IBM AIX's 7.3 Python implementation could allow a non-privileged local user to exploit a vulnerability to cause a denial of service.  IBM X-Force ID:  267965.

CVE-2023-45167

HashiCorp Vault and Vault Enterprise inbound client requests triggering a policy check can lead to an unbounded consumption of memory. A large number of these requests may lead to denial-of-service. Fixed in Vault 1.15.2, 1.14.6, and 1.13.10.

Skip to content

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2023-5954

**HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability**

Moderate severity GitHub Reviewed Published Nov 9, 2023 to the GitHub Advisory Database • Updated Nov 10, 2023

**Package**

gomod github.com/hashicorp/vault (Go)

**Affected versions**

< 1.13.10

\>= 1.14.0, < 1.14.6

\>= 1.15.0, < 1.15.2

**Patched versions**

1.13.10

1.14.6

1.15.2

**Description**

Published to the GitHub Advisory Database

Nov 9, 2023

Last updated

Nov 10, 2023

GHSA-4qhc-v8r6-8vwm: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability

CVE-2023-5954: HCSEC-2023-33 - Vault Requests Triggering Policy Checks May Lead To Unbounded Memory Consumption

A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation.

**Red Hat Product Security Center**

Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

Product Security Center

CVE-2023-39198: cve-details

It can be easy to get caught up in the “big” questions in cybersecurity, like how to stop ransomware globally or keep hospitals up and running when they’re targeted by data theft extortion.

Thursday, November 9, 2023 14:11

I found the juxtaposition of stories on the Talos blog over the past week-plus kind of funny. 

On one hand, we had a massive story about Arid Viper, a Middle Eastern threat actor spreading spyware, one of the most dangerous types of malware out there right now, operating out of Gaza no less. 

Then, we had “Roblox,” a children’s video game (which I’ve written about multiple times and I maintain was the OG metaverse).  

The scale of these attacks is obviously vastly different. Spyware is being used across the globe to monitor some of the most vulnerable activists, journalists and government officials to track their physical movement.  

Meanwhile, “Roblox” players are losing money in a game where the characters look like vague LEGO minifigure knockoffs.  

And the blog homepage is just a perfect encapsulation of how cybersecurity means more than just blocking malware. It can mean teaching your children how to stay safe when they go online, how to properly lock down your login credentials and just being smart at spotting scams. 

But it can also have global implications in areas where there is a global military conflict, just like we’ve written about countless times in Ukraine. 

I would never call one security researcher’s work more “important” than another's — everyone in the security community works extremely hard to keep the internet safe, no matter what company you work for or what your area of expertise is. Tiago from our Outreach team who wrote about the “Roblox” scams has certainly done way more malware research beyond this. But it’s clear that the real-world implications of both these threats are very different. 

For me, the takeaway is just to leave room for all of this. It can be easy to get caught up in the “big” questions in cybersecurity, like how to stop ransomware globally or keep hospitals up and running when they’re targeted by data theft extortion. But that doesn’t mean we can ignore the “small stuff” either because those problems are more likely to end up on our virtual front door. 

If I may continue to plug Talos’ work, we have a new video series launching today, too, under our Threat Spotlight banner. Each month, Decipher reporters and Talos researchers will team up to recap the top stories, malware and threats in the headlines. We’re excited about this new partnership with Decipher.

 **The one big thing **

Attackers are using a new tactic to get spam through their email inbox filters via Google Forms. Google Forms has a “quiz” option for their fields, and adversaries have found a workaround to send the “answers” to a quiz to targets, which are actually spam messages that appear to the user like they’re legitimate messages coming from Google. In one case, we found a deep cryptocurrency-related scam using this method, and other actors are just hoping to get the user to click on a malicious link that could lead to other scams or malware.  

**Why do I care? **

The average user is going to see a message from Google Forms, especially after they just filled out a Form, and assume it’s legitimate, so attackers are more likely to be successful using this method of delivering their spam compared to traditional email methods. Google Forms abuse has been present in spam attacks for several years, though our investigation showed that this particular feature of Google Forms quizzes was not very heavily abused to send spam until relatively recently. 

**So now what? **

As with all types of spam, follow the basic rule, “If it seems too good to be true, it probably is.” While there is no concrete method of blocking these comments and quiz results from coming through, if you’re using Google Forms, be weary of illegitimate messages making their way through. Look for things like misspellings, typos, or URLs that you don’t recognize.  

