gitimages.expertflow.com/cim/conversation-controller:4.1 (debian 11.4) ====================================================================== Total: 2768 (UNKNOWN: 9, LOW: 836, MEDIUM: 1144, HIGH: 729, CRITICAL: 50) +------------------------------+---------------------+----------+-------------------------+------------------------------+--------------------------------------------------------------------+ | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | +------------------------------+---------------------+----------+-------------------------+------------------------------+--------------------------------------------------------------------+ | apt | CVE-2011-3374 | LOW | 2.2.4 | | It was found that apt-key in apt, | | | | | | | all versions, do not correctly... | | | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | +------------------------------+---------------------+----------+-------------------------+------------------------------+--------------------------------------------------------------------+ | bash | CVE-2022-3715 | HIGH | 5.1-2+deb11u1 | | bash: a heap-buffer-overflow | | | | | | | in valid_parameter_transform | | | | | | | -->avd.aquasec.com/nvd/cve-2022-3715 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | TEMP-0841856-B18BAF | LOW | | | [Privilege escalation possible to other user than root] | | | | | | | -->security-tracker.debian.org/tracker/TEMP-0841856-B18BAF | +------------------------------+---------------------+ +-------------------------+------------------------------+--------------------------------------------------------------------+ | binutils | CVE-2017-13716 | | 2.35.2-2 | | binutils: Memory leak with the C++ | | | | | | | symbol demangler routine in libiberty | | | | | | | -->avd.aquasec.com/nvd/cve-2017-13716 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2018-18483 | | | | binutils: Integer overflow | | | | | | | in cplus-dem.c:get_count() | | | | | | | allows for denial of service | | | | | | | -->avd.aquasec.com/nvd/cve-2018-18483 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2018-20673 | | | | libiberty: Integer overflow in | | | | | | | demangle_template() function | | | | | | | -->avd.aquasec.com/nvd/cve-2018-20673 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2018-20712 | | | | libiberty: heap-based buffer | | | | | | | over-read in d_expression_1 | | | | | | | -->avd.aquasec.com/nvd/cve-2018-20712 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2018-9996 | | | | binutils: Stack-overflow in | | | | | | | libiberty/cplus-dem.c causes crash | | | | | | | -->avd.aquasec.com/nvd/cve-2018-9996 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2019-1010204 | | | | binutils: Improper Input Validation, | | | | | | | Signed/Unsigned Comparison, | | | | | | | Out-of-bounds Read in gold/fileread.cc | | | | | | | and elfcpp/elfcpp_file.h... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1010204 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2020-19726 | | | | binutils: heap-based buffer overflow | | | | | | | in bfd_getl32() in bfd/libbfd.c | | | | | | | -->avd.aquasec.com/nvd/cve-2020-19726 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2020-35448 | | | | binutils: Heap-based buffer overflow | | | | | | | in bfd_getl_signed_32() in libbfd.c | | | | | | | because sh_entsize is not... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-35448 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-20197 | | | | binutils: Race window allows | | | | | | | users to own arbitrary files | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20197 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-20284 | | | | binutils: Heap-based | | | | | | | buffer overflow in | | | | | | | _bfd_elf_slurp_secondary_reloc_section | | | | | | | in elf.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20284 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-32256 | | | | binutils: stack-overflow issue in | | | | | | | demangle_type in rust-demangle.c. | | | | | | | -->avd.aquasec.com/nvd/cve-2021-32256 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-3530 | | | | binutils: stack memory exhaustion in | | | | | | | demangle_path() in rust-demangle.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3530 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-3549 | | | | binutils: heap-based | | | | | | | buffer overflow in | | | | | | | avr_elf32_load_records_from_section() | | | | | | | via large section parameter | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3549 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-3826 | | | | libiberty: Heap/stack buffer | | | | | | | overflow in the dlang_lname | | | | | | | function in d-demangle.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3826 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-45078 | | | | binutils: out-of-bounds write in | | | | | | | stab_xcoff_builtin_type() in stabs.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-45078 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-46174 | | | | binutils: heap-based buffer | | | | | | | overflow in bfd_getl32() | | | | | | | in libbfd.c via objdump | | | | | | | -->avd.aquasec.com/nvd/cve-2021-46174 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-46195 | | | | gcc: uncontrolled recursion | | | | | | | in libiberty/rust-demangle.