An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::DjVuTXT::decode() in DjVuText.cpp via a crafted djvu file which may lead to crash and segmentation fault. This flaw affects DjVuLibre versions prior to 3.5.28. Date...
Grok 7.6.6 through 9.2.0 has a heap-based buffer overflow in grk::FileFormatDecompress::apply_palette_clr (called from grk::FileFormatDecompress::applyColour). Date published : 2021-06-30 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33544 https://github.com/GrokImageCompression/grok/releases
Fluent Bit (aka fluent-bit) 1.7.0 through 1.7,4 has a double free in flb_free (called from flb_parser_json_do and flb_parser_do). Date published : 2021-06-30 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33750 https://github.com/fluent/fluent-bit/commit/22346a74c07ceb90296be872be2d53eb92252a54
The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). This occurs because there is sometimes a lack of checks for invalid statements in an optional block....
The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list). Date published : 2021-06-30 https://lists.fedoraproject.org/archives/list/[email protected]/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/ https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32177
The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __verify_map_perm_classperms and hashtab_map). Date published : 2021-06-30 https://lists.fedoraproject.org/archives/list/[email protected]/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/ https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31124
The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper). Date published : 2021-06-30 https://lists.fedoraproject.org/archives/list/[email protected]/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/ https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31065
KDE KImageFormats 5.70.0 through 5.81.0 has a stack-based buffer overflow in XCFImageFormat::loadTileRLE. Date published : 2021-06-30 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33742 https://github.com/google/oss-fuzz-vulns/blob/main/vulns/kimageformats/OSV-2021-695.yaml
ntop nDPI 3.4 has a stack-based buffer overflow in processClientServerHello. Date published : 2021-06-30 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30393 https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ndpi/OSV-2021-304.yaml
Tesseract OCR 5.0.0-alpha-20201231 has a one_ell_conflict use-after-free during a strpbrk call. Date published : 2021-06-30 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29698 https://github.com/google/oss-fuzz-vulns/blob/main/vulns/tesseract-ocr/OSV-2021-211.yaml
GNU LibreDWG 0.12.3.4163 through 0.12.3.4191 has a double-free in bit_chain_free (called from dwg_encode_MTEXT and dwg_encode_add_object). Date published : 2021-06-30 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31724 https://github.com/LibreDWG/libredwg/commit/9b6e0ff9ef02818df034fc42c3bd149a5ff89342
NETGEAR WAC104 devices before 1.0.4.15 are affected by an authentication bypass vulnerability in /usr/sbin/mini_httpd, allowing an unauthenticated attacker to invoke any action by adding the ¤tsetting.htm substring to the HTTP query, a related issue...
Veeam Backup and Replication 10 before 10.0.1.4854 P20210609 and 11 before 11.0.0.837 P20210507 mishandles deserialization during Microsoft .NET remoting. Date published : 2021-06-30 https://www.veeam.com/kb4126 https://www.veeam.com/kb4180
Talk 4 in Coral before 4.12.1 allows remote attackers to discover e-mail addresses and other sensitive information via GraphQL because permission checks use an incorrect data type. Date published : 2021-06-30 https://docs.coralproject.net/coral/api/graphql/#User https://github.com/coralproject/talk/compare/v4.12.0…v4.12.1