**Top security headlines of the week **

**A coalition of more than 40 international governments, including the European Union and Interpol, have agreed to not pay ransomware attackers’ extortion payments.** The commitment came from last week's U.S.-led Counter Ransomware Initiative meeting and applies to those countries’ government agencies. Private companies who operate in these nations are most often the targets of ransomware, however, but leaders hope the pledge will influence them to take the same stance. Whether to pay the ransom is often a tough decision for the private sector, which needs to balance the cost of keeping their network operations offline during recovery versus having their files returned as quickly as possible. However, there is never a guarantee that the ransomware actor will provide a decryption key as promised. Government officials hope that cutting off the flow of income to the threat actors will dry up their resources and discourage future attacks. (Axios, Reuters) 

**Atlassian elevated a recently disclosed vulnerability to the maximum severity rating after threat actors started exploiting it to deliver the Cerber ransomware.** CVE-2023-22518 is an improper authorization vulnerability in Confluence Data Center and Server, which first received a patch on Oct. 31. Adversaries can exploit this vulnerability on internet-facing Confluence servers by sending specially devised requests to setup-restore endpoints. Confluence accounts hosted in Atlassian’s cloud environment are not affected, according to the company. In its initial disclosure of CVE-2023-22518, Atlassian warned of “significant data loss if exploited” and said, “customers must take immediate action to protect their instances.” (SC Media, Ars Technica) 

**The Mozi botnet mysteriously has gone offline, and experts are unsure if the original creators are responsible.** Mozi was once a massive network that attackers used to carry out distributed denial-of-service (DDoS) attacks, data exfiltration and payload execution against internet-of-things (IoT) devices. Once one of the largest botnets in the world, it’s now essentially offline, according to security researchers. A kill switch seems to be the root cause, though it’s unclear if the operators did this on their own volition if they had their hand forced by law enforcement, or if another third party was involved. The kill switch code shares some code snippets with the original botnet, and whoever deployed it used the correct private keys to sign the payload. Botnets tend to still come back to life after reported takedowns, so there is no guarantee that Mozi is gone forever. (Dark Reading, The Register) 

**Can’t get enough Talos? **

*   Threat Roundup for Oct. 27 - Nov. 3 
*   Talos Takes Ep. #161 (XL Edition): The top incident response trends of Q3 
*   Cisco Talos researcher Nick Biasini on chasing APTs, mercenary hackers 
*   Cyber attackers are increasingly targeting web applications 

**Upcoming events where you can find Talos **

**Black Hat Middle East and Africa** **(Nov. 16)** 

_Riyadh, Saudi Arabia_ 

> _Rami Atalhi from Talos Incident Response will discuss how generative AI affects red and blue teams in cybersecurity. Discover how generative AI creates a bridge between these teams, fostering teamwork and innovative strategies. Real-world cases will demonstrate how generative AI drives success, providing insights for building resilient cybersecurity plans._ 

**misecCON** **(Nov. 17)** 

_Lansing, Michigan_ 

> _Terryn Valikodath from Talos Incident Response will deliver a talk providing advice on the best ways to conduct analysis, learning from his years of experience (and mishaps). He will speak about the everyday tasks he and his Talos IR teammates must go through to properly perform analysis. This talk covers topics such as planning, finding evil, recording findings, correlation and creating your own timelines._ 

**"Power of the Platform” by Cisco** **(Dec. 5 & 7)** 

_Virtual (Please note: This presentation will only be given in German)_ 

> _The annual IT event at the end of the year where Cisco experts, including Gergana Karadzhova-Dangela from Cisco Talos Incident Response, discuss the future-oriented topics in the implementation of digitalization together with you._  

**Most prevalent malware files from Talos telemetry over the past week **

**SHA 256: a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91**    
**MD5:** 7bdbd180c081fa63ca94f9c22c457376   
**Typical Filename:** c0dwjdi6a.dll   
**Claimed Product:** N/A    
**Detection Name:** Trojan.GenericKD.33515991 

**SHA 256:** bea312ccbc8a912d4322b45ea64d69bb3add4d818fd1eb7723260b11d76a138a   
**MD5:** 200206279107f4a2bb1832e3fcd7d64c   
**Typical Filename:** lsgkozfm.bat   
**Claimed Product:** N/A   
**Detection Name:** Win.Dropper.Scar::tpd 