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-46195 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-35205 | | | | binutils: reachable assertion in | | | | | | | display_debug_names() in dwarf.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-35205 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-35206 | | | | binutils: NULL pointer dereference | | | | | | | in read_and_display_attr_value() | | | | | | | in dwarf.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-35206 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-38533 | | | | binutils: heap-based buffer overflow | | | | | | | in bfd_getl32() when called by | | | | | | | strip_main() in objcopy.c... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-38533 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-4285 | | | | binutils: NULL | | | | | | | pointer dereference in | | | | | | | _bfd_elf_get_symbol_version_string | | | | | | | leads to segfault | | | | | | | -->avd.aquasec.com/nvd/cve-2022-4285 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-44840 | | | | binutils: heap-based buffer overflow | | | | | | | in find_section_in_set() in readelf.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-44840 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-45703 | | | | binutils: heap-based | | | | | | | buffer overflow in | | | | | | | display_debug_section() in readelf.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-45703 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-47007 | | | | binutils: memory leak in | | | | | | | stab_demangle_v3_arg() in stabs.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-47007 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-47008 | | | | binutils: memory leak | | | | | | | in make_tempdir() and | | | | | | | make_tempname() in bucomm.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-47008 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-47010 | | | | binutils: memory leak in | | | | | | | pr_function_type() in prdbg.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-47010 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-47011 | | | | binutils: memory leak in | | | | | | | parse_stab_struct_fields() in stabs.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-47011 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-47673 | | | | binutils: out-of-bounds | | | | | | | read in parse_module() in | | | | | | | bfd/vms-alpha.c via addr2line | | | | | | | -->avd.aquasec.com/nvd/cve-2022-47673 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-47695 | | | | binutils: uninitialized field in | | | | | | | bfd_mach_o_get_synthetic_symtab() | | | | | | | in match-o.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-47695 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-47696 | | | | binutils: segmentation fault in | | | | | | | compare_symbols() in objdump.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-47696 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-48063 | | | | binutils: excessive | | | | | | | memory consumption in | | | | | | | load_separate_debug_files() | | | | | | | in dwarf.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-48063 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-48064 | | | | binutils: excessive | | | | | | | memory consumption in | | | | | | | _bfd_dwarf2_find_nearest_line_with_alt() | | | | | | | in dwarf2.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-48064 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-48065 | | | | binutils: memory leak in | | | | | | | find_abstract_instance() in dwarf2.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-48065 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-1579 | | | | binutils: Heap-buffer-overflow | | | | | | | binutils-gdb/bfd/libbfd.c | | | | | | | in bfd_getl64 | | | | | | | -->avd.aquasec.com/nvd/cve-2023-1579 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-1972 | | | | binutils: Illegal memory access when | | | | | | | accessing a zer0-lengthverdef table | | | | | | | -->avd.aquasec.com/nvd/cve-2023-1972 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-25584 | | | | binutils: Out of bounds | | | | | | | read in parse_module | | | | | | | function in bfd/vms-alpha.c | | | | | | | -->avd.aquasec.com/nvd/cve-2023-25584 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-25585 | | | | binutils: Field `file_table` | | | | | | | of `struct module | | | | | | | *module` is uninitialized | | | | | | | -->avd.aquasec.com/nvd/cve-2023-25585 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-25586 | | | | binutils: Local variable | | | | | | | `ch_type` in function | | | | | | | `bfd_init_section_decompress_status` | | | | | | | can be uninitialized | | | | | | | -->avd.aquasec.com/nvd/cve-2023-25586 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-25588 | | | | binutils: Field | | | | | | | `the_bfd` of `asymbol` is | | | | | | | uninitialized in function | | | | | | | `bfd_mach_o_get_synthetic_symtab` | | | | | | | -->avd.aquasec.com/nvd/cve-2023-25588 | +------------------------------+---------------------+ + +------------------------------+--------------------------------------------------------------------+ | binutils-common | CVE-2017-13716 | | | | binutils: Memory leak with the C++ | | | | | | | symbol demangler routine in libiberty | | | | | | | -->avd.aquasec.com/nvd/cve-2017-13716 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2018-18483 | | | | binutils: Integer overflow | | | | | | | in cplus-dem.c:get_count() | | | | | | | allows for denial of service | | | | | | | -->avd.aquasec.com/nvd/cve-2018-18483 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2018-20673 | | | | libiberty: Integer overflow in | | | | | | | demangle_template() function | | | | | | | -->avd.aquasec.com/nvd/cve-2018-20673 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2018-20712 | | | | libiberty: heap-based buffer | | | | | | | over-read in d_expression_1 | | | | | | | -->avd.aquasec.com/nvd/cve-2018-20712 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2018-9996 | | | | binutils: Stack-overflow in | | | | | | | libiberty/cplus-dem.c causes crash | | | | | | | -->avd.aquasec.com/nvd/cve-2018-9996 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2019-1010204 | | | | binutils: Improper Input Validation, | | | | | | | Signed/Unsigned Comparison, | | | | | | | Out-of-bounds Read in gold/fileread.cc | | | | | | | and elfcpp/elfcpp_file.h... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1010204 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2020-19726 | | | | binutils: heap-based buffer overflow | | | | | | | in bfd_getl32() in bfd/libbfd.c | | | | | | | -->avd.aquasec.com/nvd/cve-2020-19726 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2020-35448 | | | | binutils: Heap-based buffer overflow | | | | | | | in bfd_getl_signed_32() in libbfd.c | | | | | | | because sh_entsize is not... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-35448 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-20197 | | | | binutils: Race window allows | | | | | | | users to own arbitrary files | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20197 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-20284 | | | | binutils: Heap-based | | | | | | | buffer overflow in | | | | | | | _bfd_elf_slurp_secondary_reloc_section | | | | | | | in elf.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20284 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-32256 | | | | binutils: stack-overflow issue in | | | | | | | demangle_type in rust-demangle.c. | | | | | | | -->avd.aquasec.com/nvd/cve-2021-32256 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-3530 | | | | binutils: stack memory exhaustion in | | | | | | | demangle_path() in rust-demangle.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3530 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-3549 | | | | binutils: heap-based | | | | | | | buffer overflow in | | | | | | | avr_elf32_load_records_from_section() | | | | | | | via large section parameter | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3549 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-3826 | | | | libiberty: Heap/stack buffer | | | | | | | overflow in the dlang_lname | | | | | | | function in d-demangle.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3826 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-45078 | | | | binutils: out-of-bounds write in | | | | | | | stab_xcoff_builtin_type() in stabs.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-45078 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-46174 | | | | binutils: heap-based buffer | | | | | | | overflow in bfd_getl32() | | | | | | | in libbfd.c via objdump | | | | | | | -->avd.aquasec.com/nvd/cve-2021-46174 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-46195 | | | | gcc: uncontrolled recursion | | | | | | | in libiberty/rust-demangle.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-46195 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-35205 | | | | binutils: reachable assertion in | | | | | | | display_debug_names() in dwarf.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-35205 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-35206 | | | | binutils: NULL pointer dereference | | | | | | | in read_and_display_attr_value() | | | | | | | in dwarf.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-35206 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-38533 | | | | binutils: heap-based buffer overflow | | | | | | | in bfd_getl32() when called by | | | | | | | strip_main() in objcopy.c... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-38533 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-4285 | | | | binutils: NULL | | | | | | | pointer dereference in | | | | | | | _bfd_elf_get_symbol_version_string | | | | | | | leads to segfault | | | | | | | -->avd.aquasec.com/nvd/cve-2022-4285 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-44840 | | | | binutils: heap-based buffer overflow | | | | | | | in find_section_in_set() in readelf.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-44840 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-45703 | | | | binutils: heap-based | | | | | | | buffer overflow in | | | | | | | display_debug_section() in readelf.