xqx12

58 exploits Active since Jul 2018
CVE-2018-20097 WRITEUP MEDIUM WRITEUP
Exiv2 0.27-RC3 - Denial of Service via Crafted TIFF Input
There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.
CVSS 6.5
CVE-2018-20098 WRITEUP MEDIUM WRITEUP
exiv2 0.27-RC3 - Heap-Based Buffer Over-Read in Jp2Image::encodeJp2Header
There is a heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.
CVSS 6.5
CVE-2018-20099 WRITEUP MEDIUM WRITEUP
Exiv2 0.27-RC3 - Denial of Service via Infinite Loop in Jp2Image Header Encoding
There is an infinite loop in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.
CVSS 6.5
CVE-2019-11638 WRITEUP MEDIUM WRITEUP
GNU recutils <1.8 - Memory Corruption
An issue was discovered in GNU recutils 1.8. There is a NULL pointer dereference in the function rec_field_name_equal_p at rec-field-name.c in librec.a, leading to a crash.
CVSS 6.5
CVE-2019-11639 WRITEUP HIGH WRITEUP
GNU recutils <1.8 - Buffer Overflow
An issue was discovered in GNU recutils 1.8. There is a stack-based buffer overflow in the function rec_type_check_enum at rec-types.c in librec.a.
CVSS 8.8
CVE-2019-14288 WRITEUP HIGH WRITEUP
Xpdf 4.01.01 - Memory Corruption
An issue was discovered in Xpdf 4.01.01. There is an Integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the "one byte per line" case.
CVSS 7.8
CVE-2019-14289 WRITEUP MEDIUM WRITEUP
Xpdf 4.01.01 - Buffer Overflow
An issue was discovered in Xpdf 4.01.01. There is an integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the "multiple bytes per line" case.
CVSS 5.5
CVE-2019-14290 WRITEUP MEDIUM WRITEUP
Xpdf <4.01.01 - Info Disclosure
An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 2.
CVSS 5.5
CVE-2019-14291 WRITEUP MEDIUM WRITEUP
Xpdf <4.01.01 - Info Disclosure
An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 3.
CVSS 5.5
CVE-2019-14293 WRITEUP MEDIUM WRITEUP
Xpdf <4.01.01 - Info Disclosure
An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 2.
CVSS 5.5
CVE-2019-14294 WRITEUP MEDIUM WRITEUP
Xpdf 4.01.01 - Use After Free
An issue was discovered in Xpdf 4.01.01. There is a use-after-free in the function JPXStream::fillReadBuf at JPXStream.cc, due to an out of bounds read.
CVSS 5.5
CVE-2019-16224 WRITEUP CRITICAL WRITEUP
py-lmdb < 0.97 - Out-of-bounds Write via mdb_node_add
An issue was discovered in py-lmdb 0.97. For certain values of md_flags, mdb_node_add does not properly set up a memcpy destination, leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.
CVSS 9.8
CVE-2019-16225 WRITEUP CRITICAL WRITEUP
py-lmdb < 0.97 - Out-of-bounds Write via Invalid mdb_page_touch Setup
An issue was discovered in py-lmdb 0.97. For certain values of mp_flags, mdb_page_touch does not properly set up mc->mc_pg[mc->top], leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.
CVSS 9.8
CVE-2019-16226 WRITEUP HIGH WRITEUP
py-lmdb < 0.97 - Out-of-bounds Write via Malicious data.mdb File
An issue was discovered in py-lmdb 0.97. mdb_node_del does not validate a memmove in the case of an unexpected node->mn_hi, leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.
CVSS 7.5
CVE-2019-16227 WRITEUP CRITICAL WRITEUP
py-lmdb < 0.97 - Out-of-bounds Write via mdb_cursor_set
An issue was discovered in py-lmdb 0.97. For certain values of mn_flags, mdb_cursor_set triggers a memcpy with an invalid write operation within mdb_xcursor_init1. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.
CVSS 9.8
CVE-2019-17530 WRITEUP HIGH WRITEUP
Bento4 1.5.1.0 - Heap-Based Buffer Over-Read in AP4_PrintInspector
An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in AP4_PrintInspector::AddField in Core/Ap4Atom.cpp when called from AP4_CencSampleEncryption::DoInspectFields in Core/Ap4CommonEncryption.cpp, when called from AP4_Atom::Inspect in Core/Ap4Atom.cpp.
CVSS 7.8
CVE-2019-3573 WRITEUP MEDIUM WRITEUP
libsixel v1.8.2 - Infinite Loop in sixel_decode_raw_impl
In libsixel v1.8.2, there is an infinite loop in the function sixel_decode_raw_impl() in the file fromsixel.c, as demonstrated by sixel2png.
CVSS 5.5
CVE-2019-3574 WRITEUP HIGH WRITEUP
libsixel v1.8.2 - Heap-Based Buffer Over-Read in load_jpeg()
In libsixel v1.8.2, there is a heap-based buffer over-read in the function load_jpeg() in the file loader.c, as demonstrated by img2sixel.
CVSS 7.8
CVE-2019-6455 WRITEUP MEDIUM WRITEUP
GNU Recutils 1.8 - Double Free in rec_mset_elem_destroy
An issue was discovered in GNU Recutils 1.8. There is a double-free problem in the function rec_mset_elem_destroy() in the file rec-mset.c.
CVSS 6.5
CVE-2019-6456 WRITEUP MEDIUM WRITEUP
GNU Recutils 1.8 - NULL Pointer Dereference in rec_fex_size()
An issue was discovered in GNU Recutils 1.8. There is a NULL pointer dereference in the function rec_fex_size() in the file rec-fex.c of librec.a.
CVSS 6.5
CVE-2019-6457 WRITEUP MEDIUM WRITEUP
GNU Recutils 1.8 - Memory Leak in rec_aggregate_reg_new
An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_aggregate_reg_new in rec-aggregate.c in librec.a.
CVSS 6.5
CVE-2019-6458 WRITEUP MEDIUM WRITEUP
GNU Recutils 1.8 - Memory Leak in rec_buf_new
An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_buf_new in rec-buf.c when called from rec_parse_rset in rec-parser.c in librec.a.
CVSS 6.5
CVE-2019-6460 WRITEUP MEDIUM WRITEUP
GNU Recutils 1.8 - NULL Pointer Dereference in rec_field_set_name()
An issue was discovered in GNU Recutils 1.8. There is a NULL pointer dereference in the function rec_field_set_name() in the file rec-field.c in librec.a.
CVSS 6.5
CVE-2019-6461 WRITEUP MEDIUM WRITEUP
cairo 1.16.0 - Reachable Assertion in _cairo_arc_in_direction
An issue was discovered in cairo 1.16.0. There is an assertion problem in the function _cairo_arc_in_direction in the file cairo-arc.c.
CVSS 6.5
CVE-2019-9027 WRITEUP HIGH WRITEUP
matio 1.5.13 - Heap-Based Buffer Overflow in ReadNextCell Function
An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a heap-based buffer overflow problem in the function ReadNextCell() in mat5.c.
CVSS 7.5