**SHA 256:** 8664e2f59077c58ac12e747da09d2810fd5ca611f56c0c900578bf750cab56b7    
**MD5:** 0e4c49327e3be816022a233f844a5731    
**Typical Filename:** aact.exe    
**Claimed Product:** AAct x86    
**Detection Name:** PUA.Win.Tool.Kmsauto::in03.talos 

**SHA 256: 5e537dee6d7478cba56ebbcc7a695cae2609010a897d766ff578a4260c2ac9cf**   
**MD5:** 2cfc15cb15acc1ff2b2da65c790d7551   
**Typical Filename:** rcx4d83.tmp   
**Claimed Product:** N/A     
**Detection Name:** Win.Dropper.Pykspa::tpd 

**SHA 256:** 975517668a3fe020f1dbb1caafde7180fd9216dcbf0ea147675ec287287f86aa   
**MD5:** 9403425a34e0c78a919681a09e5c16da   
**Typical Filename:** vincpsarzh.exe   
**Claimed Product:** N/A   
**Detection Name:** Win.Dropper.Scar::tpd

A new video series, Google Forms spam and the various gray areas of cyber attacks

By Waqas
OpenAI and ChatGPT began experiencing service outages on November 8th, and the company is actively working to restore full service.
This is a post from HackRead.com Read the original post: ChatGPT Down? OpenAI Blames Outages on DDoS Attacks

Is your ChatGPT down? Are you experiencing issues with ChatGPT, such as connectivity problems or encountering a ‘Network error on long responses’? – ChatGPT has been under a series of DDoS attacks, apparently orchestrated by Anonymous Sudan.

OpenAI’s ChatGPT, a popular AI-powered chatbot, has been experiencing outages for the past 24 hours due to distributed denial-of-service (DDoS) attacks. The company confirmed the attacks in a statement on its status website, saying that it is working to mitigate the attacks and restore full service.

> _“We are dealing with periodic outages due to an abnormal traffic pattern reflective of a DDoS attack. We are continuing to work to mitigate this.“_
> 
> OpenAI on Nov 08, 2023 – 19:49 PST

According to OpenAI CEO Sam Altman, as of this week, ChatGPT now boasts 100 million weekly active users. While this places ChatGPT as the most popular platform on the internet, it also renders it a lucrative target for cybercriminals and hacktivists.

OpenAI has not yet said when it expects the ChatGPT outages to be fully resolved. However, the company has assured users that it is working to resolve the issue as quickly as possible.

ChatGPT’s status page as of Nov 09, 2023

The ChatGPT outages have had a significant impact on users of the service. Many users have been unable to access ChatGPT at all, while others have experienced intermittent outages.

DDoS attacks are a type of cyberattack in which an attacker sends a large number of requests to a website or server in order to overwhelm it and make it unavailable to legitimate users. In the case of ChatGPT, the attackers are flooding the service with more requests than it can handle, causing it to go down.

****Anonymous Sudan Claims Responsibility****

_Hackread.com_ can confirm that the responsibility for the attacks on OpenAI’s infrastructure has been claimed by Anonymous Sudan. The group shared various screenshots on its Telegram channel, depicting examples where OpenAI’s website and ChatGPT’s dashboard experienced downtime or displayed various errors and connectivity issues.

The group further elaborated on their motives for targeting OpenAI and ChatGPT, highlighting the reasons behind their DDoS attacks on one of the most popular platforms globally. In a Telegram post, they stated that as they are specifically targeting American companies, OpenAI, being an American company, is naturally among their prime targets.

The group additionally cited another major reason for targeting OpenAI, pointing to its association with the state of Israel, its investment plans in Israel, and the recent meeting between OpenAI’s CEO, Sam Altman, and the Israeli Prime Minister, Benjamin Netanyahu. Emphasizing their support for the Palestinians, the group mentioned this as a significant rationale behind targeting OpenAI and ChatGPT.

For your information, Anonymous Sudan is a group of hacktivists who claim to be affiliated with the Anonymous collective. However, cybersecurity experts have cast doubt on these claims, suggesting that Anonymous Sudan may be a front for other Russian hacktivist groups.

Anonymous Sudan first emerged in January 2023, when they launched a series of DDoS attacks against Swedish and Danish organizations in response to the far-right activist Rasmus Paludan. In February 2023, Anonymous Sudan also **DDoSed Swedish SAS Airlines**.

The group has since claimed responsibility for a number of other DDoS attacks, including attacks against X (formerly Twitter), Microsoft, and other Western targets.

If you are a user of ChatGPT, there is not much you can do to prevent DDoS attacks. However, you can check the OpenAI status page for updates on the situation and to see if the service is available. You can also try accessing ChatGPT at different times of day, as the attacks may not be continuous.

