---

Log

AVG-2253 edited at 05 Aug 2021 08:49:19
Advisory qualified	- Yes + No

AVG-2242 edited at 05 Aug 2021 08:49:12
Advisory qualified	- Yes + No

CVE-2021-3682 edited at 05 Aug 2021 08:48:22
Severity	- Unknown + Medium
Remote	- Unknown + Local
Type	- Unknown + Arbitrary code execution
Description	+ A security issue was found in the USB redirector device emulation of QEMU. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() with faked heap chunk metadata, resulting in a crash of QEMU or potential code execution with the privileges of the QEMU process on the host.
References	+ https://bugzilla.redhat.com/show_bug.cgi?id=1989651 + https://gitlab.com/qemu-project/qemu/-/issues/491 + https://gitlab.com/qemu-project/qemu/-/commit/5e796671e6b8d5de4b0b423dce1b3eba144a92c9

AVG-1898 edited at 05 Aug 2021 08:46:13
Issues	CVE-2020-14394 CVE-2021-3507 CVE-2021-3527 CVE-2021-3544 CVE-2021-3545 CVE-2021-3546 CVE-2021-3582 CVE-2021-3607 CVE-2021-3608 CVE-2021-3611 CVE-2021-3638 + CVE-2021-3682 CVE-2021-20196 CVE-2021-20203 CVE-2021-20255

CVE-2021-3682 created at 05 Aug 2021 08:46:13
Severity	+ Unknown
Remote	+ Unknown
Type	+ Unknown
Description
References
Notes

AVG-2258 edited at 05 Aug 2021 08:41:44
Severity	- Unknown + Low

CVE-2021-38115 edited at 05 Aug 2021 08:41:44
Severity	- Unknown + Low
Remote	- Unknown + Remote
Type	- Unknown + Denial of service
Description	+ read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) through 2.3.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.
References	+ https://github.com/libgd/libgd/issues/697 + https://github.com/libgd/libgd/pull/711 + https://github.com/libgd/libgd/commit/edaf39fe6fb0d1867b9b5992efb9fe4102138553
Notes

AVG-2258 created at 05 Aug 2021 08:40:31
Packages	+ gd
Issues	+ CVE-2021-38115
Status	+ Vulnerable
Severity	+ Unknown
Affected	+ 2.3.2-4
Fixed
Ticket
Advisory qualified	+ Yes
References
Notes

CVE-2021-38115 created at 05 Aug 2021 08:40:31

CVE-2021-38114 edited at 05 Aug 2021 08:38:53
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Arbitrary code execution
Description	+ libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868.
References	+ https://patchwork.ffmpeg.org/project/ffmpeg/patch/PAXP193MB12624C21AE412BE95BA4D4A4B6F09@PAXP193MB1262.EURP193.PROD.OUTLOOK.COM/ + https://github.com/FFmpeg/FFmpeg/commit/7150f9575671f898382c370acae35f9087a30ba1

AVG-1989 edited at 05 Aug 2021 08:37:36
Issues	CVE-2020-20445 CVE-2020-20446 CVE-2020-20448 CVE-2020-20453 CVE-2020-22015 CVE-2020-22019 CVE-2020-22021 CVE-2020-22033 CVE-2020-22037 CVE-2021-33815 + CVE-2021-38114

CVE-2021-38114 created at 05 Aug 2021 08:37:36
Severity	+ Unknown
Remote	+ Unknown
Type	+ Unknown
Description
References
Notes

AVG-2230 edited at 04 Aug 2021 20:43:05
Status	- Testing + Fixed

AVG-1393 edited at 04 Aug 2021 20:16:38
Affected	- 249-1 + 250-1