72f@%3Ccommits.ambari.apache.org%3E | MLIST:[ambari-commits] 20190813 [ambari] branch trunk updated: AMBARI-25352 : Upgrade fasterxml jackson dependency due to CVE-2019-14379(trunk) (#3067) | URL:https://lists.apache.org/thread.html/f17f63b0f8a57e4a5759e01d25cffc0548f0b61ff5c6bfd704ad2f2a@%3Ccommits.ambari.apache.org%3E | MLIST:[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image | URL:https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E | MLIST:[debian-lts-announce] 20190812 [SECURITY] [DLA 1879-1] jackson-databind security update | URL:https://lists.debian.org/debian-lts-announce/2019/08/msg00011.html | MLIST:[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities | URL:https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E | MLIST:[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities | URL:https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E | MLIST:[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities | URL:https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E | MLIST:[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12 | URL:https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E | MLIST:[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] mccheah commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379 | URL:https://lists.apache.org/thread.html/75f482fdc84abe6d0c8f438a76437c335a7bbeb5cddd4d70b4bc0cbf@%3Cissues.iceberg.apache.org%3E | MLIST:[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] mccheah opened a new pull request #535: Update Jackson to 2.9.10 for CVE-2019-14379 | URL:https://lists.apache.org/thread.html/689c6bcc6c7612eee71e453a115a4c8581e7b718537025d4b265783d@%3Cissues.iceberg.apache.org%3E | MLIST:[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue closed pull request #533: Update Jackson to 2.9.10 for CVE-2019-14379 | URL:https://lists.apache.org/thread.html/99944f86abefde389da9b4040ea2327c6aa0b53a2ff9352bd4cfec17@%3Cissues.iceberg.apache.org%3E | MLIST:[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue commented on issue #533: Update Jackson to 2.9.10 for CVE-2019-14379 | URL:https://lists.apache.org/thread.html/d161ff3d59c5a8213400dd6afb1cce1fac4f687c32d1e0c0bfbfaa2d@%3Cissues.iceberg.apache.org%3E | MLIST:[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379 | URL:https://lists.apache.org/thread.html/2766188be238a446a250ef76801037d452979152d85bce5e46805815@%3Cissues.iceberg.apache.org%3E | MLIST:[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue merged pull request #535: Update Jackson to 2.9.10 for CVE-2019-14379 | URL:https://lists.apache.org/thread.html/8723b52c2544e6cb804bc8a36622c584acd1bd6c53f2b6034c9fea54@%3Cissues.iceberg.apache.org%3E | MLIST:[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue opened a new pull request #533: Update Jackson to 2.9.10 for CVE-2019-14379 | URL:https://lists.apache.org/thread.html/859815b2e9f1575acbb2b260b73861c16ca49bca627fa0c46419051f@%3Cissues.iceberg.apache.org%3E | MLIST:[iceberg-issues] 20191027 [GitHub] [incubator-iceberg] rdsr commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379 | URL:https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6@%3Cissues.iceberg.apache.org%3E | MLIST:[pulsar-commits] 20190822 [GitHub] [pulsar] massakam opened a new pull request #5011: [security] Upgrade jackson-databind | URL:https://lists.apache.org/thread.html/525bcf949a4b0da87a375cbad2680b8beccde749522f24c49befe7fb@%3Ccommits.pulsar.apache.org%3E | MLIST:[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204 | URL:https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E | MLIST:[tinkerpop-commits] 20190924 [GitHub] [tinkerpop] justinchuch opened a new pull request #1200: Upgrade jackson due to CVE issues | URL:https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69@%3Ccommits.tinkerpop.apache.org%3E | MLIST:[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439 | URL:https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9@%3Cdev.tomee.apache.org%3E | MLIST:[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439 | URL:https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9@%3Cdev.tomee.apache.org%3E | MLIST:[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439 | URL:https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be@%3Cdev.tomee.apache.org%3E | MLIST:[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439 | URL:https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4@%3Cdev.tomee.apache.org%3E | MLIST:[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439 | URL:https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3Cdev.tomee.apache.org%3E | MLIST:[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439 | URL:https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319@%3Cdev.tomee.apache.org%3E | MLIST:[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439 | URL:https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b@%3Cdev.tomee.apache.org%3E | MLIST:[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439 | URL:https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1@%3Cdev.tomee.apache.org%3E | REDHAT:RHBA-2019:2824 | URL:https://access.redhat.com/errata/RHBA-2019:2824 | REDHAT:RHSA-2019:2743 | URL:https://access.redhat.com/errata/RHSA-2019:2743 | REDHAT:RHSA-2019:2858 | URL:https://access.redhat.com/errata/RHSA-2019:2858 | REDHAT:RHSA-2019:2935 | URL:https://access.redhat.com/errata/RHSA-2019:2935 | REDHAT:RHSA-2019:2936 | URL:https://access.redhat.com/errata/RHSA-2019:2936 | REDHAT:RHSA-2019:2937 | URL:https://access.redhat.com/errata/RHSA-2019:2937 | REDHAT:RHSA-2019:2938 | URL:https://access.redhat.com/errata/RHSA-2019:2938 | REDHAT:RHSA-2019:2998 | URL:https://access.redhat.com/errata/RHSA-2019:2998 | REDHAT:RHSA-2019:3044 | URL:https://access.redhat.com/errata/RHSA-2019:3044 | REDHAT:RHSA-2019:3045 | URL:https://access.redhat.com/errata/RHSA-2019:3045 | REDHAT:RHSA-2019:3046 | URL:https://access.redhat.com/errata/RHSA-2019:3046 | REDHAT:RHSA-2019:3050 | URL:https://access.redhat.com/errata/RHSA-2019:3050 | REDHAT:RHSA-2019:3149 | URL:https://access.redhat.com/errata/RHSA-2019:3149 | REDHAT:RHSA-2019:3200 | URL:https://access.redhat.com/errata/RHSA-2019:3200 | REDHAT:RHSA-2019:3292 | URL:https://access.redhat.com/errata/RHSA-2019:3292 | REDHAT:RHSA-2019:3297 | URL:https://access.redhat.com/errata/RHSA-2019:3297 | REDHAT:RHSA-2019:3901 | URL:https://access.redhat.com/errata/RHSA-2019:3901 | REDHAT:RHSA-2020:0727 | URL:https://access.redhat.com/errata/RHSA-2020:0727",Assigned (20190729),"None (candidate not yet proposed)","" CVE-2019-14439,Candidate,"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath.","BUGTRAQ:20191007 [SECURITY] [DSA 4542-1] jackson-databind security update | URL:https://seclists.org/bugtraq/2019/Oct/6 | CONFIRM:https://security.netapp.com/advisory/ntap-20190814-0001/ | URL:https://security.netapp.com/advisory/ntap-20190814-0001/ | DEBIAN:DSA-4542 | URL:https://www.debian.org/security/2019/dsa-4542 | FEDORA:FEDORA-2019-ae6a703b8f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/ | FEDORA:FEDORA-2019-fb23eccc03 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/ | MISC:https://github.com/FasterXML/jackson-databind/commit/ad418eeb974e357f2797aef64aa0e3ffaaa6125b | URL:https://github.com/FasterXML/jackson-databind/commit/ad418eeb974e357f2797aef64aa0e3ffaaa6125b | MISC:https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2 | URL:https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2 | MISC:https://github.com/FasterXML/jackson-databind/issues/2389 | URL:https://github.com/FasterXML/jackson-databind/issues/2389 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | URL:https://www.oracle.com/security-alerts/cpuapr2020.html | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | URL:https://www.oracle.com/security-alerts/cpujan2020.html | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | MISC:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | URL:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | MLIST:[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to >= 2.9.9.3 to address security vulnerabilities | URL:https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E | MLIST:[debian-lts-announce] 20190812 [SECURITY] [DLA 1879-1] jackson-databind security update | URL:https://lists.debian.org/debian-lts-announce/2019/08/msg00011.html | MLIST:[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities | URL:https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E | MLIST:[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities | URL:https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E | MLIST:[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities | URL:https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E | MLIST:[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E | MLIST:[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E | MLIST:[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204 | URL:https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E | MLIST:[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439 | URL:https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9@%3Cdev.tomee.apache.org%3E | MLIST:[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439 | URL:https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9@%3Cdev.tomee.apache.org%3E | MLIST:[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439 | URL:https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be@%3Cdev.tomee.apache.org%3E | MLIST:[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439 | URL:https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4@%3Cdev.tomee.apache.org%3E | MLIST:[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439 | URL:https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3Cdev.tomee.apache.org%3E | MLIST:[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439 | URL:https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319@%3Cdev.tomee.apache.org%3E | MLIST:[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439 | URL:https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b@%3Cdev.tomee.apache.org%3E | MLIST:[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439 | URL:https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1@%3Cdev.tomee.apache.org%3E | REDHAT:RHSA-2019:3200 | URL:https://access.redhat.com/errata/RHSA-2019:3200",Assigned (20190730),"None (candidate not yet proposed)","" CVE-2019-14811,Candidate,"A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.","BUGTRAQ:20190910 [SECURITY] [DSA 4518-1] ghostscript security update | URL:https://seclists.org/bugtraq/2019/Sep/15 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14811 | DEBIAN:DSA-4518 | URL:https://www.debian.org/security/2019/dsa-4518 | FEDORA:FEDORA-2019-0a9d525d71 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LBUC4DBBJTRFNCR3IODBV4IXB2C2HI3V/ | FEDORA:FEDORA-2019-953fc0f16d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A/ | FEDORA:FEDORA-2019-ebd6c4f15a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3/ | GENTOO:GLSA-202004-03 | URL:https://security.gentoo.org/glsa/202004-03 | MLIST:[debian-lts-announce] 20190909 [SECURITY] [DLA 1915-1] ghostscript security update | URL:https://lists.debian.org/debian-lts-announce/2019/09/msg00007.html | REDHAT:RHBA-2019:2824 | URL:https://access.redhat.com/errata/RHBA-2019:2824 | REDHAT:RHSA-2019:2594 | URL:https://access.redhat.com/errata/RHSA-2019:2594 | SUSE:openSUSE-SU-2019:2222 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html | SUSE:openSUSE-SU-2019:2223 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html",Assigned (20190810),"None (candidate not yet proposed)","" CVE-2019-14813,Candidate,"A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.","BUGTRAQ:20190910 [SECURITY] [DSA 4518-1] ghostscript security update | URL:https://seclists.org/bugtraq/2019/Sep/15 | CONFIRM:http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=885444fcbe10dc42787ecb76686c8ee4dd33bf33 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14813 | DEBIAN:DSA-4518 | URL:https://www.debian.org/security/2019/dsa-4518 | FEDORA:FEDORA-2019-0a9d525d71 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LBUC4DBBJTRFNCR3IODBV4IXB2C2HI3V/ | FEDORA:FEDORA-2019-953fc0f16d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A/ | FEDORA:FEDORA-2019-ebd6c4f15a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3/ | GENTOO:GLSA-202004-03 | URL:https://security.gentoo.org/glsa/202004-03 | MLIST:[debian-lts-announce] 20190909 [SECURITY] [DLA 1915-1] ghostscript security update | URL:https://lists.debian.org/debian-lts-announce/2019/09/msg00007.html | REDHAT:RHBA-2019:2824 | URL:https://access.redhat.com/errata/RHBA-2019:2824 | REDHAT:RHSA-2019:2594 | URL:https://access.redhat.com/errata/RHSA-2019:2594 | SUSE:openSUSE-SU-2019:2222 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html | SUSE:openSUSE-SU-2019:2223 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html",Assigned (20190810),"None (candidate not yet proposed)","" CVE-2019-14814,Candidate,"There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.","BUGTRAQ:20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01) | URL:https://seclists.org/bugtraq/2019/Nov/11 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14814 | CONFIRM:https://security.netapp.com/advisory/ntap-20191031-0005/ | FEDORA:FEDORA-2019-4c91a2f76e | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4JZ6AEUKFWBHQAROGMQARJ274PQP2QP/ | FEDORA:FEDORA-2019-97380355ae | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O3RUDQJXRJQVGHCGR4YZWTQ3ECBI7TXH/ | MISC:http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html | MISC:http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html | MISC:https://access.redhat.com/security/cve/cve-2019-14814 | MISC:https://github.com/torvalds/linux/commit/7caac62ed598a196d6ddf8d9c121e12e082cac3a | MISC:https://www.openwall.com/lists/oss-security/2019/08/28/1 | MLIST:[debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update | URL:https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html | MLIST:[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update | URL:https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html | MLIST:[oss-security] 20190828 Linux kernel: three heap overflow in the marvell wifi driver | URL:http://www.openwall.com/lists/oss-security/2019/08/28/1 | REDHAT:RHSA-2020:0174 | URL:https://access.redhat.com/errata/RHSA-2020:0174 | REDHAT:RHSA-2020:0328 | URL:https://access.redhat.com/errata/RHSA-2020:0328 | REDHAT:RHSA-2020:0339 | URL:https://access.redhat.com/errata/RHSA-2020:0339 | SUSE:openSUSE-SU-2019:2173 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html | SUSE:openSUSE-SU-2019:2181 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html | UBUNTU:USN-4157-1 | URL:https://usn.ubuntu.com/4157-1/ | UBUNTU:USN-4157-2 | URL:https://usn.ubuntu.com/4157-2/ | UBUNTU:USN-4162-1 | URL:https://usn.ubuntu.com/4162-1/ | UBUNTU:USN-4162-2 | URL:https://usn.ubuntu.com/4162-2/ | UBUNTU:USN-4163-1 | URL:https://usn.ubuntu.com/4163-1/ | UBUNTU:USN-4163-2 | URL:https://usn.ubuntu.com/4163-2/",Assigned (20190810),"None (candidate not yet proposed)","" CVE-2019-14816,Candidate,"There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.","BUGTRAQ:20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01) | URL:https://seclists.org/bugtraq/2019/Nov/11 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14816 | CONFIRM:https://security.netapp.com/advisory/ntap-20191031-0005/ | FEDORA:FEDORA-2019-4c91a2f76e | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4JZ6AEUKFWBHQAROGMQARJ274PQP2QP/ | FEDORA:FEDORA-2019-97380355ae | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O3RUDQJXRJQVGHCGR4YZWTQ3ECBI7TXH/ | MISC:http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html | MISC:http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html | MISC:https://access.redhat.com/security/cve/cve-2019-14816 | MISC:https://github.com/torvalds/linux/commit/7caac62ed598a196d6ddf8d9c121e12e082cac3 | MISC:https://www.openwall.com/lists/oss-security/2019/08/28/1 | MLIST:[debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update | URL:https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html | MLIST:[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update | URL:https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html | MLIST:[oss-security] 20190828 Linux kernel: three heap overflow in the marvell wifi driver | URL:http://www.openwall.com/lists/oss-security/2019/08/28/1 | REDHAT:RHSA-2020:0174 | URL:https://access.redhat.com/errata/RHSA-2020:0174 | REDHAT:RHSA-2020:0204 | URL:https://access.redhat.com/errata/RHSA-2020:0204 | REDHAT:RHSA-2020:0328 | URL:https://access.redhat.com/errata/RHSA-2020:0328 | REDHAT:RHSA-2020:0339 | URL:https://access.redhat.com/errata/RHSA-2020:0339 | REDHAT:RHSA-2020:0374 | URL:https://access.redhat.com/errata/RHSA-2020:0374 | REDHAT:RHSA-2020:0375 | URL:https://access.redhat.com/errata/RHSA-2020:0375 | REDHAT:RHSA-2020:0653 | URL:https://access.redhat.com/errata/RHSA-2020:0653 | REDHAT:RHSA-2020:0661 | URL:https://access.redhat.com/errata/RHSA-2020:0661 | REDHAT:RHSA-2020:0664 | URL:https://access.redhat.com/errata/RHSA-2020:0664 | SUSE:openSUSE-SU-2019:2173 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html | SUSE:openSUSE-SU-2019:2181 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html | UBUNTU:USN-4157-1 | URL:https://usn.ubuntu.com/4157-1/ | UBUNTU:USN-4157-2 | URL:https://usn.ubuntu.com/4157-2/ | UBUNTU:USN-4162-1 | URL:https://usn.ubuntu.com/4162-1/ | UBUNTU:USN-4162-2 | URL:https://usn.ubuntu.com/4162-2/ | UBUNTU:USN-4163-1 | URL:https://usn.ubuntu.com/4163-1/ | UBUNTU:USN-4163-2 | URL:https://usn.ubuntu.com/4163-2/",Assigned (20190810),"None (candidate not yet proposed)","" CVE-2019-14817,Candidate,"A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.","BUGTRAQ:20190910 [SECURITY] [DSA 4518-1] ghostscript security update | URL:https://seclists.org/bugtraq/2019/Sep/15 | CONFIRM:http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=cd1b1cacadac2479e291efe611979bdc1b3bdb19 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14817 | DEBIAN:DSA-4518 | URL:https://www.debian.org/security/2019/dsa-4518 | FEDORA:FEDORA-2019-0a9d525d71 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LBUC4DBBJTRFNCR3IODBV4IXB2C2HI3V/ | FEDORA:FEDORA-2019-953fc0f16d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A/ | FEDORA:FEDORA-2019-ebd6c4f15a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3/ | GENTOO:GLSA-202004-03 | URL:https://security.gentoo.org/glsa/202004-03 | MLIST:[debian-lts-announce] 20190909 [SECURITY] [DLA 1915-1] ghostscript security update | URL:https://lists.debian.org/debian-lts-announce/2019/09/msg00007.html | REDHAT:RHBA-2019:2824 | URL:https://access.redhat.com/errata/RHBA-2019:2824 | REDHAT:RHSA-2019:2594 | URL:https://access.redhat.com/errata/RHSA-2019:2594 | SUSE:openSUSE-SU-2019:2222 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html | SUSE:openSUSE-SU-2019:2223 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html",Assigned (20190810),"None (candidate not yet proposed)","" CVE-2019-14823,Candidate,"A flaw was found in the ""Leaf and Chain"" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attacks such as Man in the Middle.","CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14823 | FEDORA:FEDORA-2019-24a0a2f24e | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ENEN4DQBE6WOGEP5BQ5X62WZM7ZQEEBG/ | FEDORA:FEDORA-2019-4d33c62860 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZZWZLNALV6AOIBIHB3ZMNA5AGZMZAIY/ | FEDORA:FEDORA-2019-68c2fbcf82 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O53NXVKMF7PJCPMCJQHLMSYCUGDHGBVE/ | REDHAT:RHSA-2019:3067 | URL:https://access.redhat.com/errata/RHSA-2019:3067 | REDHAT:RHSA-2019:3225 | URL:https://access.redhat.com/errata/RHSA-2019:3225",Assigned (20190810),"None (candidate not yet proposed)","" CVE-2019-15166,Candidate,"lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.","BUGTRAQ:20191021 [SECURITY] [DSA 4547-1] tcpdump security update | URL:https://seclists.org/bugtraq/2019/Oct/28 | BUGTRAQ:20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra | URL:https://seclists.org/bugtraq/2019/Dec/23 | CONFIRM:https://github.com/the-tcpdump-group/tcpdump/commit/0b661e0aa61850234b64394585cf577aac570bf4 | CONFIRM:https://security.netapp.com/advisory/ntap-20200120-0001/ | CONFIRM:https://support.apple.com/kb/HT210788 | DEBIAN:DSA-4547 | URL:https://www.debian.org/security/2019/dsa-4547 | FEDORA:FEDORA-2019-6db0d5b9d9 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/ | FEDORA:FEDORA-2019-85d92df70f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/ | FEDORA:FEDORA-2019-d06bc63433 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/ | FULLDISC:20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra | URL:http://seclists.org/fulldisclosure/2019/Dec/26 | MISC:https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES | MLIST:[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update | URL:https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html | SUSE:openSUSE-SU-2019:2344 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html | SUSE:openSUSE-SU-2019:2348 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html | UBUNTU:USN-4252-1 | URL:https://usn.ubuntu.com/4252-1/ | UBUNTU:USN-4252-2 | URL:https://usn.ubuntu.com/4252-2/",Assigned (20190819),"None (candidate not yet proposed)","" CVE-2019-15437,Candidate,"The Samsung XCover4 Android device with a build fingerprint of samsung/xcover4ltexx/xcover4lte:8.1.0/M1AJQ/G390FXXU3BSA2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.","MISC:https://www.kryptowire.com/android-firmware-2019/",Assigned (20190822),"None (candidate not yet proposed)","" CVE-2019-15438,Candidate,"The Samsung XCover4 Android device with a build fingerprint of samsung/xcover4ltedo/xcover4lte:8.1.0/M1AJQ/G390YDXU2BSA1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.","MISC:https://www.kryptowire.com/android-firmware-2019/",Assigned (20190822),"None (candidate not yet proposed)","" CVE-2019-15439,Candidate,"The Samsung XCover4 Android device with a build fingerprint of samsung/xcover4ltedo/xcover4lte:8.1.0/M1AJQ/G390YDXU2BSA1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.","MISC:https://www.kryptowire.com/android-firmware-2019/",Assigned (20190822),"None (candidate not yet proposed)","" CVE-2019-15441,Candidate,"The Samsung on7xeltelgt Android device with a build fingerprint of samsung/on7xeltelgt/on7xeltelgt:8.1.0/M1AJQ/G610LKLU2CSB1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.","MISC:https://www.kryptowire.com/android-firmware-2019/",Assigned (20190822),"None (candidate not yet proposed)","" CVE-2019-15442,Candidate,"The Samsung on7xelteskt Android device with a build fingerprint of samsung/on7xelteskt/on7xelteskt:8.1.0/M1AJQ/G610SKSU2CSB1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.","MISC:https://www.kryptowire.com/android-firmware-2019/",Assigned (20190822),"None (candidate not yet proposed)","" CVE-2019-15443,Candidate,"The Samsung J7 Max Android device with a build fingerprint of samsung/j7maxlteins/j7maxlte:8.1.0/M1AJQ/G615FXXU2BSB1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.","MISC:https://www.kryptowire.com/android-firmware-2019/",Assigned (20190822),"None (candidate not yet proposed)","" CVE-2019-15450,Candidate,"The Samsung j3popeltecan Android device with a build fingerprint of samsung/j3popeltevl/j3popeltecan:8.1.0/M1AJQ/J327WVLS3BSA2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.","MISC:https://www.kryptowire.com/android-firmware-2019/",Assigned (20190822),"None (candidate not yet proposed)","" CVE-2019-15455,Candidate,"The Samsung J5 Android device with a build fingerprint of samsung/j5y17ltexx/j5y17lte:8.1.0/M1AJQ/J530FXXU3BRL1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.","MISC:https://www.kryptowire.com/android-firmware-2019/",Assigned (20190822),"None (candidate not yet proposed)","" CVE-2019-15458,Candidate,"The Samsung J7 Neo Android device with a build fingerprint of samsung/j7veltedx/j7velte:8.1.0/M1AJQ/J701FXXS6BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.","MISC:https://www.kryptowire.com/android-firmware-2019/",Assigned (20190822),"None (candidate not yet proposed)","" CVE-2019-15459,Candidate,"The Samsung J7 Neo Android device with a build fingerprint of samsung/j7velteub/j7velte:8.1.0/M1AJQ/J701MUBS6BSB3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.","MISC:https://www.kryptowire.com/android-firmware-2019/",Assigned (20190822),"None (candidate not yet proposed)","" CVE-2019-15460,Candidate,"The Samsung J7 Neo Android device with a build fingerprint of samsung/j7veltedx/j7velte:8.1.0/M1AJQ/J701FXVS6BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.","MISC:https://www.kryptowire.com/android-firmware-2019/",Assigned (20190822),"None (candidate not yet proposed)","" CVE-2019-15461,Candidate,"The Samsung J7 Neo Android device with a build fingerprint of samsung/j7velteub/j7velte:8.1.0/M1AJQ/J701MUBS6BSB4:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.","MISC:https://www.kryptowire.com/android-firmware-2019/",Assigned (20190822),"None (candidate not yet proposed)","" CVE-2019-15463,Candidate,"The Samsung j7popeltemtr Android device with a build fingerprint of samsung/j7popeltemtr/j7popeltemtr:8.1.0/M1AJQ/J727T1UVS5BSC2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.","MISC:https://www.kryptowire.com/android-firmware-2019/",Assigned (20190822),"None (candidate not yet proposed)","" CVE-2019-15464,Candidate,"The Samsung J7 Pro Android device with a build fingerprint of samsung/j7y17lteub/j7y17lte:8.1.0/M1AJQ/J730GUBS6BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.","MISC:https://www.kryptowire.com/android-firmware-2019/",Assigned (20190822),"None (candidate not yet proposed)","" CVE-2019-15465,Candidate,"The Samsung J7 Pro Android device with a build fingerprint of samsung/j7y17lteubm/j7y17lte:8.1.0/M1AJQ/J730GMUBS6BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.","MISC:https://www.kryptowire.com/android-firmware-2019/",Assigned (20190822),"None (candidate not yet proposed)","" CVE-2019-15504,Candidate,"drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2.9 has a Double Free via crafted USB device traffic (which may be remote via usbip or usbredir).","CONFIRM:https://security.netapp.com/advisory/ntap-20190905-0002/ | CONFIRM:https://support.f5.com/csp/article/K33554143 | CONFIRM:https://support.f5.com/csp/article/K33554143?utm_source=f5support&utm_medium=RSS | FEDORA:FEDORA-2019-4c91a2f76e | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4JZ6AEUKFWBHQAROGMQARJ274PQP2QP/ | FEDORA:FEDORA-2019-97380355ae | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O3RUDQJXRJQVGHCGR4YZWTQ3ECBI7TXH/ | MISC:https://lore.kernel.org/lkml/20190819220230.10597-1-benquike@gmail.com/ | UBUNTU:USN-4157-1 | URL:https://usn.ubuntu.com/4157-1/ | UBUNTU:USN-4157-2 | URL:https://usn.ubuntu.com/4157-2/",Assigned (20190823),"None (candidate not yet proposed)","" CVE-2019-15505,Candidate,"drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir).","BUGTRAQ:20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01) | URL:https://seclists.org/bugtraq/2019/Nov/11 | CONFIRM:https://security.netapp.com/advisory/ntap-20190905-0002/ | CONFIRM:https://support.f5.com/csp/article/K28222050 | CONFIRM:https://support.f5.com/csp/article/K28222050?utm_source=f5support&utm_medium=RSS | FEDORA:FEDORA-2019-4c91a2f76e | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4JZ6AEUKFWBHQAROGMQARJ274PQP2QP/ | FEDORA:FEDORA-2019-97380355ae | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O3RUDQJXRJQVGHCGR4YZWTQ3ECBI7TXH/ | MISC:http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html | MISC:https://git.linuxtv.org/media_tree.git/commit/?id=0c4df39e504bf925ab666132ac3c98d6cbbe380b | MISC:https://lore.kernel.org/linux-media/20190821104408.w7krumcglxo6fz5q@gofer.mess.org/ | MISC:https://lore.kernel.org/lkml/b9b256cb-95f2-5fa1-9956-5a602a017c11@gmail.com/ | MLIST:[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update | URL:https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html | MLIST:[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update | URL:https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html | UBUNTU:USN-4157-1 | URL:https://usn.ubuntu.com/4157-1/ | UBUNTU:USN-4157-2 | URL:https://usn.ubuntu.com/4157-2/ | UBUNTU:USN-4162-1 | URL:https://usn.ubuntu.com/4162-1/ | UBUNTU:USN-4162-2 | URL:https://usn.ubuntu.com/4162-2/ | UBUNTU:USN-4163-1 | URL:https://usn.ubuntu.com/4163-1/ | UBUNTU:USN-4163-2 | URL:https://usn.ubuntu.com/4163-2/",Assigned (20190823),"None (candidate not yet proposed)","" CVE-2019-15538,Candidate,"An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS.","CONFIRM:https://security.netapp.com/advisory/ntap-20191004-0001/ | CONFIRM:https://support.f5.com/csp/article/K32592426?utm_source=f5support&utm_medium=RSS | FEDORA:FEDORA-2019-4c91a2f76e | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4JZ6AEUKFWBHQAROGMQARJ274PQP2QP/ | FEDORA:FEDORA-2019-97380355ae | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O3RUDQJXRJQVGHCGR4YZWTQ3ECBI7TXH/ | MISC:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1fb254aa983bf190cfd685d40c64a480a9bafaee | MISC:https://github.com/torvalds/linux/commit/1fb254aa983bf190cfd685d40c64a480a9bafaee | MISC:https://lore.kernel.org/linux-xfs/20190823035528.GH1037422@magnolia/ | MISC:https://lore.kernel.org/linux-xfs/20190823192433.GA8736@eldamar.local | MLIST:[debian-lts-announce] 20190914 [SECURITY] [DLA 1919-1] linux-4.9 security update | URL:https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html | MLIST:[debian-lts-announce] 20190915 [SECURITY] [DLA 1919-2] linux-4.9 security update | URL:https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html | SUSE:openSUSE-SU-2019:2173 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html | SUSE:openSUSE-SU-2019:2181 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html | UBUNTU:USN-4144-1 | URL:https://usn.ubuntu.com/4144-1/ | UBUNTU:USN-4147-1 | URL:https://usn.ubuntu.com/4147-1/",Assigned (20190825),"None (candidate not yet proposed)","" CVE-2019-15605,Candidate,"HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed","CONFIRM:https://nodejs.org/en/blog/release/v10.19.0/ | CONFIRM:https://nodejs.org/en/blog/release/v12.15.0/ | CONFIRM:https://nodejs.org/en/blog/release/v13.8.0/ | CONFIRM:https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/ | CONFIRM:https://security.netapp.com/advisory/ntap-20200221-0004/ | DEBIAN:DSA-4669 | URL:https://www.debian.org/security/2020/dsa-4669 | FEDORA:FEDORA-2020-3838c8ea98 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLB676PDU4RJQLWQUA277YNGYYNEYGWO/ | FEDORA:FEDORA-2020-47efc31973 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CT3WTR4P5VAJ3GJGKPYEDUPTNZ3IEDUR/ | GENTOO:GLSA-202003-48 | URL:https://security.gentoo.org/glsa/202003-48 | MISC:https://hackerone.com/reports/735748 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | REDHAT:RHSA-2020:0573 | URL:https://access.redhat.com/errata/RHSA-2020:0573 | REDHAT:RHSA-2020:0579 | URL:https://access.redhat.com/errata/RHSA-2020:0579 | REDHAT:RHSA-2020:0597 | URL:https://access.redhat.com/errata/RHSA-2020:0597 | REDHAT:RHSA-2020:0598 | URL:https://access.redhat.com/errata/RHSA-2020:0598 | REDHAT:RHSA-2020:0602 | URL:https://access.redhat.com/errata/RHSA-2020:0602 | REDHAT:RHSA-2020:0703 | URL:https://access.redhat.com/errata/RHSA-2020:0703 | REDHAT:RHSA-2020:0707 | URL:https://access.redhat.com/errata/RHSA-2020:0707 | REDHAT:RHSA-2020:0708 | URL:https://access.redhat.com/errata/RHSA-2020:0708 | SUSE:openSUSE-SU-2020:0293 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00008.html",Assigned (20190826),"None (candidate not yet proposed)","" CVE-2019-15767,Candidate,"In GNU Chess 6.2.5, there is a stack-based buffer overflow in the cmd_load function in frontend/cmd.cc via a crafted chess position in an EPD file.","FEDORA:FEDORA-2020-3eaf264c4b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZA4UCVURQXNLUNFAMRLZBAFRHSEVC6Q/ | FEDORA:FEDORA-2020-8083181df6 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TB4FURVE4C35UDXGAAHJL5NIHJQ3WDZT/ | FEDORA:FEDORA-2020-dbccd7e9be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TGIICRUZRFAK5M7SNHZKR7SKE77SFKWE/ | MISC:https://lists.gnu.org/archive/html/bug-gnu-chess/2019-08/msg00004.html | MISC:https://lists.gnu.org/archive/html/bug-gnu-chess/2019-08/msg00005.html",Assigned (20190828),"None (candidate not yet proposed)","" CVE-2019-16159,Candidate,"BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through 2.0.5 has a stack-based buffer overflow. The BGP daemon's support for RFC 8203 administrative shutdown communication messages included an incorrect logical expression when checking the validity of an input message. Sending a shutdown communication with a sufficient message length causes a four-byte overflow to occur while processing the message, where two of the overflow bytes are attacker-controlled and two are fixed.","BUGTRAQ:20190920 [SECURITY] [DSA 4528-1] bird security update | URL:https://seclists.org/bugtraq/2019/Sep/34 | DEBIAN:DSA-4528 | URL:https://www.debian.org/security/2019/dsa-4528 | FEDORA:FEDORA-2019-ace80f492e | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4F23NNAPXX65MGJQBPPTVGRV3T4XCKBV/ | FEDORA:FEDORA-2019-b629e3b97f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MCVNQJBZYGGNAJNGOFEBE3IAJME2QIZB/ | MISC:http://bird.network.cz | MISC:http://trubka.network.cz/pipermail/bird-users/2019-September/013718.html | MISC:http://trubka.network.cz/pipermail/bird-users/2019-September/013720.html | MISC:http://trubka.network.cz/pipermail/bird-users/2019-September/013722.html | MISC:https://gitlab.labs.nic.cz/labs/bird/commit/1657c41c96b3c07d9265b07dd4912033ead4124b | MISC:https://gitlab.labs.nic.cz/labs/bird/commit/8388f5a7e14108a1458fea35bfbb5a453e2c563c | SUSE:openSUSE-SU-2019:2178 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00063.html | SUSE:openSUSE-SU-2019:2180 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00065.html",Assigned (20190909),"None (candidate not yet proposed)","" CVE-2019-16232,Candidate,"drivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.","CONFIRM:https://security.netapp.com/advisory/ntap-20191004-0001/ | FEDORA:FEDORA-2019-124a241044 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YWWOOJKZ4NQYN4RMFIVJ3ZIXKJJI3MKP/ | FEDORA:FEDORA-2019-b86a7bdba0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYIFGYEDQXP5DVJQQUARQRK2PXKBKQGY/ | MISC:https://lkml.org/lkml/2019/9/9/487 | SUSE:openSUSE-SU-2019:2392 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00064.html | SUSE:openSUSE-SU-2019:2444 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00010.html | UBUNTU:USN-4284-1 | URL:https://usn.ubuntu.com/4284-1/ | UBUNTU:USN-4285-1 | URL:https://usn.ubuntu.com/4285-1/ | UBUNTU:USN-4287-1 | URL:https://usn.ubuntu.com/4287-1/ | UBUNTU:USN-4287-2 | URL:https://usn.ubuntu.com/4287-2/",Assigned (20190911),"None (candidate not yet proposed)","" CVE-2019-16772,Candidate,"The serialize-to-js NPM package before version 3.0.