**_RELATED ARTICLES_**

1.  **Hackers Target Israeli Rocket Alert App Users with Spyware**
2.  **10 Top DDoS Attack Protection and Mitigation Companies in 2023**
3.  **Google, Cloudflare and AWS Disclose Largest DDoS Attack in History**
4.  **Hackers Send Fake Rocket Alerts to Israelis via Hacked Red Alert App**
5.  **Researchers Leverage ChatGPT to Expose Notorious macOS Malware**
6.  **WormGPT – Malicious ChatGPT Alternative Empowering Cybercriminals**

ChatGPT Down? OpenAI Blames Outages on DDoS Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw in the Service Location Protocol (SLP) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
Tracked as CVE-2023-29552 (CVSS score: 7.5), the issue relates to a denial-of-service (DoS) vulnerability that could be weaponized to launch massive DoS

Cyber Attack / Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw in the Service Location Protocol (SLP) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.

Tracked as **CVE-2023-29552** (CVSS score: 7.5), the issue relates to a denial-of-service (DoS) vulnerability that could be weaponized to launch massive DoS amplification attacks.

It was disclosed by Bitsight and Curesec earlier this April.

"The Service Location Protocol (SLP) contains a denial-of-service (DoS) vulnerability that could allow an unauthenticated, remote attacker to register services and use spoofed UDP traffic to conduct a denial-of-service (DoS) attack with a significant amplification factor," CISA said.

SLP is a protocol that allows systems on a local area network (LAN) to discover each other and establish communications.

The exact details surrounding the nature of exploitation of the flaw are currently unknown, but Bitsight previously warned that the shortcoming could be exploited to stage DoS with a high amplification factor.

"This extremely high amplification factor allows for an under-resourced threat actor to have a significant impact on a targeted network and/or server via a reflection DoS amplification attack," it said.

In light of real-world attacks employing the flaw, federal agencies are required to apply the necessary mitigations, including disabling the SLP service on systems running on untrusted networks, by November 29, 2023, to secure their networks against potential threats.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

CISA Alerts: High-Severity SLP Vulnerability Now Under Active Exploitation


A potential use-after-free vulnerability was reported in the Lenovo View driver that could result in denial of service. 



**About Lenovo**

*   Our Company
*   News
*   Investor Relations
*   Sustainability
*   Product Compliance
*   Product Security
*   Lenovo Open Source
*   Legal Information
*   Jobs at Lenovo

**Shop**

*   Laptops & Ultrabooks
*   Tablets
*   Desktops & All-in-Ones
*   Workstations
*   Accessories & Software
*   Servers
*   Storage
*   Networking
*   Laptop Deals
*   Outlet

**Support**

*   Drivers & Software
*   How To's
*   Warranty Lookup
*   Parts Lookup
*   Contact Us
*   Repair Status Check
*   Imaging & Security Resources
*   Glossary

**Resources**

*   Where to Buy
*   Shopping Help
*   Track Order Status
*   Product Specifications (PSREF)
*   Forums
*   Registration
*   Product Accessibility
*   Environmental Information
*   Gaming Community
*   LenovoEDU Community
*   LenovoPRO Community

© Lenovo.  
| | | |

CVE-2023-4891: Lenovo View Denial of Service Vulnerability - Lenovo Support US

jbig2enc v0.28 was discovered to contain a heap-use-after-free via jbig2enc_auto_threshold_using_hash in src/jbig2enc.cc.

**heap-use-after-free in jbig2enc****Description**

jbig2enc v0.28 was discovered to contain a heap-use-after-free via jbig2enc\_auto\_threshold\_using\_hash in src/jbig2enc.cc. This vulnerability can lead to a Denial of Service (DoS).

