Headline
CVE-2023-39742: Notify CVE about a publication
giflib v5.2.1 was discovered to contain a segmentation fault via the component getarg.c.
Notify CVE about a publication
[CVE ID]
CVE-2023-39741
[Vulnerability Type]
> Buffer Overflow
>
> ------------------------------------------
>
> [Vendor of Product]
> the development group
>
> ------------------------------------------
>
> [Affected Product Code Base]
> lrzip - 0.651
>
> ------------------------------------------
>
> [Affected Component]
> lrzip 0.651
>
> ------------------------------------------
>
> [Impact Denial of Service]
> true
>
> ------------------------------------------
>
> [Attack Vectors]
> a crafted file
> [Suggested description]
>lrzip v0.651 was discovered to contain a heap overflow via the libzpaq::PostProcessor::write(int) function at /libzpaq/libzpaq.cpp.
This vulnerability allows attackers to cause a Denial of Service (DoS)> via a crafted file.
>[CVE ID]
>CVE-2023-39742
> ------------------------------------------
>
> [Vulnerability Type]
> Buffer Overflow
>
> ------------------------------------------
>
> [Vendor of Product]
> the development group
>
> ------------------------------------------
>
> [Affected Product Code Base]
> giflib - 5.2.1
>
> ------------------------------------------
>
> [Affected Component]
> giflib
>
> ------------------------------------------
>
> [Attack Type]
> Local
>
> ------------------------------------------
>
> [Impact Denial of Service]
> true
>
> ------------------------------------------
>
> [Attack Vectors]
> invalid args
>
> ------------------------------------------
>
> [Reference]
> https://sourceforge.net/p/giflib/bugs/166/
>
> ------------------------------------------
> [Suggested description]
> giflib v5.2.1 was discovered to contain a segmentation fault via the component getarg.c.
>
[CVE ID]
CVE-2023-39743
> ------------------------------------------
>
> [VulnerabilityType Other]
> Access Violation
>
> ------------------------------------------
>
> [Vendor of Product]
> the development group
>
> ------------------------------------------
>
> [Affected Product Code Base]
> lrzip-next - LZMA 23.01
>
> ------------------------------------------
>
> [Affected Component]
> lrzip-next
>
> ------------------------------------------
>
> [Impact Denial of Service]
> true
>
> ------------------------------------------
>
> [Attack Vectors]
> a crafted lrz file
>
> ------------------------------------------
>
> [Reference]
> https://github.com/huanglei3/lrzip-next-poc/tree/main
> https://github.com/pete4abw/lrzip-next/issues/132
>
> ------------------------------------------
> [Suggested description]
> lrzip-next LZMA v23.01 was discovered to contain an access violation via the component /bz3_decode_block src/libbz3.c.
Related news
Ubuntu Security Notice 6824-1 - It was discovered that GIFLIB incorrectly handled certain GIF files. An attacker could possibly use this issue to cause a denial of service.
lrzip v0.651 was discovered to contain a heap overflow via the libzpaq::PostProcessor::write(int) function at /libzpaq/libzpaq.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.
lrzip-next LZMA v23.01 was discovered to contain an access violation via the component /bz3_decode_block src/libbz3.c.