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.toString() backslash-escapes all forward slashes in regular expressions. If serialized data of regular expression objects are used in an environment other than Node.js, it is affected by this vulnerability.","CONFIRM:https://github.com/commenthol/serialize-to-js/security/advisories/GHSA-3fjq-93xj-3f3f | MISC:https://github.com/commenthol/serialize-to-js/commit/181d7d583ae5293cd47cc99b14ad13352875f3e3",Assigned (20190924),"None (candidate not yet proposed)","" CVE-2019-18660,Candidate,"The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c.","BUGTRAQ:20200109 [slackware-security] Slackware 14.2 kernel (SSA:2020-008-01) | URL:https://seclists.org/bugtraq/2020/Jan/10 | CONFIRM:https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.1 | CONFIRM:https://security.netapp.com/advisory/ntap-20200103-0001/ | FEDORA:FEDORA-2019-124a241044 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YWWOOJKZ4NQYN4RMFIVJ3ZIXKJJI3MKP/ | FEDORA:FEDORA-2019-b86a7bdba0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYIFGYEDQXP5DVJQQUARQRK2PXKBKQGY/ | MISC:http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html | MISC:https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=39e72bf96f5847ba87cc5bd7a3ce0fed813dc9ad | MISC:https://www.openwall.com/lists/oss-security/2019/11/27/1 | MLIST:[oss-security] 20191128 CVE-2019-18660: Linux kernel: powerpc: missing Spectre-RSB mitigation | URL:http://www.openwall.com/lists/oss-security/2019/11/27/1 | REDHAT:RHSA-2020:0174 | URL:https://access.redhat.com/errata/RHSA-2020:0174 | SUSE:openSUSE-SU-2019:2675 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html | UBUNTU:USN-4225-1 | URL:https://usn.ubuntu.com/4225-1/ | UBUNTU:USN-4225-2 | URL:https://usn.ubuntu.com/4225-2/ | UBUNTU:USN-4226-1 | URL:https://usn.ubuntu.com/4226-1/ | UBUNTU:USN-4227-1 | URL:https://usn.ubuntu.com/4227-1/ | UBUNTU:USN-4227-2 | URL:https://usn.ubuntu.com/4227-2/ | UBUNTU:USN-4228-1 | URL:https://usn.ubuntu.com/4228-1/ | UBUNTU:USN-4228-2 | URL:https://usn.ubuntu.com/4228-2/",Assigned (20191102),"None (candidate not yet proposed)","" CVE-2019-18808,Candidate,"A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247.","CONFIRM:https://security.netapp.com/advisory/ntap-20191205-0001/ | FEDORA:FEDORA-2019-124a241044 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YWWOOJKZ4NQYN4RMFIVJ3ZIXKJJI3MKP/ | FEDORA:FEDORA-2019-b86a7bdba0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYIFGYEDQXP5DVJQQUARQRK2PXKBKQGY/ | MISC:https://github.com/torvalds/linux/commit/128c66429247add5128c03dc1e144ca56f05a4e2 | SUSE:openSUSE-SU-2020:0336 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html | UBUNTU:USN-4525-1 | URL:https://usn.ubuntu.com/4525-1/ | UBUNTU:USN-4526-1 | URL:https://usn.ubuntu.com/4526-1/",Assigned (20191107),"None (candidate not yet proposed)","" CVE-2019-18809,Candidate,"A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-2289adbfa559.","CONFIRM:https://security.netapp.com/advisory/ntap-20191205-0001/ | FEDORA:FEDORA-2019-124a241044 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YWWOOJKZ4NQYN4RMFIVJ3ZIXKJJI3MKP/ | FEDORA:FEDORA-2019-b86a7bdba0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYIFGYEDQXP5DVJQQUARQRK2PXKBKQGY/ | MISC:https://github.com/torvalds/linux/commit/2289adbfa559050d2a38bcd9caac1c18b800e928 | MLIST:[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update | URL:https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html | SUSE:openSUSE-SU-2019:2675 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html | UBUNTU:USN-4285-1 | URL:https://usn.ubuntu.com/4285-1/ | UBUNTU:USN-4287-1 | URL:https://usn.ubuntu.com/4287-1/ | UBUNTU:USN-4287-2 | URL:https://usn.ubuntu.com/4287-2/ | UBUNTU:USN-4300-1 | URL:https://usn.ubuntu.com/4300-1/",Assigned (20191107),"None (candidate not yet proposed)","" CVE-2019-18811,Candidate,"A memory leak in the sof_set_get_large_ctrl_data() function in sound/soc/sof/ipc.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering sof_get_ctrl_copy_params() failures, aka CID-45c1380358b1.","CONFIRM:https://security.netapp.com/advisory/ntap-20191205-0001/ | FEDORA:FEDORA-2019-124a241044 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YWWOOJKZ4NQYN4RMFIVJ3ZIXKJJI3MKP/ | FEDORA:FEDORA-2019-b86a7bdba0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYIFGYEDQXP5DVJQQUARQRK2PXKBKQGY/ | MISC:https://github.com/torvalds/linux/commit/45c1380358b12bf2d1db20a5874e9544f56b34ab | UBUNTU:USN-4284-1 | URL:https://usn.ubuntu.com/4284-1/",Assigned (20191107),"None (candidate not yet proposed)","" CVE-2019-18812,Candidate,"A memory leak in the sof_dfsentry_write() function in sound/soc/sof/debug.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-c0a333d842ef.","CONFIRM:https://security.netapp.com/advisory/ntap-20191205-0001/ | FEDORA:FEDORA-2019-124a241044 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YWWOOJKZ4NQYN4RMFIVJ3ZIXKJJI3MKP/ | FEDORA:FEDORA-2019-b86a7bdba0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYIFGYEDQXP5DVJQQUARQRK2PXKBKQGY/ | MISC:https://github.com/torvalds/linux/commit/c0a333d842ef67ac04adc72ff79dc1ccc3dca4ed",Assigned (20191107),"None (candidate not yet proposed)","" CVE-2019-20446,Candidate,"In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially.","FEDORA:FEDORA-2020-39e0b8bd14 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/ | FEDORA:FEDORA-2020-f6271d7afa | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/ | MISC:https://gitlab.gnome.org/GNOME/librsvg/issues/515 | MLIST:[debian-lts-announce] 20200722 [SECURITY] [DLA 2285-1] librsvg security update | URL:https://lists.debian.org/debian-lts-announce/2020/07/msg00016.html | SUSE:openSUSE-SU-2020:0343 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00024.html | UBUNTU:USN-4436-1 | URL:https://usn.ubuntu.com/4436-1/",Assigned (20200202),"None (candidate not yet proposed)","" CVE-2019-20503,Candidate,"usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init.","CONFIRM:https://support.apple.com/kb/HT211168 | CONFIRM:https://support.apple.com/kb/HT211171 | CONFIRM:https://support.apple.com/kb/HT211175 | CONFIRM:https://support.apple.com/kb/HT211177 | DEBIAN:DSA-4639 | URL:https://www.debian.org/security/2020/dsa-4639 | DEBIAN:DSA-4642 | URL:https://www.debian.org/security/2020/dsa-4642 | DEBIAN:DSA-4645 | URL:https://www.debian.org/security/2020/dsa-4645 | FEDORA:FEDORA-2020-17149a4f3d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/ | FEDORA:FEDORA-2020-39e0b8bd14 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/ | FEDORA:FEDORA-2020-7fd051b378 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/ | FULLDISC:20200529 APPLE-SA-2020-05-26-1 iOS 13.5 and iPadOS 13.5 | URL:http://seclists.org/fulldisclosure/2020/May/49 | FULLDISC:20200529 APPLE-SA-2020-05-26-4 tvOS 13.4.5 | URL:http://seclists.org/fulldisclosure/2020/May/59 | FULLDISC:20200529 APPLE-SA-2020-05-26-5 watchOS 6.2.5 | URL:http://seclists.org/fulldisclosure/2020/May/55 | FULLDISC:20200529 APPLE-SA-2020-05-26-7 Safari 13.1.1 | URL:http://seclists.org/fulldisclosure/2020/May/52 | GENTOO:GLSA-202003-02 | URL:https://security.gentoo.org/glsa/202003-02 | GENTOO:GLSA-202003-10 | URL:https://security.gentoo.org/glsa/202003-10 | MISC:https://bugs.chromium.org/p/project-zero/issues/detail?id=1992 | MISC:https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html | MISC:https://crbug.com/1059349 | MISC:https://github.com/sctplab/usrsctp/commit/790a7a2555aefb392a5a69923f1e9d17b4968467 | MISC:https://support.apple.com/HT211168 | MISC:https://support.apple.com/HT211171 | MISC:https://support.apple.com/HT211175 | MISC:https://support.apple.com/HT211177 | MLIST:[debian-lts-announce] 20200311 [SECURITY] [DLA 2140-1] firefox-esr security update | URL:https://lists.debian.org/debian-lts-announce/2020/03/msg00013.html | MLIST:[debian-lts-announce] 20200320 [SECURITY] [DLA 2150-1] thunderbird security update | URL:https://lists.debian.org/debian-lts-announce/2020/03/msg00023.html | REDHAT:RHSA-2020:0815 | URL:https://access.redhat.com/errata/RHSA-2020:0815 | REDHAT:RHSA-2020:0816 | URL:https://access.redhat.com/errata/RHSA-2020:0816 | REDHAT:RHSA-2020:0819 | URL:https://access.redhat.com/errata/RHSA-2020:0819 | REDHAT:RHSA-2020:0820 | URL:https://access.redhat.com/errata/RHSA-2020:0820 | SUSE:openSUSE-SU-2020:0340 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00022.html | SUSE:openSUSE-SU-2020:0365 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html | SUSE:openSUSE-SU-2020:0366 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00030.html | SUSE:openSUSE-SU-2020:0389 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html | UBUNTU:USN-4299-1 | URL:https://usn.ubuntu.com/4299-1/ | UBUNTU:USN-4328-1 | URL:https://usn.ubuntu.com/4328-1/ | UBUNTU:USN-4335-1 | URL:https://usn.ubuntu.com/4335-1/",Assigned (20200306),"None (candidate not yet proposed)","" CVE-2019-20907,Candidate,"In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.","CONFIRM:https://bugs.python.org/issue39017 | URL:https://bugs.python.org/issue39017 | CONFIRM:https://github.com/python/cpython/pull/21454 | URL:https://github.com/python/cpython/pull/21454 | CONFIRM:https://security.netapp.com/advisory/ntap-20200731-0002/ | URL:https://security.netapp.com/advisory/ntap-20200731-0002/ | FEDORA:FEDORA-2020-1ddd5273d6 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YILCHHTNLH4GG4GSQBX2MZRKZBXOLCKE/ | FEDORA:FEDORA-2020-826b24c329 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PDKKRXLNVXRF6VGERZSR3OMQR5D5QI6I/ | FEDORA:FEDORA-2020-87c0a0a52d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NTBKKOLFFNHG6CM4ACDX4APHSD5ZX5N4/ | FEDORA:FEDORA-2020-97d775e649 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TOGKLGTXZLHQQFBVCAPSUDA6DOOJFNRY/ | FEDORA:FEDORA-2020-982b2950db | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CTUNTBJ3POHONQOTLEZC46POCIYYTAKZ/ | FEDORA:FEDORA-2020-aab24d3714 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YSL3XWVDMSMKO23HR74AJQ6VEM3C2NTS/ | FEDORA:FEDORA-2020-bb919e575e | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LE4O3PNDNNOMSKHNUKZKD3NGHIFUFDPX/ | FEDORA:FEDORA-2020-c3b07cc5c9 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V3TALOUBYU2MQD4BPLRTDQUMBKGCAXUA/ | FEDORA:FEDORA-2020-c539babb0a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36XI3EEQNMHGOZEI63Y7UV6XZRELYEAU/ | FEDORA:FEDORA-2020-d30881c970 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXI72HIHMXCQFWTULUXDG7VDA2BCYL4Y/ | FEDORA:FEDORA-2020-d808fdd597 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V53P2YOLEQH4J7S5QHXMKMZYFTVVMTMO/ | FEDORA:FEDORA-2020-dfb11916cc | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VT4AF72TJ2XNIKCR4WEBR7URBJJ4YZRD/ | FEDORA:FEDORA-2020-e9251de272 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAXHCY4V3LPAAJOBCJ26ISZ4NUXQXTUZ/ | FEDORA:FEDORA-2020-efb908b6a8 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CNHPQGSP2YM3JAUD2VAMPXTIUQTZ2M2U/ | GENTOO:GLSA-202008-01 | URL:https://security.gentoo.org/glsa/202008-01 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html | MLIST:[debian-lts-announce] 20200822 [SECURITY] [DLA 2337-1] python2.7 security update | URL:https://lists.debian.org/debian-lts-announce/2020/08/msg00034.html | MLIST:[debian-lts-announce] 20201119 [SECURITY] [DLA 2456-1] python3.5 security update | URL:https://lists.debian.org/debian-lts-announce/2020/11/msg00032.html | SUSE:openSUSE-SU-2020:1254 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00051.html | SUSE:openSUSE-SU-2020:1257 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00052.html | SUSE:openSUSE-SU-2020:1258 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00053.html | SUSE:openSUSE-SU-2020:1265 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00056.html | UBUNTU:USN-4428-1 | URL:https://usn.ubuntu.com/4428-1/",Assigned (20200713),"None (candidate not yet proposed)","" CVE-2019-3400,Candidate,"The labels gadget in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the jql parameter.","BID:108168 | URL:http://www.securityfocus.com/bid/108168 | MISC:https://jira.atlassian.com/browse/JRASERVER-69245",Assigned (20181219),"None (candidate not yet proposed)","" CVE-2019-3463,Candidate,"Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.","BID:106839 | URL:http://www.securityfocus.com/bid/106839 | DEBIAN:DSA-4382 | URL:https://www.debian.org/security/2019/dsa-4382 | FEDORA:FEDORA-2019-bfb407659e | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/ | FEDORA:FEDORA-2019-d1487c13ac | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T42YYNWJZG422GATWAHAEK4A24OKY557/ | FEDORA:FEDORA-2019-e47add6b2b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/ | GENTOO:GLSA-202007-29 | URL:https://security.gentoo.org/glsa/202007-29 | MISC:https://tracker.debian.org/news/1026713/accepted-rssh-234-5deb9u2-source-amd64-into-stable-embargoed-stable/ | MLIST:[debian-lts-announce] 20190206 [SECURITY] [DLA 1660-1] rssh security update | URL:https://lists.debian.org/debian-lts-announce/2019/02/msg00007.html | UBUNTU:USN-3946-1 | URL:https://usn.ubuntu.com/3946-1/",Assigned (20181231),"None (candidate not yet proposed)","" CVE-2019-3464,Candidate,"Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.","BID:106839 | URL:http://www.securityfocus.com/bid/106839 | DEBIAN:DSA-4382 | URL:https://www.debian.org/security/2019/dsa-4382 | FEDORA:FEDORA-2019-bfb407659e | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/ | FEDORA:FEDORA-2019-d1487c13ac | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T42YYNWJZG422GATWAHAEK4A24OKY557/ | FEDORA:FEDORA-2019-e47add6b2b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/ | GENTOO:GLSA-202007-29 | URL:https://security.gentoo.org/glsa/202007-29 | MISC:https://tracker.debian.org/news/1026713/accepted-rssh-234-5deb9u2-source-amd64-into-stable-embargoed-stable/ | MLIST:[debian-lts-announce] 20190206 [SECURITY] [DLA 1660-1] rssh security update | URL:https://lists.debian.org/debian-lts-announce/2019/02/msg00007.html | UBUNTU:USN-3946-1 | URL:https://usn.ubuntu.com/3946-1/",Assigned (20181231),"None (candidate not yet proposed)","" CVE-2019-3839,Candidate,"It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscript versions before 9.27 are vulnerable.","BUGTRAQ:20190512 [SECURITY] [DSA 4442-1] ghostscript security update | URL:https://seclists.org/bugtraq/2019/May/23 | CONFIRM:http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4ec9ca74bed49f2a82acb4bf430eae0d8b3b75c9 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3839 | DEBIAN:DSA-4442 | URL:https://www.debian.org/security/2019/dsa-4442 | FEDORA:FEDORA-2019-953fc0f16d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A/ | FEDORA:FEDORA-2019-ebd6c4f15a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3/ | MLIST:[debian-lts-announce] 20190519 [SECURITY] [DLA 1792-1] ghostscript security update | URL:https://lists.debian.org/debian-lts-announce/2019/05/msg00023.html | REDHAT:RHSA-2019:0971 | URL:https://access.redhat.com/errata/RHSA-2019:0971 | REDHAT:RHSA-2019:1017 | URL:https://access.redhat.com/errata/RHSA-2019:1017 | SUSE:openSUSE-SU-2019:2222 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html | SUSE:openSUSE-SU-2019:2223 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html | UBUNTU:USN-3970-1 | URL:https://usn.ubuntu.com/3970-1/",Assigned (20190103),"None (candidate not yet proposed)","" CVE-2019-3855,Candidate,"An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.","BID:107485 | URL:http://www.securityfocus.com/bid/107485 | BUGTRAQ:20190319 [slackware-security] libssh2 (SSA:2019-077-01) | URL:https://seclists.org/bugtraq/2019/Mar/25 | BUGTRAQ:20190415 [SECURITY] [DSA 4431-1] libssh2 security update | URL:https://seclists.org/bugtraq/2019/Apr/25 | BUGTRAQ:20190927 APPLE-SA-2019-9-26-7 Xcode 11.0 | URL:https://seclists.org/bugtraq/2019/Sep/49 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3855 | CONFIRM:https://security.netapp.com/advisory/ntap-20190327-0005/ | CONFIRM:https://support.apple.com/kb/HT210609 | CONFIRM:https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767 | DEBIAN:DSA-4431 | URL:https://www.debian.org/security/2019/dsa-4431 | FEDORA:FEDORA-2019-3348cb4934 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/ | FEDORA:FEDORA-2019-5885663621 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M7IF3LNHOA75O4WZWIHJLIRMA5LJUED3/ | FEDORA:FEDORA-2019-9d85600fc7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6LUNHPW64IGCASZ4JQ2J5KDXNZN53DWW/ | FEDORA:FEDORA-2019-f31c14682f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/ | FULLDISC:20190927 APPLE-SA-2019-9-26-7 Xcode 11.0 | URL:http://seclists.org/fulldisclosure/2019/Sep/42 | MISC:http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html | MISC:https://www.libssh2.org/CVE-2019-3855.html | MISC:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | MLIST:[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update | URL:https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html | MLIST:[oss-security] 20190318 [SECURITY ADVISORIES] libssh2 | URL:http://www.openwall.com/lists/oss-security/2019/03/18/3 | REDHAT:RHSA-2019:0679 | URL:https://access.redhat.com/errata/RHSA-2019:0679 | REDHAT:RHSA-2019:1175 | URL:https://access.redhat.com/errata/RHSA-2019:1175 | REDHAT:RHSA-2019:1652 | URL:https://access.redhat.com/errata/RHSA-2019:1652 | REDHAT:RHSA-2019:1791 | URL:https://access.redhat.com/errata/RHSA-2019:1791 | REDHAT:RHSA-2019:1943 | URL:https://access.redhat.com/errata/RHSA-2019:1943 | REDHAT:RHSA-2019:2399 | URL:https://access.redhat.com/errata/RHSA-2019:2399 | SUSE:openSUSE-SU-2019:1075 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html | SUSE:openSUSE-SU-2019:1109 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html",Assigned (20190103),"None (candidate not yet proposed)","" CVE-2019-6116,Candidate,"In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.","BID:106700 | URL:http://www.securityfocus.com/bid/106700 | BUGTRAQ:20190402 [slackware-security] ghostscript (SSA:2019-092-01) | URL:https://seclists.org/bugtraq/2019/Apr/4 | CONFIRM:http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00047.html | CONFIRM:http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00048.html | CONFIRM:https://bugs.ghostscript.com/show_bug.cgi?id=700317 | DEBIAN:DSA-4372 | URL:https://www.debian.org/security/2019/dsa-4372 | EXPLOIT-DB:46242 | URL:https://www.exploit-db.com/exploits/46242/ | FEDORA:FEDORA-2019-15d57af79a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7N6T5L3SSJX2AVUPHP7GCPATFWUPKZT2/ | FEDORA:FEDORA-2019-7b9bb0e426 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWVAVCDXBLPLJMVGNSKGGDTBEOHCJBKK/ | FEDORA:FEDORA-2019-953fc0f16d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A/ | FEDORA:FEDORA-2019-9f06aa44f6 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XVWXVKG72IGEJYHLWE6H3CGALHGFSGGY/ | FEDORA:FEDORA-2019-ebd6c4f15a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3/ | GENTOO:GLSA-202004-03 | URL:https://security.gentoo.org/glsa/202004-03 | MISC:http://packetstormsecurity.com/files/151307/Ghostscript-Pseudo-Operator-Remote-Code-Execution.html | MISC:http://packetstormsecurity.com/files/152367/Slackware-Security-Advisory-ghostscript-Updates.html | MISC:https://bugs.chromium.org/p/project-zero/issues/detail?id=1729 | MLIST:[debian-lts-announce] 20190211 [SECURITY] [DLA 1670-1] ghostscript security update | URL:https://lists.debian.org/debian-lts-announce/2019/02/msg00016.html | MLIST:[oss-security] 20190321 ghostscript: 2 -dSAFER bypass: CVE-2019-3835 & CVE-2019-3838 | URL:http://www.openwall.com/lists/oss-security/2019/03/21/1 | MLIST:[oss-security] 29190123 ghostscript: subroutines within pseudo-operators must themselves be pseudo-operators | URL:http://www.openwall.com/lists/oss-security/2019/01/23/5 | REDHAT:RHBA-2019:0327 | URL:https://access.redhat.com/errata/RHBA-2019:0327 | REDHAT:RHSA-2019:0229 | URL:https://access.redhat.com/errata/RHSA-2019:0229 | UBUNTU:USN-3866-1 | URL:https://usn.ubuntu.com/3866-1/",Assigned (20190110),"None (candidate not yet proposed)","" CVE-2019-7443,Candidate,"KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. In other words, KAuth unintentionally causes this plugin code to run as root, which increases the severity of any possible exploitation of a plugin vulnerability.","CONFIRM:https://bugzilla.suse.com/show_bug.cgi?id=1124863 | MISC:http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00060.html | MISC:http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00065.html | MISC:https://cgit.kde.org/kauth.git/commit/?id=fc70fb0161c1b9144d26389434d34dd135cd3f4a | MISC:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAWLQKTUQJOAPXOFWJQAQCA4LVM2P45F/ | MISC:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXVUJNXB6QKGPT6YJPJSG3U2BIR5XK5Y/",Assigned (20190205),"None (candidate not yet proposed)","" CVE-2019-8121,Candidate,"An insecure component vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. Magento 2 codebase leveraged outdated versions of JS libraries (Bootstrap, jquery, Knockout) with known security vulnerabilities.","MISC:https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update",Assigned (20190212),"None (candidate not yet proposed)","" CVE-2019-9200,Candidate,"A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.","BID:107172 | URL:http://www.securityfocus.com/bid/107172 | FEDORA:FEDORA-2019-13ba3be562 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZWP5XSUG6GNRI75NYKF53KIB2CZY6QQ6/ | FEDORA:FEDORA-2019-14040bfa27 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JQ6RABASMSIMMWMDZTP6ZWUWZPTBSVB5/ | FEDORA:FEDORA-2019-d04944813d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OSCOYM3AMFFBJWSBWY6VJVLNE5JD7YS/ | MISC:https://gitlab.freedesktop.org/poppler/poppler/issues/728 | MISC:https://research.loginsoft.com/bugs/heap-based-buffer-underwrite-in-imagestreamgetline-poppler-0-74-0/ | MLIST:[debian-lts-announce] 20190308 [SECURITY] [DLA 1706-1] poppler security update | URL:https://lists.debian.org/debian-lts-announce/2019/03/msg00008.html | MLIST:[debian-lts-announce] 20200723 [SECURITY] [DLA 2287-1] poppler security update | URL:https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html | REDHAT:RHSA-2019:2022 | URL:https://access.redhat.com/errata/RHSA-2019:2022 | REDHAT:RHSA-2019:2713 | URL:https://access.redhat.com/errata/RHSA-2019:2713 | UBUNTU:USN-3905-1 | URL:https://usn.ubuntu.com/3905-1/ | UBUNTU:USN-4042-1 | URL:https://usn.ubuntu.com/4042-1/",Assigned (20190226),"None (candidate not yet proposed)","" CVE-2019-9631,Candidate,"Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.","FEDORA:FEDORA-2019-13ba3be562 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZWP5XSUG6GNRI75NYKF53KIB2CZY6QQ6/ | FEDORA:FEDORA-2019-14040bfa27 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JQ6RABASMSIMMWMDZTP6ZWUWZPTBSVB5/ | FEDORA:FEDORA-2019-d04944813d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OSCOYM3AMFFBJWSBWY6VJVLNE5JD7YS/ | MISC:https://gitlab.freedesktop.org/poppler/poppler/issues/736 | MLIST:[debian-lts-announce] 20190408 [SECURITY] [DLA 1752-1] poppler security update | URL:https://lists.debian.org/debian-lts-announce/2019/04/msg00011.html | MLIST:[debian-lts-announce] 20200723 [SECURITY] [DLA 2287-1] poppler security update | URL:https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html | REDHAT:RHSA-2019:2022 | URL:https://access.redhat.com/errata/RHSA-2019:2022 | REDHAT:RHSA-2019:2713 | URL:https://access.redhat.com/errata/RHSA-2019:2713 | UBUNTU:USN-4042-1 | URL:https://usn.ubuntu.com/4042-1/",Assigned (20190307),"None (candidate not yet proposed)","" CVE-2019-9903,Candidate,"PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary.","BID:107560 | URL:http://www.securityfocus.com/bid/107560 | FEDORA:FEDORA-2019-14040bfa27 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JQ6RABASMSIMMWMDZTP6ZWUWZPTBSVB5/ | FEDORA:FEDORA-2019-3193a75b06 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XGYLZZ4DZUDBQEGCNDWSZPSFNNZJF4S6/ | FEDORA:FEDORA-2019-95eb49ef49 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWWVIYFXM74KJFIDHP4W67HR4FRF2LDE/ | MISC:https://gitlab.freedesktop.org/poppler/poppler/issues/741 | MISC:https://research.loginsoft.com/bugs/stack-based-buffer-overflows-in-dictfind-poppler-0-74-0/ | REDHAT:RHSA-2019:2713 | URL:https://access.redhat.com/errata/RHSA-2019:2713 | UBUNTU:USN-4042-1 | URL:https://usn.ubuntu.com/4042-1/",Assigned (20190321),"None (candidate not yet proposed)","" CVE-2019-9951,Candidate,"Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174 is affected by an unauthenticated file upload vulnerability. The page web/jquery/uploader/uploadify.php can be accessed without any credentials, and allows uploading arbitrary files to any location on the attached storage.","CONFIRM:https://community.wd.com/t/new-release-my-cloud-firmware-versions-2-31-174-3-26-19/235932 | CONFIRM:https://support.wdc.com/downloads.aspx?g=2702&lang=en | MISC:https://bnbdr.github.io/posts/wd/ | MISC:https://github.com/bnbdr/wd-rce/",Assigned (20190323),"None (candidate not yet proposed)","" CVE-2020-10531,Candidate,"An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.","DEBIAN:DSA-4646 | URL:https://www.debian.org/security/2020/dsa-4646 | FEDORA:FEDORA-2020-39e0b8bd14 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/ | FEDORA:FEDORA-2020-43d5a372fc | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/ | FEDORA:FEDORA-2020-f6271d7afa | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/ | GENTOO:GLSA-202003-15 | URL:https://security.gentoo.org/glsa/202003-15 | MISC:https://bugs.chromium.org/p/chromium/issues/detail?id=1044570 | URL:https://bugs.chromium.org/p/chromium/issues/detail?id=1044570 | MISC:https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html | URL:https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html | MISC:https://chromium.googlesource.com/chromium/deps/icu/+/9f4020916eb1f28f3666f018fdcbe6c9a37f0e08 | URL:https://chromium.googlesource.com/chromium/deps/icu/+/9f4020916eb1f28f3666f018fdcbe6c9a37f0e08 | MISC:https://github.com/unicode-org/icu/commit/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca | URL:https://github.com/unicode-org/icu/commit/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca | MISC:https://github.com/unicode-org/icu/pull/971 | URL:https://github.com/unicode-org/icu/pull/971 | MISC:https://unicode-org.atlassian.net/browse/ICU-20958 | URL:https://unicode-org.atlassian.net/browse/ICU-20958 