**ASAN Log**

./src/jbig2 -s -a -p Poc1jbig2enc

\=================================================================
==1464517==ERROR: AddressSanitizer: heap-use-after-free on address 0x603000015470 at pc 0x555555560b51 bp 0x7fffffffdf70 sp 0x7fffffffdf60
READ of size 4 at 0x603000015470 thread T0
    #0 0x555555560b50 in remove\_templates /test2/jbig2enc/src/jbig2enc.cc:248
    #1 0x555555562efd in jbig2enc\_auto\_threshold\_using\_hash(jbig2ctx\*) /test2/jbig2enc/src/jbig2enc.cc:484
    #2 0x55555555f4f1 in main /test2/jbig2enc/src/jbig2.cc:492
    #3 0x7ffff6c1f082 in \_\_libc\_start\_main ../csu/libc-start.c:308
    #4 0x55555555bf4d in \_start (/test2/jbig2enc/src/jbig2+0x7f4d)

0x603000015470 is located 16 bytes inside of 24-byte region \[0x603000015460,0x603000015478)
freed by thread T0 here:
    #0 0x7ffff769251f in operator delete(void\*) ../../../../src/libsanitizer/asan/asan\_new\_delete.cc:165
    #1 0x55555557a4f5 in \_\_gnu\_cxx::new\_allocator<std::\_List\_node<int> >::deallocate(std::\_List\_node<int>\*, unsigned long) (/test2/jbig2enc/src/jbig2+0x264f5)
    #2 0x5555555778f3 in std::allocator\_traits<std::allocator<std::\_List\_node<int> > >::deallocate(std::allocator<std::\_List\_node<int> >&, std::\_List\_node<int>\*, unsigned long) (/test2/jbig2enc/src/jbig2+0x238f3)
    #3 0x555555571fc7 in std::\_\_cxx11::\_List\_base<int, std::allocator<int> >::\_M\_put\_node(std::\_List\_node<int>\*) (/test2/jbig2enc/src/jbig2+0x1dfc7)
    #4 0x55555556e28e in std::\_\_cxx11::list<int, std::allocator<int> >::\_M\_erase(std::\_List\_iterator<int>) (/test2/jbig2enc/src/jbig2+0x1a28e)
    #5 0x55555556c1f4 in std::\_\_cxx11::list<int, std::allocator<int> >::pop\_back() (/test2/jbig2enc/src/jbig2+0x181f4)
    #6 0x555555560ba2 in remove\_templates /test2/jbig2enc/src/jbig2enc.cc:251
    #7 0x555555562efd in jbig2enc\_auto\_threshold\_using\_hash(jbig2ctx\*) /test2/jbig2enc/src/jbig2enc.cc:484
    #8 0x55555555f4f1 in main /test2/jbig2enc/src/jbig2.cc:492
    #9 0x7ffff6c1f082 in \_\_libc\_start\_main ../csu/libc-start.c:308

previously allocated by thread T0 here:
    #0 0x7ffff7691587 in operator new(unsigned long) ../../../../src/libsanitizer/asan/asan\_new\_delete.cc:104
    #1 0x55555557b669 in \_\_gnu\_cxx::new\_allocator<std::\_List\_node<int> >::allocate(unsigned long, void const\*) (/test2/jbig2enc/src/jbig2+0x27669)
    #2 0x55555557a524 in std::allocator\_traits<std::allocator<std::\_List\_node<int> > >::allocate(std::allocator<std::\_List\_node<int> >&, unsigned long) (/test2/jbig2enc/src/jbig2+0x26524)
    #3 0x555555577918 in std::\_\_cxx11::\_List\_base<int, std::allocator<int> >::\_M\_get\_node() (/test2/jbig2enc/src/jbig2+0x23918)
    #4 0x55555557236d in std::\_List\_node<int>\* std::\_\_cxx11::list<int, std::allocator<int> >::\_M\_create\_node<int const&>(int const&) (/test2/jbig2enc/src/jbig2+0x1e36d)
    #5 0x55555556e99f in void std::\_\_cxx11::list<int, std::allocator<int> >::\_M\_insert<int const&>(std::\_List\_iterator<int>, int const&) (/test2/jbig2enc/src/jbig2+0x1a99f)
    #6 0x555555577cf2 in void std::\_\_cxx11::list<int, std::allocator<int> >::emplace\_back<int const&>(int const&) (/test2/jbig2enc/src/jbig2+0x23cf2)
    #7 0x5555555728f2 in void std::\_\_cxx11::list<int, std::allocator<int> >::\_M\_initialize\_dispatch<std::\_List\_const\_iterator<int> >(std::\_List\_const\_iterator<int>, std::\_List\_const\_iterator<int>, std::\_\_false\_type) (/test2/jbig2enc/src/jbig2+0x1e8f2)
    #8 0x55555556ebe7 in std::\_\_cxx11::list<int, std::allocator<int> >::list(std::\_\_cxx11::list<int, std::allocator<int> > const&) (/test2/jbig2enc/src/jbig2+0x1abe7)
    #9 0x55555556cbb6 in std::pair<unsigned int, std::\_\_cxx11::list<int, std::allocator<int> > >::pair<int&, std::\_\_cxx11::list<int, std::allocator<int> >&, true>(int&, std::\_\_cxx11::list<int, std::allocator<int> >&) (/test2/jbig2enc/src/jbig2+0x18bb6)
    #10 0x555555562cba in jbig2enc\_auto\_threshold\_using\_hash(jbig2ctx\*) /test2/jbig2enc/src/jbig2enc.cc:471
    #11 0x55555555f4f1 in main /test2/jbig2enc/src/jbig2.cc:492
    #12 0x7ffff6c1f082 in \_\_libc\_start\_main ../csu/libc-start.c:308

