Filtered by vendor Gnu
Subscriptions
Total
1068 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-20914 | 1 Gnu | 1 Libredwg | 2024-08-05 | 9.8 Critical |
An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL pointer dereference in the function dwg_encode_common_entity_handle_data in common_entity_handle_data.spec. | ||||
CVE-2019-25013 | 6 Broadcom, Debian, Fedoraproject and 3 more | 12 Fabric Operating System, Debian Linux, Fedora and 9 more | 2024-08-05 | 5.9 Medium |
The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read. | ||||
CVE-2019-20912 | 1 Gnu | 1 Libredwg | 2024-08-05 | 8.8 High |
An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a stack overflow in bits.c, possibly related to bit_read_TF. | ||||
CVE-2019-20915 | 1 Gnu | 1 Libredwg | 2024-08-05 | 8.1 High |
An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in bit_write_TF in bits.c. | ||||
CVE-2019-20913 | 1 Gnu | 1 Libredwg | 2024-08-05 | 8.1 High |
An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in dwg_encode_entity in common_entity_data.spec. | ||||
CVE-2019-20910 | 1 Gnu | 1 Libredwg | 2024-08-05 | 8.1 High |
An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in decode_R13_R2000 in decode.c, a different vulnerability than CVE-2019-20011. | ||||
CVE-2019-20911 | 1 Gnu | 1 Libredwg | 2024-08-05 | 6.5 Medium |
An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to denial of service in bit_calc_CRC in bits.c, related to a for loop. | ||||
CVE-2019-20909 | 1 Gnu | 1 Libredwg | 2024-08-05 | 7.5 High |
An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL pointer dereference in the function dwg_encode_LWPOLYLINE in dwg.spec. | ||||
CVE-2019-20633 | 1 Gnu | 1 Patch | 2024-08-05 | 5.5 Medium |
GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952. | ||||
CVE-2019-20433 | 1 Gnu | 1 Aspell | 2024-08-05 | 9.1 Critical |
libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the application, as demonstrated by the ASPELL_CONF environment variable. | ||||
CVE-2019-20010 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2024-08-05 | 8.8 High |
An issue was discovered in GNU LibreDWG 0.92. There is a use-after-free in resolve_objectref_vector in decode.c. | ||||
CVE-2019-20014 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2024-08-05 | 8.8 High |
An issue was discovered in GNU LibreDWG before 0.93. There is a double-free in dwg_free in free.c. | ||||
CVE-2019-20015 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2024-08-05 | 6.5 Medium |
An issue was discovered in GNU LibreDWG 0.92. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_LWPOLYLINE_private in dwg.spec. | ||||
CVE-2019-20013 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2024-08-05 | 6.5 Medium |
An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessive memory allocation in decode_3dsolid in dwg.spec. | ||||
CVE-2019-20012 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2024-08-05 | 6.5 Medium |
An issue was discovered in GNU LibreDWG 0.92. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_HATCH_private in dwg.spec. | ||||
CVE-2019-20011 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2024-08-05 | 8.8 High |
An issue was discovered in GNU LibreDWG 0.92. There is a heap-based buffer over-read in decode_R13_R2000 in decode.c. | ||||
CVE-2019-20009 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2024-08-05 | 6.5 Medium |
An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_SPLINE_private in dwg.spec. | ||||
CVE-2019-19126 | 5 Canonical, Debian, Fedoraproject and 2 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-08-05 | 3.3 Low |
On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program. | ||||
CVE-2019-18862 | 1 Gnu | 1 Mailutils | 2024-08-05 | 7.8 High |
maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode. | ||||
CVE-2019-18397 | 3 Debian, Gnu, Redhat | 4 Debian Linux, Fribidi, Enterprise Linux and 1 more | 2024-08-05 | 7.8 High |
A buffer overflow in the fribidi_get_par_embedding_levels_ex() function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user, when this content is then rendered by an application that uses FriBidi for text layout calculations. Examples include any GNOME or GTK+ based application that uses Pango for text layout, as this internally uses FriBidi for bidirectional text layout. For example, the attacker can construct a crafted text file to be opened in GEdit, or a crafted IRC message to be viewed in HexChat. |