CVE-2019-1010069 - OpenCVE

moinejf abcm2ps 8.13.20 is affected by: Incorrect Access Control. The impact is: Allows attackers to cause a denial of service attack via a crafted file. The component is: front.c, function txt_add. The fixed version is: after commit commit 08aef597656d065e86075f3d53fda89765845eae.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Debian	Debian Linux
Moinejf	Abcm2ps

Configuration 1 [-]

cpe:2.3:a:moinejf:abcm2ps:8.13.20:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://drive.google.com/drive/u/2/folders/1Y2IbtEr9v4l4Ruie_AY9BFJOHOGiDt7S
https://github.com/leesavide/abcm2ps/issues/18
https://lists.debian.org/debian-lts-announce/2022/04/msg00015.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: dwf

Published: 2019-07-18T13:47:25

Updated: 2024-08-05T03:07:18.381Z

Reserved: 2019-03-20T00:00:00

Link: CVE-2019-1010069

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-07-18T14:15:11.487

Modified: 2022-11-28T22:08:21.157

Link: CVE-2019-1010069

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "abcm2ps", "vendor": "moinejf", "versions": [{"status": "affected", "version": "8.13.20 [fixed: after commit commit 08aef597656d065e86075f3d53fda89765845eae]"}]}], "descriptions": [{"lang": "en", "value": "moinejf abcm2ps 8.13.20 is affected by: Incorrect Access Control. The impact is: Allows attackers to cause a denial of service attack via a crafted file. The component is: front.c, function txt_add. The fixed version is: after commit commit 08aef597656d065e86075f3d53fda89765845eae."}], "problemTypes": [{"descriptions": [{"description": "Incorrect Access Control", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-04-17T07:06:15", "orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8", "shortName": "dwf"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://drive.google.com/drive/u/2/folders/1Y2IbtEr9v4l4Ruie_AY9BFJOHOGiDt7S"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/leesavide/abcm2ps/issues/18"}, {"name": "[debian-lts-announce] 20220417 [SECURITY] [DLA 2983-1] abcm2ps security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00015.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve-assign@distributedweaknessfiling.org", "ID": "CVE-2019-1010069", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "abcm2ps", "version": {"version_data": [{"version_value": "8.13.20 [fixed: after commit commit 08aef597656d065e86075f3d53fda89765845eae]"}]}}]}, "vendor_name": "moinejf"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "moinejf abcm2ps 8.13.20 is affected by: Incorrect Access Control. The impact is: Allows attackers to cause a denial of service attack via a crafted file. The component is: front.c, function txt_add. The fixed version is: after commit commit 08aef597656d065e86075f3d53fda89765845eae."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Incorrect Access Control"}]}]}, "references": {"reference_data": [{"name": "https://drive.google.com/drive/u/2/folders/1Y2IbtEr9v4l4Ruie_AY9BFJOHOGiDt7S", "refsource": "MISC", "url": "https://drive.google.com/drive/u/2/folders/1Y2IbtEr9v4l4Ruie_AY9BFJOHOGiDt7S"}, {"name": "https://github.com/leesavide/abcm2ps/issues/18", "refsource": "MISC", "url": "https://github.com/leesavide/abcm2ps/issues/18"}, {"name": "[debian-lts-announce] 20220417 [SECURITY] [DLA 2983-1] abcm2ps security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00015.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:07:18.381Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://drive.google.com/drive/u/2/folders/1Y2IbtEr9v4l4Ruie_AY9BFJOHOGiDt7S"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/leesavide/abcm2ps/issues/18"}, {"name": "[debian-lts-announce] 20220417 [SECURITY] [DLA 2983-1] abcm2ps security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00015.html"}]}]}, "cveMetadata": {"assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8", "assignerShortName": "dwf", "cveId": "CVE-2019-1010069", "datePublished": "2019-07-18T13:47:25", "dateReserved": "2019-03-20T00:00:00", "dateUpdated": "2024-08-05T03:07:18.381Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:moinejf:abcm2ps:8.13.20:*:*:*:*:*:*:*", "matchCriteriaId": "8A6435D0-1117-4C9C-8513-5FC356726608", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "moinejf abcm2ps 8.13.20 is affected by: Incorrect Access Control. The impact is: Allows attackers to cause a denial of service attack via a crafted file. The component is: front.c, function txt_add. The fixed version is: after commit commit 08aef597656d065e86075f3d53fda89765845eae."}, {"lang": "es", "value": "moinejf abcm2ps 8.13.20 se ve afectado por: Control de acceso incorrecto. El impacto es: permite que los atacantes causen un ataque de denegaci\u00f3n de servicio a trav\u00e9s de un archivo creado. El componente es: front.c, funci\u00f3n txt_add. La versi\u00f3n fija es: despu\u00e9s de confirmar el compromiso 08aef597656d065e86075f3d53fda89765845eae."}], "id": "CVE-2019-1010069", "lastModified": "2022-11-28T22:08:21.157", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-07-18T14:15:11.487", "references": [{"source": "josh@bress.net", "tags": ["Exploit", "Third Party Advisory"], "url": "https://drive.google.com/drive/u/2/folders/1Y2IbtEr9v4l4Ruie_AY9BFJOHOGiDt7S"}, {"source": "josh@bress.net", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/leesavide/abcm2ps/issues/18"}, {"source": "josh@bress.net", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00015.html"}], "sourceIdentifier": "josh@bress.net", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}