SUMMARY: AddressSanitizer: heap-use-after-free /test2/jbig2enc/src/jbig2enc.cc:248 in remove\_templates
Shadow bytes around the buggy address:
  0x0c067fffaa30: fa fa fd fd fd fa fa fa fd fd fd fa fa fa 00 00
  0x0c067fffaa40: 00 fa fa fa fd fd fd fa fa fa fd fd fd fa fa fa
  0x0c067fffaa50: fd fd fd fa fa fa 00 00 00 fa fa fa fd fd fd fa
  0x0c067fffaa60: fa fa fd fd fd fa fa fa fd fd fd fa fa fa 00 00
  0x0c067fffaa70: 00 fa fa fa fd fd fd fa fa fa fd fd fd fa fa fa
\=>0x0c067fffaa80: fd fd fd fa fa fa fd fd fd fa fa fa fd fd\[fd\]fa
  0x0c067fffaa90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c067fffaaa0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c067fffaab0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c067fffaac0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c067fffaad0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
\==1464517\==ABORTING

**Reproduction**

git clone https://github.com/agl/jbig2enc.git
cd jbig2enc
apt install libleptonica-dev
./autogen.sh
CFLAGS="\-fsanitize=address -fno-omit-frame-pointer -g" CXXFLAGS=" -fsanitize=address -fno-omit-frame-pointer -g" ./configure --disable-shared
make -j24

./src/jbig2 -s -a -p Poc1jbig2enc

**PoC**

Poc1jbig2enc: https://github.com/Frank-Z7/z-vulnerabilitys/blob/main/Poc1jbig2enc

**Version**

root@38ad1e4b9d16:/test2/jbig2enc# ./src/jbig2 --version
jbig2enc 0.28

**Reference**

https://github.com/agl/jbig2enc

**Environment**

    ubuntu:20.04
    gcc version 9.4.0 (Ubuntu 9.4.0-1ubuntu1~20.04.2)
    clang version 10.0.0-4ubuntu1
    afl-cc++4.09
    

**Credit**

Zeng Yunxiang

CVE-2023-46362: heap-use-after-free in jbig2enc via jbig2enc_auto_threshold_using_hash in src/jbig2enc.cc.  · Issue #84 · agl/jbig2enc

In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the buffer was identified.  Reported by Jason Geffner.  


**Trending at Perforce**

**Explore Our Products**

**

Enterprises Who Choose Perforce Solutions...

**

Background Image

Achieve ROI within a year.

Background Image

Achieve compliance certifications in record time.

Background Image

Go from three days to 35 minutes for testing.

Background Image

Gain a competitive edge.

Background Image

Avoid security breaches.

Background Image

Innovate and deploy without risk.

Background Image

Save 1,000s of development hours.

Background Image

Accelerate time-to-market regardless of size or complexity.

CUSTOMER REVIEWS

"It is really fast when comes to dealing with data and code. GUI is really simple and easy to use."

"Continues to deliver business value for our organization and delivers on ROI."

"Getting the strategy off the ground, Akana was the perfect partner."

**Over 75% of Fortune 100 Companies Use Perforce**

**

Solutions For Your Industry

**

**Game Development**

**Embedded Systems**

**Automotive**

**Healthcare**

**Government**

**Film & Animation**

**Semiconductor**

**Medical Devices**

**Financial Services**

**Software & Technology**

Solutions For Your Industry

**

Game Development

**

Game development software from Perforce helps you ship better games, fast. Learn how Perforce can accelerate workflows and help you conquer deadlines with version control + project management software.

Game Development

Game development software from Perforce helps you ship better games, fast. Learn how Perforce can accelerate workflows and help you conquer deadlines with version control + project management software.

**

Embedded Systems

**

Embedded developers working on software and hardware trust Perforce solutions to manage everything. This includes 9 of the top 10 semiconductor companies and 8 of the top 10 automotive companies.