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html | MLIST:[debian-lts-announce] 20200320 [SECURITY] [DLA 2151-1] icu security update | URL:https://lists.debian.org/debian-lts-announce/2020/03/msg00024.html | REDHAT:RHSA-2020:0738 | URL:https://access.redhat.com/errata/RHSA-2020:0738 | SUSE:openSUSE-SU-2020:0459 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00004.html | UBUNTU:USN-4305-1 | URL:https://usn.ubuntu.com/4305-1/",Assigned (20200312),"None (candidate not yet proposed)","" CVE-2020-10960,Candidate,"In MediaWiki before 1.34.1, users can add various Cascading Style Sheets (CSS) classes (which can affect what content is shown or hidden in the user interface) to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because jquery.makeCollapsible allows applying an event handler to any Cascading Style Sheets (CSS) selector. There is no known way to exploit this for cross-site scripting (XSS).","CONFIRM:https://lists.wikimedia.org/pipermail/wikitech-l/2020-March/093243.html | CONFIRM:https://phabricator.wikimedia.org/T246602",Assigned (20200325),"None (candidate not yet proposed)","" CVE-2020-11002,Candidate,"dropwizard-validation before versions 2.0.3 and 1.3.21 has a remote code execution vulnerability. A server-side template injection was identified in the self-validating feature enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you are using a self-validating bean an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 for CVE-2020-5245 unfortunately did not fix the underlying issue completely. The issue has been fixed in dropwizard-validation 1.3.21 and 2.0.3 or later. We strongly recommend upgrading to one of these versions.","CONFIRM:https://github.com/dropwizard/dropwizard/security/advisories/GHSA-8jpx-m2wh-2v34 | MISC:https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext | MISC:https://github.com/dropwizard/dropwizard/commit/d5a512f7abf965275f2a6b913ac4fe778e424242 | MISC:https://github.com/dropwizard/dropwizard/pull/3208 | MISC:https://github.com/dropwizard/dropwizard/pull/3209 | MISC:https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf | MISC:https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability",Assigned (20200330),"None (candidate not yet proposed)","" CVE-2020-11008,Candidate,"Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open for an exploit where _some_ credential is leaked (but the attacker cannot control which one). Git uses external ""credential helper"" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that are considered illegal as of the recently published Git versions can cause Git to send a ""blank"" pattern to helpers, missing hostname and protocol fields. Many helpers will interpret this as matching _any_ URL, and will return some unspecified stored password, leaking the password to an attacker's server. The vulnerability can be triggered by feeding a malicious URL to `git clone`. However, the affected URLs look rather suspicious; the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The root of the problem is in Git itself, which should not be feeding blank input to helpers. However, the ability to exploit the vulnerability in practice depends on which helpers are in use. Credential helpers which are known to trigger the vulnerability: - Git's ""store"" helper - Git's ""cache"" helper - the ""osxkeychain"" helper that ships in Git's ""contrib"" directory Credential helpers which are known to be safe even with vulnerable versions of Git: - Git Credential Manager for Windows Any helper not in this list should be assumed to trigger the vulnerability.","CONFIRM:https://github.com/git/git/security/advisories/GHSA-hjc9-x69f-jqj7 | CONFIRM:https://support.apple.com/kb/HT211183 | FEDORA:FEDORA-2020-4e093619bb | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/74Q7WVJ6FKLIN62VS2JD2XCNWK5TNKOW/ | FEDORA:FEDORA-2020-b2a2c830cf | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MOCTR2SEHCPSCOVUQJAGFPGKFMI2VE6V/ | FEDORA:FEDORA-2020-f6b3b6fb18 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PN3FUOXKX3AXTULYV53ACABER2W2FSOU/ | FULLDISC:20200522 APPLE-SA-2020-05-20-1 Xcode 11.5 | URL:http://seclists.org/fulldisclosure/2020/May/41 | GENTOO:GLSA-202004-13 | URL:https://security.gentoo.org/glsa/202004-13 | MISC:https://github.com/git/git/commit/c44088ecc4b0722636e0a305f9608d3047197282 | MISC:https://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q | MLIST:[debian-lts-announce] 20200424 [SECURITY] [DLA 2182-1] git security update | URL:https://lists.debian.org/debian-lts-announce/2020/04/msg00015.html | SUSE:openSUSE-SU-2020:0598 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html | UBUNTU:USN-4334-1 | URL:https://usn.ubuntu.com/4334-1/",Assigned (20200330),"None (candidate not yet proposed)","" CVE-2020-11010,Candidate,"In Tortoise ORM before versions 0.15.23 and 0.16.6, various forms of SQL injection have been found for MySQL and when filtering or doing mass-updates on char/text fields. SQLite & PostgreSQL are only affected when filtering with contains, starts_with, or ends_with filters (and their case-insensitive counterparts).","CONFIRM:https://github.com/tortoise/tortoise-orm/security/advisories/GHSA-9j2c-x8qm-qmjq | MISC:https://github.com/tortoise/tortoise-orm/commit/91c364053e0ddf77edc5442914c6f049512678b3",Assigned (20200330),"None (candidate not yet proposed)","" CVE-2020-11022,Candidate,"In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.","CONFIRM:https://www.tenable.com/security/tns-2021-02 | CONFIRM:https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2 | URL:https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2 | CONFIRM:https://security.netapp.com/advisory/ntap-20200511-0006/ | URL:https://security.netapp.com/advisory/ntap-20200511-0006/ | CONFIRM:https://www.drupal.org/sa-core-2020-002 | URL:https://www.drupal.org/sa-core-2020-002 | CONFIRM:https://www.tenable.com/security/tns-2020-10 | URL:https://www.tenable.com/security/tns-2020-10 | CONFIRM:https://www.tenable.com/security/tns-2020-11 | URL:https://www.tenable.com/security/tns-2020-11 | DEBIAN:DSA-4693 | URL:https://www.debian.org/security/2020/dsa-4693 | FEDORA:FEDORA-2020-0b32a59b54 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/ | FEDORA:FEDORA-2020-11be4b36d4 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/ | FEDORA:FEDORA-2020-36d2db5f51 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/ | FEDORA:FEDORA-2020-fbb94073a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/ | FEDORA:FEDORA-2020-fe94df8c34 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/ | GENTOO:GLSA-202007-03 | URL:https://security.gentoo.org/glsa/202007-03 | MISC:https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ | URL:https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ | MISC:https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77 | URL:https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77 | MISC:https://jquery.com/upgrade-guide/3.5/ | URL:https://jquery.com/upgrade-guide/3.5/ | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html | MLIST:[airflow-commits] 20200820 [GitHub] [airflow] breser opened a new issue #10429: jquery dependency needs to be updated to 3.5.0 or newer | URL:https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133@%3Ccommits.airflow.apache.org%3E | MLIST:[debian-lts-announce] 20210326 [SECURITY] [DLA 2608-1] jquery security update | URL:https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html | MLIST:[flink-dev] 20201105 [jira] [Created] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler | URL:https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67@%3Cdev.flink.apache.org%3E | MLIST:[flink-issues] 20201105 [jira] [Created] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler | URL:https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d@%3Cissues.flink.apache.org%3E | MLIST:[flink-issues] 20201129 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler | URL:https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48@%3Cissues.flink.apache.org%3E | MLIST:[flink-issues] 20210209 [jira] [Comment Edited] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler | URL:https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760@%3Cissues.flink.apache.org%3E | MLIST:[flink-issues] 20210209 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler | URL:https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c@%3Cissues.flink.apache.org%3E | SUSE:openSUSE-SU-2020:1060 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html | SUSE:openSUSE-SU-2020:1106 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html | SUSE:openSUSE-SU-2020:1888 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html",Assigned (20200330),"None (candidate not yet proposed)","" CVE-2020-11023,Candidate,"In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing