cool-tomato - Security Researcher - Exploit Intelligence Platform

CVE-2018-20097 WRITEUP MEDIUM WRITEUP

Exiv2 0.27-RC3 - Denial of Service via Crafted TIFF Input

There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.

CVSS 6.5

View Code

CVE-2018-20098 WRITEUP MEDIUM WRITEUP

exiv2 0.27-RC3 - Heap-Based Buffer Over-Read in Jp2Image::encodeJp2Header

There is a heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.

CVSS 6.5

View Code

CVE-2018-20099 WRITEUP MEDIUM WRITEUP

Exiv2 0.27-RC3 - Denial of Service via Infinite Loop in Jp2Image Header Encoding

There is an infinite loop in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.

CVSS 6.5

View Code

CVE-2019-11638 WRITEUP MEDIUM WRITEUP

GNU recutils <1.8 - Memory Corruption

An issue was discovered in GNU recutils 1.8. There is a NULL pointer dereference in the function rec_field_name_equal_p at rec-field-name.c in librec.a, leading to a crash.

CVSS 6.5

View Code

CVE-2019-11639 WRITEUP HIGH WRITEUP

GNU recutils <1.8 - Buffer Overflow

An issue was discovered in GNU recutils 1.8. There is a stack-based buffer overflow in the function rec_type_check_enum at rec-types.c in librec.a.

CVSS 8.8

View Code

CVE-2019-14288 WRITEUP HIGH WRITEUP

Xpdf 4.01.01 - Memory Corruption

An issue was discovered in Xpdf 4.01.01. There is an Integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the "one byte per line" case.

CVSS 7.8

View Code

CVE-2019-14289 WRITEUP MEDIUM WRITEUP

Xpdf 4.01.01 - Buffer Overflow

An issue was discovered in Xpdf 4.01.01. There is an integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the "multiple bytes per line" case.

CVSS 5.5

View Code

CVE-2019-14290 WRITEUP MEDIUM WRITEUP

Xpdf <4.01.01 - Info Disclosure

An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 2.

CVSS 5.5

View Code

CVE-2019-14291 WRITEUP MEDIUM WRITEUP

Xpdf <4.01.01 - Info Disclosure

An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 3.

CVSS 5.5

View Code

CVE-2019-14293 WRITEUP MEDIUM WRITEUP

Xpdf <4.01.01 - Info Disclosure

An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 2.

CVSS 5.5

View Code

CVE-2019-14294 WRITEUP MEDIUM WRITEUP

Xpdf 4.01.01 - Use After Free

An issue was discovered in Xpdf 4.01.01. There is a use-after-free in the function JPXStream::fillReadBuf at JPXStream.cc, due to an out of bounds read.

CVSS 5.5

View Code

CVE-2019-16224 WRITEUP CRITICAL WRITEUP

py-lmdb < 0.97 - Out-of-bounds Write via mdb_node_add

An issue was discovered in py-lmdb 0.97. For certain values of md_flags, mdb_node_add does not properly set up a memcpy destination, leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.

CVSS 9.8

View Code

CVE-2019-16225 WRITEUP CRITICAL WRITEUP

py-lmdb < 0.97 - Out-of-bounds Write via Invalid mdb_page_touch Setup

An issue was discovered in py-lmdb 0.97. For certain values of mp_flags, mdb_page_touch does not properly set up mc->mc_pg[mc->top], leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.

CVSS 9.8

View Code

CVE-2019-16226 WRITEUP HIGH WRITEUP

py-lmdb < 0.97 - Out-of-bounds Write via Malicious data.mdb File

An issue was discovered in py-lmdb 0.97. mdb_node_del does not validate a memmove in the case of an unexpected node->mn_hi, leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.

CVSS 7.5

View Code

CVE-2019-16227 WRITEUP CRITICAL WRITEUP

py-lmdb < 0.97 - Out-of-bounds Write via mdb_cursor_set

An issue was discovered in py-lmdb 0.97. For certain values of mn_flags, mdb_cursor_set triggers a memcpy with an invalid write operation within mdb_xcursor_init1. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.

CVSS 9.8

View Code

CVE-2019-17530 WRITEUP HIGH WRITEUP

Bento4 1.5.1.0 - Heap-Based Buffer Over-Read in AP4_PrintInspector

An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in AP4_PrintInspector::AddField in Core/Ap4Atom.cpp when called from AP4_CencSampleEncryption::DoInspectFields in Core/Ap4CommonEncryption.cpp, when called from AP4_Atom::Inspect in Core/Ap4Atom.cpp.

CVSS 7.8

View Code

CVE-2019-3573 WRITEUP MEDIUM WRITEUP

libsixel v1.8.2 - Infinite Loop in sixel_decode_raw_impl

In libsixel v1.8.2, there is an infinite loop in the function sixel_decode_raw_impl() in the file fromsixel.c, as demonstrated by sixel2png.

CVSS 5.5

View Code

CVE-2019-3574 WRITEUP HIGH WRITEUP

libsixel v1.8.2 - Heap-Based Buffer Over-Read in load_jpeg()

In libsixel v1.8.2, there is a heap-based buffer over-read in the function load_jpeg() in the file loader.c, as demonstrated by img2sixel.

CVSS 7.8

View Code

CVE-2019-6455 WRITEUP MEDIUM WRITEUP

GNU Recutils 1.8 - Double Free in rec_mset_elem_destroy

An issue was discovered in GNU Recutils 1.8. There is a double-free problem in the function rec_mset_elem_destroy() in the file rec-mset.c.

CVSS 6.5

View Code

CVE-2019-6456 WRITEUP MEDIUM WRITEUP

GNU Recutils 1.8 - NULL Pointer Dereference in rec_fex_size()

An issue was discovered in GNU Recutils 1.8. There is a NULL pointer dereference in the function rec_fex_size() in the file rec-fex.c of librec.a.

CVSS 6.5

View Code

CVE-2019-6457 WRITEUP MEDIUM WRITEUP

GNU Recutils 1.8 - Memory Leak in rec_aggregate_reg_new

An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_aggregate_reg_new in rec-aggregate.c in librec.a.

CVSS 6.5

View Code

CVE-2019-6458 WRITEUP MEDIUM WRITEUP

GNU Recutils 1.8 - Memory Leak in rec_buf_new

An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_buf_new in rec-buf.c when called from rec_parse_rset in rec-parser.c in librec.a.

CVSS 6.5

View Code

CVE-2019-6460 WRITEUP MEDIUM WRITEUP

GNU Recutils 1.8 - NULL Pointer Dereference in rec_field_set_name()

An issue was discovered in GNU Recutils 1.8. There is a NULL pointer dereference in the function rec_field_set_name() in the file rec-field.c in librec.a.

CVSS 6.5

View Code

CVE-2019-6461 WRITEUP MEDIUM WRITEUP

cairo 1.16.0 - Reachable Assertion in _cairo_arc_in_direction

An issue was discovered in cairo 1.16.0. There is an assertion problem in the function _cairo_arc_in_direction in the file cairo-arc.c.

CVSS 6.5

View Code

CVE-2019-9027 WRITEUP HIGH WRITEUP

matio 1.5.13 - Heap-Based Buffer Overflow in ReadNextCell Function

An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a heap-based buffer overflow problem in the function ReadNextCell() in mat5.c.

CVSS 7.5

View Code