Monthly Archive: December 2018

A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c. Date published : 2018-12-27...

There is an illegal WRITE memory access at caca/file.c (function caca_file_read) in libcaca 0.99.beta19. Date published : 2018-12-27 https://bugzilla.redhat.com/show_bug.cgi?id=1652628 https://lists.debian.org/debian-lts-announce/2019/01/msg00007.html

There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 1bpp data. Date published : 2018-12-27 https://bugzilla.redhat.com/show_bug.cgi?id=1652625 http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00033.html

There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for 24bpp data. Date published : 2018-12-27 https://bugzilla.redhat.com/show_bug.cgi?id=1652624 https://lists.debian.org/debian-lts-announce/2019/01/msg00007.html

There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for the default bpp case. Date published : 2018-12-27 https://bugzilla.redhat.com/show_bug.cgi?id=1652622 https://lists.debian.org/debian-lts-announce/2019/01/msg00007.html

There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 4bpp data. Date published : 2018-12-27 https://bugzilla.redhat.com/show_bug.cgi?id=1652621 http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00033.html

There is floating point exception at caca/dither.c (function caca_dither_bitmap) in libcaca 0.99.beta19. Date published : 2018-12-27 https://bugzilla.redhat.com/show_bug.cgi?id=1652627 https://lists.debian.org/debian-lts-announce/2019/01/msg00007.html

There is an attempted excessive memory allocation at libxsmm_sparse_csc_reader in generator_spgemm_csc_reader.c in LIBXSMM 1.10 that will cause a denial of service. Date published : 2018-12-27 https://bugzilla.redhat.com/show_bug.cgi?id=1652634

There is a heap-based buffer-overflow at generator_spgemm_csc_reader.c (function libxsmm_sparse_csc_reader) in LIBXSMM 1.10, a different vulnerability than CVE-2018-20541 (which is in a different part of the source code and is seen at a different address)....

There is a heap-based buffer overflow in libxsmm_sparse_csc_reader at generator_spgemm_csc_reader.c in LIBXSMM 1.10, a different vulnerability than CVE-2018-20542 (which is in a different part of the source code and is seen at different addresses)....

There is memory leak at liblas::Open (liblas/liblas.hpp) in libLAS 1.8.1. Date published : 2018-12-27 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3TPVZSUWM5TEAMCBL3Y7QLGQSLCCJFIT/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YFI3F3PRKPXOITWD47LF6ON4L5MJQQYM/

There is a Segmentation fault triggered by illegal address access at liblas::SpatialReference::GetGTIF() (spatialreference.cpp) in libLAS 1.8.1 that will cause a denial of service. Date published : 2018-12-27 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3TPVZSUWM5TEAMCBL3Y7QLGQSLCCJFIT/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YFI3F3PRKPXOITWD47LF6ON4L5MJQQYM/

There is a use-after-free at asm/preproc.c (function pp_getline) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service during certain finishes tests. Date published : 2018-12-27 https://bugzilla.nasm.us/show_bug.cgi?id=3392531

There is a NULL pointer dereference at liblas::SpatialReference::GetGTIF() (spatialreference.cpp) in libLAS 1.8.1 that will cause a denial of service. Date published : 2018-12-27 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3TPVZSUWM5TEAMCBL3Y7QLGQSLCCJFIT/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YFI3F3PRKPXOITWD47LF6ON4L5MJQQYM/