Embedded Systems

Embedded developers working on software and hardware trust Perforce solutions to manage everything. This includes 9 of the top 10 semiconductor companies and 8 of the top 10 automotive companies.

**

Automotive

**

For every phase of development. Fit for OEMs and suppliers alike. Developing safe, secure, and reliable automotive software and hardware is difficult. But using the right development tools makes it easy.

Automotive

For every phase of development. Fit for OEMs and suppliers alike. Developing safe, secure, and reliable automotive software and hardware is difficult. But using the right development tools makes it easy.

**

Healthcare

**

Healthcare organizations face the daunting task of maintaining profitability while complying with regulatory mandates such as HIPAA, ICD-10, Meaningful Use Stage 1 and 2, and more.

Healthcare

Healthcare organizations face the daunting task of maintaining profitability while complying with regulatory mandates such as HIPAA, ICD-10, Meaningful Use Stage 1 and 2, and more.

**

Government

**

Many government organizations rely on Perforce for their diverse software development needs. Perforce provides highly secure solutions with complete traceability to help you mitigate risk.

Government

Many government organizations rely on Perforce for their diverse software development needs. Perforce provides highly secure solutions with complete traceability to help you mitigate risk.

**

Film & Animation

**

Computer graphics — which were once exclusively postproduction — are now being combined with onset footage in real time. With crews spread out, filmmakers need to harness a combination of software tools to build something new.

Film & Animation

Computer graphics — which were once exclusively postproduction — are now being combined with onset footage in real time. With crews spread out, filmmakers need to harness a combination of software tools to build something new.

**

Semiconductor

**

The complexity of system on chip (SoC) designs is outpacing the capabilities of engineering. That’s because of two trends:

1.  Increasing design complexity gives rise to increasing data size.
2.  Unforgiving market windows.

Semiconductor

The complexity of system on chip (SoC) designs is outpacing the capabilities of engineering. That’s because of two trends:

1.  Increasing design complexity gives rise to increasing data size.
2.  Unforgiving market windows.

**

Medical Devices

**

There are endless challenges in the medical device industry. The quality of software embedded in medical devices can mean the difference between life and death. And there is increasing scrutiny for both safety and security in devices.

Medical Devices

There are endless challenges in the medical device industry. The quality of software embedded in medical devices can mean the difference between life and death. And there is increasing scrutiny for both safety and security in devices.

**

Financial Services

**

Financial services firms need to comply with strict regulatory mandates. They also need to be profitable. And keep up with consumer expectations. And stay ahead of increasingly tech-savvy competitors.

Financial Services

Financial services firms need to comply with strict regulatory mandates. They also need to be profitable. And keep up with consumer expectations. And stay ahead of increasingly tech-savvy competitors.

**

Software & Technology

**

Enterprises face complex software development challenges today. You need to innovate to accelerate growth. Quality must be high to meet customer expectations. And you must deliver your product to market fast to beat the competition.

Software & Technology

Enterprises face complex software development challenges today. You need to innovate to accelerate growth. Quality must be high to meet customer expectations. And you must deliver your product to market fast to beat the competition.

Solutions For Your Industry

**

Game Development

**

Game development software from Perforce helps you ship better games, fast. Learn how Perforce can accelerate workflows and help you conquer deadlines with version control + project management software.

Game Development

Game development software from Perforce helps you ship better games, fast. Learn how Perforce can accelerate workflows and help you conquer deadlines with version control + project management software.

**

Embedded Systems

**

Embedded developers working on software and hardware trust Perforce solutions to manage everything. This includes 9 of the top 10 semiconductor companies and 8 of the top 10 automotive companies.

Embedded Systems

Embedded developers working on software and hardware trust Perforce solutions to manage everything. This includes 9 of the top 10 semiconductor companies and 8 of the top 10 automotive companies.

**

Automotive

**

For every phase of development. Fit for OEMs and suppliers alike. Developing safe, secure, and reliable automotive software and hardware is difficult. But using the right development tools makes it easy.

Automotive

For every phase of development. Fit for OEMs and suppliers alike. Developing safe, secure, and reliable automotive software and hardware is difficult. But using the right development tools makes it easy.

**

Healthcare

**

Healthcare organizations face the daunting task of maintaining profitability while complying with regulatory mandates such as HIPAA, ICD-10, Meaningful Use Stage 1 and 2, and more.

