Monthly Archive: December 2019

An issue was discovered in libsixel 1.8.4. There is a heap-based buffer overflow in the function gif_init_frame at fromgif.c. Date published : 2019-12-29 https://github.com/saitoha/libsixel/issues/125

The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file, because of ImageExtractor.cpp. Date published : 2019-12-29 https://lists.fedoraproject.org/archives/list/[email protected]/message/XHFOCBZCF3GX7A6FWE3JM7P37TQWGINJ/ https://lists.fedoraproject.org/archives/list/[email protected]/message/CTB2J5XWOEGAJYR2N66GAECUIKDG6O2S/

An issue was discovered in Bento4 1.5.1.0. There is a NULL pointer dereference in AP4_Descriptor::GetTag in mp42ts when called from AP4_EsDescriptor::GetDecoderConfigDescriptor in Ap4EsDescriptor.cpp. Date published : 2019-12-29 https://github.com/axiomatic-systems/Bento4/issues/462

An issue was discovered in Bento4 1.5.1.0. There is a NULL pointer dereference in AP4_Descriptor::GetTag in mp42ts when called from AP4_DecoderConfigDescriptor::GetDecoderSpecificInfoDescriptor in Ap4DecoderConfigDescriptor.cpp. Date published : 2019-12-29 https://github.com/axiomatic-systems/Bento4/issues/462

An issue was discovered in Bento4 1.5.1.0. There is a use-after-free in AP4_Sample::GetOffset in Core/Ap4Sample.h when called from Ap4LinearReader.cpp. Date published : 2019-12-29 https://github.com/axiomatic-systems/Bento4/issues/461

GoPro GPMF-parser 1.2.3 has an heap-based buffer over-read in GPMF_SeekToSamples in GPMF_parse.c for the size calculation. Date published : 2019-12-29 https://github.com/gopro/gpmf-parser/issues/75

GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GetPayload in GPMF_mp4reader.c. Date published : 2019-12-29 https://github.com/gopro/gpmf-parser/issues/77

GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GPMF_seekToSamples in GPMF-parse.c for the "matching tags" feature. Date published : 2019-12-29 https://github.com/gopro/gpmf-parser/issues/76

GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GPMF_Next in GPMF_parser.c. Date published : 2019-12-29 https://github.com/gopro/gpmf-parser/issues/74

TVT NVMS-1000 devices allow GET /.. Directory Traversal Date published : 2019-12-29 http://packetstormsecurity.com/files/157196/TVT-NVMS-1000-Directory-Traversal.html https://www.exploit-db.com/exploits/47774

The autocmd feature in window.c in Vim before 8.1.2136 accesses freed memory. Date published : 2019-12-29 https://github.com/vim/vim/commit/ec66c41d84e574baf8009dbc0bd088d2bc5b2421 https://github.com/vim/vim/compare/v8.1.2135…v8.1.2136

On Netis DL4323 devices, XSS exists via the form2Ddns.cgi username parameter (DynDns settings of the Dynamic DNS Configuration). Date published : 2019-12-29 https://drive.google.com/open?id=1HrYqVKlSxhQqB5tNhhLIgpyfi0Y2ZL80 https://drive.google.com/open?id=1i5gIrJRy5L7lTIsYZp9GsvR8ZGCWtnMj

On Netis DL4323 devices, pingrtt_v6.html has XSS (Ping6 Diagnostic). Date published : 2019-12-29 https://drive.google.com/open?id=1795_joGaL3QXMFeJoJPiNgB_d913XePx https://drive.google.com/open?id=1SqUHaTn_dVsGv-YtvAqPOXG1Z9APk0eI

On Netis DL4323 devices, any user role can view sensitive information, such as a user password or the FTP password, via the form2saveConf.cgi page. Date published : 2019-12-29 https://drive.google.com/open?id=1MH6DMhP1JsV_RptGXDze0Vo9MDuCH9se https://fatihhcelik.blogspot.com/2019/12/clear-text-password-netis-dl4323.html