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-45703 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-47007 | | | | binutils: memory leak in | | | | | | | stab_demangle_v3_arg() in stabs.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-47007 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-47008 | | | | binutils: memory leak | | | | | | | in make_tempdir() and | | | | | | | make_tempname() in bucomm.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-47008 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-47010 | | | | binutils: memory leak in | | | | | | | pr_function_type() in prdbg.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-47010 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-47011 | | | | binutils: memory leak in | | | | | | | parse_stab_struct_fields() in stabs.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-47011 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-47673 | | | | binutils: out-of-bounds | | | | | | | read in parse_module() in | | | | | | | bfd/vms-alpha.c via addr2line | | | | | | | -->avd.aquasec.com/nvd/cve-2022-47673 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-47695 | | | | binutils: uninitialized field in | | | | | | | bfd_mach_o_get_synthetic_symtab() | | | | | | | in match-o.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-47695 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-47696 | | | | binutils: segmentation fault in | | | | | | | compare_symbols() in objdump.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-47696 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-48063 | | | | binutils: excessive | | | | | | | memory consumption in | | | | | | | load_separate_debug_files() | | | | | | | in dwarf.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-48063 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-48064 | | | | binutils: excessive | | | | | | | memory consumption in | | | | | | | _bfd_dwarf2_find_nearest_line_with_alt() | | | | | | | in dwarf2.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-48064 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-48065 | | | | binutils: memory leak in | | | | | | | find_abstract_instance() in dwarf2.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-48065 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-1579 | | | | binutils: Heap-buffer-overflow | | | | | | | binutils-gdb/bfd/libbfd.c | | | | | | | in bfd_getl64 | | | | | | | -->avd.aquasec.com/nvd/cve-2023-1579 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-1972 | | | | binutils: Illegal memory access when | | | | | | | accessing a zer0-lengthverdef table | | | | | | | -->avd.aquasec.com/nvd/cve-2023-1972 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-25584 | | | | binutils: Out of bounds | | | | | | | read in parse_module | | | | | | | function in bfd/vms-alpha.c | | | | | | | -->avd.aquasec.com/nvd/cve-2023-25584 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-25585 | | | | binutils: Field `file_table` | | | | | | | of `struct module | | | | | | | *module` is uninitialized | | | | | | | -->avd.aquasec.com/nvd/cve-2023-25585 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-25586 | | | | binutils: Local variable | | | | | | | `ch_type` in function | | | | | | | `bfd_init_section_decompress_status` | | | | | | | can be uninitialized | | | | | | | -->avd.aquasec.com/nvd/cve-2023-25586 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-25588 | | | | binutils: Field | | | | | | | `the_bfd` of `asymbol` is | | | | | | | uninitialized in function | | | | | | | `bfd_mach_o_get_synthetic_symtab` | | | | | | | -->avd.aquasec.com/nvd/cve-2023-25588 | +------------------------------+---------------------+ + +------------------------------+--------------------------------------------------------------------+ | binutils-x86-64-linux-gnu | CVE-2017-13716 | | | | binutils: Memory leak with the C++ | | | | | | | symbol demangler routine in libiberty | | | | | | | -->avd.aquasec.com/nvd/cve-2017-13716 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2018-18483 | | | | binutils: Integer overflow | | | | | | | in cplus-dem.c:get_count() | | | | | | | allows for denial of service | | | | | | | -->avd.aquasec.com/nvd/cve-2018-18483 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2018-20673 | | | | libiberty: Integer overflow in | | | | | | | demangle_template() function | | | | | | | -->avd.aquasec.com/nvd/cve-2018-20673 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2018-20712 | | | | libiberty: heap-based buffer | | | | | | | over-read in d_expression_1 | | | | | | | -->avd.aquasec.com/nvd/cve-2018-20712 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2018-9996 | | | | binutils: Stack-overflow in | | | | | | | libiberty/cplus-dem.c causes crash | | | | | | | -->avd.aquasec.com/nvd/cve-2018-9996 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2019-1010204 | | | | binutils: Improper Input Validation, | | | | | | | Signed/Unsigned Comparison, | | | | | | | Out-of-bounds Read in gold/fileread.cc | | | | | | | and elfcpp/elfcpp_file.h... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1010204 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2020-19726 | | | | binutils: heap-based buffer overflow | | | | | | | in bfd_getl32() in bfd/libbfd.c | | | | | | | -->avd.aquasec.com/nvd/cve-2020-19726 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2020-35448 | | | | binutils: Heap-based buffer overflow | | | | | | | in bfd_getl_signed_32() in libbfd.c | | | | | | | because sh_entsize is not... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-35448 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-20197 | | | | binutils: Race window allows | | | | | | | users to own arbitrary files | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20197 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-20284 | | | | binutils: Heap-based | | | | | | | buffer overflow in | | | | | | | _bfd_elf_slurp_secondary_reloc_section | | | | | | | in elf.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20284 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-32256 | | | | binutils: stack-overflow issue in | | | | | | | demangle_type in rust-demangle.c. | | | | | | | -->avd.aquasec.com/nvd/cve-2021-32256 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-3530 | | | | binutils: stack memory exhaustion in | | | | | | | demangle_path() in rust-demangle.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3530 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-3549 | | | | binutils: heap-based | | | | | | | buffer overflow in | | | | | | | avr_elf32_load_records_from_section() | | | | | | | via large section parameter | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3549 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-3826 | | | | libiberty: Heap/stack buffer | | | | | | | overflow in the dlang_lname | | | | | | | function in d-demangle.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3826 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-45078 | | | | binutils: out-of-bounds write in | | | | | | | stab_xcoff_builtin_type() in stabs.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-45078 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-46174 | | | | binutils: heap-based buffer | | | | | | | overflow in bfd_getl32() | | | | | | | in libbfd.c via objdump | | | | | | | -->avd.aquasec.com/nvd/cve-2021-46174 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-46195 | | | | gcc: uncontrolled recursion | | | | | | | in libiberty/rust-demangle.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-46195 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-35205 | | | | binutils: reachable assertion in | | | | | | | display_debug_names() in dwarf.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-35205 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-35206 | | | | binutils: NULL pointer dereference | | | | | | | in read_and_display_attr_value() | | | | | | | in dwarf.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-35206 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-38533 | | | | binutils: heap-based buffer overflow | | | | | | | in bfd_getl32() when called by | | | | | | | strip_main() in objcopy.c... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-38533 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-4285 | | | | binutils: NULL | | | | | | | pointer dereference in | | | | | | | _bfd_elf_get_symbol_version_string | | | | | | | leads to segfault | | | | | | | -->avd.aquasec.com/nvd/cve-2022-4285 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-44840 | | | | binutils: heap-based buffer overflow | | | | | | | in find_section_in_set() in readelf.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-44840 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-45703 | | | | binutils: heap-based | | | | | | | buffer overflow in | | | | | | | display_debug_section() in readelf.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-45703 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-47007 | | | | binutils: memory leak in | | | | | | | stab_demangle_v3_arg() in stabs.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-47007 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-47008 | | | | binutils: memory leak | | | | | | | in make_tempdir() and | | | | | | | make_tempname() in bucomm.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-47008 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-47010 | | | | binutils: memory leak in | | | | | | | pr_function_type() in prdbg.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-47010 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-47011 | | | | binutils: memory leak in | | | | | | | parse_stab_struct_fields() in stabs.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-47011 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-47673 | | | | binutils: out-of-bounds | | | | | | | read in parse_module() in | | | | | | | bfd/vms-alpha.c via addr2line | | | | | | | -->avd.aquasec.com/nvd/cve-2022-47673 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-47695 | | | | binutils: uninitialized field in | | | | | | | bfd_mach_o_get_synthetic_symtab() | | | | | | | in match-o.