Log

CVE-2017-15587 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Local
Type
+ Arbitrary code execution
Description
+ An integer overflow leading to an out-of-bounds wrte has been found in mupdf <= 1.11. The parsing of a crafted PDF might allow an attacker to write controlled data to an arbitrary location in memory when performing truncated xref checks.
References
+ https://nandynarwhals.org/CVE-2017-15587/
+ http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=82df2631d7d0446b206ea6b434ea609b6c28b0e8
Notes
CVE-2017-15642 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Local
Type
+ Arbitrary code execution
Description
+ In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is a Use-After-Free vulnerability triggered by supplying a malformed AIFF file.
References
+ https://github.com/mansr/sox/commit/0be259eaa9ce3f3fa587a3ef0cf2c0b9c73167a2
+ https://lists.debian.org/debian-lts-announce/2017/11/msg00043.html
+ https://sourceforge.net/p/sox/bugs/298/
Notes
CVE-2017-15650 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ A stack-based buffer overflow has been found in the DNS response parsing code of musl libc <= 1.1.16. When an application makes a request via getaddrinfo for both IPv4 and IPv6 results (AF_UNSPEC), an attacker who controls or can spoof the nameservers configured in resolv.conf can reply to both the A and AAAA queries with A results. Since A records are smaller than AAAA records, it's possible to fit more addresses than the precomputed bound, and a buffer overflow occurs.
References
+ http://seclists.org/oss-sec/2017/q4/107
+ https://git.musl-libc.org/cgit/musl/commit/?id=45ca5d3fcb6f874bf5ba55d0e9651cef68515395
Notes
CVE-2017-15670 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string.
References
+ http://seclists.org/oss-sec/2017/q4/119
+ https://sourceware.org/bugzilla/show_bug.cgi?id=22320
+ https://bugzilla.redhat.com/show_bug.cgi?id=1504804
+ https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=a76376df7c07e577a9515c3faa5dbd50bda5da07
+ https://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=2d1bd71ec70a31b01d01b734faa66bb1ed28961f
Notes
CVE-2017-15671 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).
References
+ http://seclists.org/oss-sec/2017/q4/119
+ https://sourceware.org/bugzilla/show_bug.cgi?id=22325
+ https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=f1cf98b583787cfb6278baea46e286a0ee7567fd
+ https://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=6803dda53781f7da920f568a31610d41e5c3a351
Notes
CVE-2017-15710 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Remote
Type
+ Denial of service
Description
+ In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all.
References
Notes
CVE-2017-15715 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Remote
Type
+ Access restriction bypass
Description
+ In Apache httpd 2.4.0 before 2.4.30, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are externally blocked, but only by matching the trailing portion of the filename.
References
Notes
CVE-2017-15721 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ Certain incorrectly formatted DCC CTCP messages could cause NULL-pointer dereference in Irssi < 1.0.5. This is a separate, but similar issue to CVE-2017-9468. To be exploited, this issue requires a broken IRCd or control over the IRCd.
References
+ https://irssi.org/security/irssi_sa_2017_10.txt
+ https://github.com/irssi/irssi/commit/9f0dc4766c7aa80e34aa2cde94323fb49971abdf
Notes
CVE-2017-15722 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ In certain cases Irssi may fail to verify that a Safe channel ID is long enough, causing reads beyond the end of the string. To be exploited, this issue requires a broken IRCd or control over the IRCd.
References
+ https://irssi.org/security/irssi_sa_2017_10.txt
+ https://github.com/irssi/irssi/commit/45dfe2ba3889c5dc23a9bea3214f158cc651a043
Notes
CVE-2017-15723 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ Overlong nicks or targets may result in a NULL-pointer dereference in Irssi >= 0.8.17 and < 1.0.5 while splitting the message. Most IRC servers typically have length limits in place that would prevent this issue.
References
+ https://irssi.org/security/irssi_sa_2017_10.txt
+ https://github.com/irssi/irssi/commit/0840eaec7bf56740029aae614e393f8cf76f6946
Notes