A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::GetNormalizedModel in src/metadata/normalize_model.cpp may lead to context-dependent arbitrary code execution.

    #0  __GI_raise (sig=sig@entry=0x6) at ../sysdeps/unix/sysv/linux/raise.c:51
    #1  0x00007ffff6fb08b1 in __GI_abort () at abort.c:79
    #2  0x00007ffff6ff9907 in __libc_message (action=action@entry=(do_abort | do_backtrace),
        fmt=fmt@entry=0x7ffff7126be8 "*** %s ***: %s terminated\n") at ../sysdeps/posix/libc_fatal.c:181
    #3  0x00007ffff70a4eaf in __GI___fortify_fail_abort (need_backtrace=need_backtrace@entry=0x1,
        msg=msg@entry=0x7ffff7126b65 "buffer overflow detected") at fortify_fail.c:33
    #4  0x00007ffff70a4ed1 in __GI___fortify_fail (msg=msg@entry=0x7ffff7126b65 "buffer overflow detected") at fortify_fail.c:44
    #5  0x00007ffff70a2bc0 in __GI___chk_fail () at chk_fail.c:28
    #6  0x00007ffff70a1e52 in __strcpy_chk (dest=dest@entry=0x7ffffff43e08 "",
        src=src@entry=0x7ffffff43354 "!\v", '!' <repeats 30 times>, "H\001\006", destlen=destlen@entry=0x20) at strcpy_chk.c:30
    #7  0x00007ffff7ac6134 in strcpy (__src=0x7ffffff43354 "!\v", '!' <repeats 30 times>, "H\001\006", __dest=0x7ffffff43e08 "")
        at /usr/include/x86_64-linux-gnu/bits/string_fortified.h:90
    #8  LibRaw::parseHassyModel (this=this@entry=0x7ffffff43250) at src/metadata/hasselblad_model.cpp:136
    #9  0x00007ffff7ab7fa8 in LibRaw::GetNormalizedModel (this=this@entry=0x7ffffff43250) at src/metadata/normalize_model.cpp:723
    #10 0x00007ffff7a86c18 in LibRaw::identify (this=this@entry=0x7ffffff43250) at src/metadata/identify.cpp:1003
    #11 0x00007ffff7b43f9e in LibRaw::open_datastream (this=0x7ffffff43250, stream=0x55555576a230) at src/utils/open.cpp:390
    #12 0x00007ffff7b4c90d in LibRaw::open_buffer (this=0x7ffffff43250, buffer=0x555555769130, size=0xe1) at src/utils/open.cpp:153
    #13 0x000055555555534b in LLVMFuzzerTestOneInput (data=0x555555769130 "II*", size=0xe1) at runlibraw.c:35
    #14 0x0000555555554f0a in main (argc=argc@entry=0x2, argv=argv@entry=0x7fffffffe3c8) at runlibraw.c:100
    #15 0x00007ffff6f91b97 in __libc_start_main (main=0x555555554e00 <main(int, char**)>, argc=0x2, argv=0x7fffffffe3c8,
        init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe3b8) at ../csu/libc-start.c:310
    #16 0x000055555555502a in _start ()

CVE-2020-24889: buffer overflow · Issue #334 · LibRaw/LibRaw

A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data.

CVE-2020-14393: DBI::Changes

A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

'1869144?cve=title' is not a valid bug number nor an alias to a bug.

Please press **Back** and try again.

CVE-2020-14362: Invalid Bug ID

'1869142?cve=title' is not a valid bug number nor an alias to a bug.

Please press **Back** and try again.

CVE-2020-14361: Invalid Bug ID

Bitcoin Core 0.20.0 allows remote denial of service.

CVE-2020-14198: Common Vulnerabilities and Exposures - Bitcoin Wiki

In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered.

CVE-2020-24394: #962254 - NFSv4.2: umask not applied on filesystem without ACL support

A buffer overflow vulnerability in mj_color_correct() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

'701799?cve=title' is not a valid bug number nor an alias to a bug.

Please press **Back** and try again.

CVE-2020-16298: Invalid Bug ID

A buffer overflow vulnerability in FloydSteinbergDitheringC() in contrib/gdevbjca.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

'701800?cve=title' is not a valid bug number nor an alias to a bug.

Please press **Back** and try again.

CVE-2020-16297: Invalid Bug ID

A buffer overflow vulnerability in GetNumWrongData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

CVE-2020-16296

A buffer overflow vulnerability in lprn_is_black() in contrib/lips4/gdevlprn.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

'701785?cve=title' is not a valid bug number nor an alias to a bug.

Please press **Back** and try again.

Tag

#buffer_overflow