Fedoraproject

Fedora

5319 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2019-13286

Exploit
  • EPSS 0.32%
  • Published 04.07.2019 22:15:10
  • Last modified 21.11.2024 04:24:37

In Xpdf 4.01.01, there is a heap-based buffer over-read in the function JBIG2Stream::readTextRegionSeg() located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker t...

7.8

CVE-2019-13281

Exploit
  • EPSS 0.41%
  • Published 04.07.2019 20:15:10
  • Last modified 21.11.2024 04:24:37

In Xpdf 4.01.01, a heap-based buffer overflow could be triggered in DCTStream::decodeImage() in Stream.cc when writing to frameBuf memory. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacke...

7.8

CVE-2019-13282

Exploit
  • EPSS 0.3%
  • Published 04.07.2019 20:15:10
  • Last modified 21.11.2024 04:24:37

In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in SampledFunction::transform in Function.cc when using a large index for samples. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows ...

7.8

CVE-2019-13283

Exploit
  • EPSS 0.29%
  • Published 04.07.2019 20:15:10
  • Last modified 21.11.2024 04:24:37

In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in strncpy from FoFiType1::parse in fofi/FoFiType1.cc because it does not ensure the source string has a valid length before making a fixed-length copy. It can, for example, be trigger...

7

CVE-2019-13226

  • EPSS 0.05%
  • Published 04.07.2019 12:15:10
  • Last modified 21.11.2024 04:24:29

deepin-clone before 1.1.3 uses a predictable path /tmp/.deepin-clone/mount/<block-dev-basename> in the Helper::temporaryMountDevice() function to temporarily mount a file system as root. An unprivileged user can prepare a symlink at this location to ...

9.8

CVE-2019-7165

  • EPSS 3.98%
  • Published 03.07.2019 18:15:11
  • Last modified 21.11.2024 04:47:42

A buffer overflow in DOSBox 0.74-2 allows attackers to execute arbitrary code.

5.3

CVE-2019-13117

  • EPSS 5.13%
  • Published 01.07.2019 02:15:09
  • Last modified 21.11.2024 04:24:13

In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or ...

5.3

CVE-2019-13118

  • EPSS 1.21%
  • Published 01.07.2019 02:15:09
  • Last modified 21.11.2024 04:24:13

In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.

6.5

CVE-2019-13109

Exploit
  • EPSS 0.12%
  • Published 30.06.2019 23:15:10
  • Last modified 21.11.2024 04:24:12

An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file, because PngImage::readMetadata mishandles a chunkLength - iccOffset subtraction.

6.5

CVE-2019-13110

Exploit
  • EPSS 0.19%
  • Published 30.06.2019 23:15:10
  • Last modified 21.11.2024 04:24:12

A CiffDirectory::readDirectory integer overflow and out-of-bounds read in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted CRW image file.