9.8

CVE-2019-10672

treeRead in hdf/btree.c in libmysofa before 0.7 does not properly validate multiplications and additions.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SymonicsLibmysofa Version < 0.7
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.37% 0.816
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://github.com/hoene/libmysofa/commit/d39a171e9c6a1c44dbdf43f9db6c3fbd887e38c1
Patch
Third Party Advisory
https://github.com/hoene/libmysofa/compare/49aa1c7...2ed84bb
Third Party Advisory
Release Notes
https://github.com/hoene/libmysofa/releases/tag/v0.7
Third Party Advisory
Release Notes
https://usn.ubuntu.com/4033-1/