Healthcare

Healthcare organizations face the daunting task of maintaining profitability while complying with regulatory mandates such as HIPAA, ICD-10, Meaningful Use Stage 1 and 2, and more.

**

Government

**

Many government organizations rely on Perforce for their diverse software development needs. Perforce provides highly secure solutions with complete traceability to help you mitigate risk.

Government

Many government organizations rely on Perforce for their diverse software development needs. Perforce provides highly secure solutions with complete traceability to help you mitigate risk.

**

Film & Animation

**

Computer graphics — which were once exclusively postproduction — are now being combined with onset footage in real time. With crews spread out, filmmakers need to harness a combination of software tools to build something new.

Film & Animation

Computer graphics — which were once exclusively postproduction — are now being combined with onset footage in real time. With crews spread out, filmmakers need to harness a combination of software tools to build something new.

**

Semiconductor

**

The complexity of system on chip (SoC) designs is outpacing the capabilities of engineering. That’s because of two trends:

1.  Increasing design complexity gives rise to increasing data size.
2.  Unforgiving market windows.

Semiconductor

The complexity of system on chip (SoC) designs is outpacing the capabilities of engineering. That’s because of two trends:

1.  Increasing design complexity gives rise to increasing data size.
2.  Unforgiving market windows.

**

Medical Devices

**

There are endless challenges in the medical device industry. The quality of software embedded in medical devices can mean the difference between life and death. And there is increasing scrutiny for both safety and security in devices.

Medical Devices

There are endless challenges in the medical device industry. The quality of software embedded in medical devices can mean the difference between life and death. And there is increasing scrutiny for both safety and security in devices.

**

Financial Services

**

Financial services firms need to comply with strict regulatory mandates. They also need to be profitable. And keep up with consumer expectations. And stay ahead of increasingly tech-savvy competitors.

Financial Services

Financial services firms need to comply with strict regulatory mandates. They also need to be profitable. And keep up with consumer expectations. And stay ahead of increasingly tech-savvy competitors.

**

Software & Technology

**

Enterprises face complex software development challenges today. You need to innovate to accelerate growth. Quality must be high to meet customer expectations. And you must deliver your product to market fast to beat the competition.

Software & Technology

Enterprises face complex software development challenges today. You need to innovate to accelerate growth. Quality must be high to meet customer expectations. And you must deliver your product to market fast to beat the competition.

“I don’t know how we could do the kind of designs and the innovation we do without Perforce. Perforce has been critical to our success.”

Doug Quist

Director of IT and Engineering

“Device management was a huge benefit of the solution. We want to test on the actual devices customers are using. We are simply unwilling to put customers at risk.”

Sharon Chamberlain

Test Automation Manager

"Perforce has been key to us achieving DevOps."

Way Christiansen

Senior Staff Engineer

**When Failure Is Not an Option, You Need the Power of Perforce**

Perforce Software delivers solutions across DevOps designed to help you increase your competitive advantage by addressing quality, security, compliance, collaboration, and speed — across the technology lifecycle.Contact us to learn more about how our solutions can help you accelerate digital transformation, innovate at scale, and achieve DevOps success.

CONTACT USVIEW ALL PRODUCTS

**Sharpen Your Skills, Accelerate Your Teams**

Join upcoming events and webinars with industry-leading experts on how to conquer challenges and drive innovation.

November 10-11, 2023

**ICCAD 2023**

ICCAD 2023

Trade Show

November 12-17, 2023

**SC23**

The international conference for high performance computing, networking, storage, and analysis.

Trade Show

December 4-8, 2023

**Embedded Software Engineering Kongress 2023**

ESE Kongress is Germany’s leading congress for the embedded software industry. Every December, about 1,200 professionals get together to catch up on current technologies and methods, to discuss trends and to set the course for the future.

On the Road

**Award-Winning Innovation: That’s the Power of Perforce**

**SD Times Top 100, Best in Show: Development Tools**

Perforce Software, 2020

**EY Entrepreneur of the Year Heartland Award Winner**

CEO Mark Ties, 2020

**North American Software Testing & QE Awards Finalist**

Perfecto, 2020

**CEDEC Award for Engineering Winner**

Helix Core, 2019

**Get the Power of Perforce Today**

Learn more about how our solutions will help you innovate at scale, achieve higher quality, strengthen security, and accelerate velocity.

**Free Trials**

Get started with a free trial of one of our solutions.

**About Perforce**

Learn more about Perforce solutions for DevOps at scale.

Tag

#dos