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-47695 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-47696 | | | | binutils: segmentation fault in | | | | | | | compare_symbols() in objdump.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-47696 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-48063 | | | | binutils: excessive | | | | | | | memory consumption in | | | | | | | load_separate_debug_files() | | | | | | | in dwarf.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-48063 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-48064 | | | | binutils: excessive | | | | | | | memory consumption in | | | | | | | _bfd_dwarf2_find_nearest_line_with_alt() | | | | | | | in dwarf2.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-48064 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-48065 | | | | binutils: memory leak in | | | | | | | find_abstract_instance() in dwarf2.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-48065 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-1579 | | | | binutils: Heap-buffer-overflow | | | | | | | binutils-gdb/bfd/libbfd.c | | | | | | | in bfd_getl64 | | | | | | | -->avd.aquasec.com/nvd/cve-2023-1579 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-1972 | | | | binutils: Illegal memory access when | | | | | | | accessing a zer0-lengthverdef table | | | | | | | -->avd.aquasec.com/nvd/cve-2023-1972 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-25584 | | | | binutils: Out of bounds | | | | | | | read in parse_module | | | | | | | function in bfd/vms-alpha.c | | | | | | | -->avd.aquasec.com/nvd/cve-2023-25584 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-25585 | | | | binutils: Field `file_table` | | | | | | | of `struct module | | | | | | | *module` is uninitialized | | | | | | | -->avd.aquasec.com/nvd/cve-2023-25585 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-25586 | | | | binutils: Local variable | | | | | | | `ch_type` in function | | | | | | | `bfd_init_section_decompress_status` | | | | | | | can be uninitialized | | | | | | | -->avd.aquasec.com/nvd/cve-2023-25586 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-25588 | | | | binutils: Field | | | | | | | `the_bfd` of `asymbol` is | | | | | | | uninitialized in function | | | | | | | `bfd_mach_o_get_synthetic_symtab` | | | | | | | -->avd.aquasec.com/nvd/cve-2023-25588 | +------------------------------+---------------------+----------+-------------------------+------------------------------+--------------------------------------------------------------------+ | bsdutils | CVE-2024-28085 | HIGH | 2.36.1-8+deb11u1 | 2.36.1-8+deb11u2 | util-linux: CVE-2024-28085: | | | | | | | wall: escape sequence injection | | | | | | | -->avd.aquasec.com/nvd/cve-2024-28085 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-0563 | LOW | | | util-linux: partial disclosure | | | | | | | of arbitrary files in chfn | | | | | | | and chsh when compiled... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-0563 | +------------------------------+---------------------+----------+-------------------------+------------------------------+--------------------------------------------------------------------+ | comerr-dev | CVE-2022-1304 | HIGH | 1.46.2-2 | | e2fsprogs: out-of-bounds | | | | | | | read/write via crafted filesystem | | | | | | | -->avd.aquasec.com/nvd/cve-2022-1304 | +------------------------------+---------------------+----------+-------------------------+------------------------------+--------------------------------------------------------------------+ | coreutils | CVE-2016-2781 | LOW | 8.32-4 | | coreutils: Non-privileged | | | | | | | session can escape to the | | | | | | | parent session in chroot | | | | | | | -->avd.aquasec.com/nvd/cve-2016-2781 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2017-18018 | | | | coreutils: race condition | | | | | | | vulnerability in chown and chgrp | | | | | | | -->avd.aquasec.com/nvd/cve-2017-18018 | +------------------------------+---------------------+----------+-------------------------+------------------------------+--------------------------------------------------------------------+ | cpp-10 | CVE-2023-4039 | MEDIUM | 10.2.1-6 | | gcc: -fstack-protector | | | | | | | fails to guard dynamic | | | | | | | stack allocations on ARM64 | | | | | | | -->avd.aquasec.com/nvd/cve-2023-4039 | +------------------------------+---------------------+----------+-------------------------+------------------------------+--------------------------------------------------------------------+ | curl | CVE-2022-32221 | CRITICAL | 7.74.0-1.3+deb11u2 | 7.74.0-1.3+deb11u5 | curl: POST following PUT confusion | | | | | | | -->avd.aquasec.com/nvd/cve-2022-32221 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-23914 | | | | curl: HSTS ignored | | | | | | | on multiple requests | | | | | | | -->avd.aquasec.com/nvd/cve-2023-23914 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-38545 | | | 7.74.0-1.3+deb11u10 | curl: heap based buffer overflow | | | | | | | in the SOCKS5 proxy handshake | | | | | | | -->avd.aquasec.com/nvd/cve-2023-38545 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-42916 | HIGH | | | curl: HSTS bypass via IDN | | | | | | | -->avd.aquasec.com/nvd/cve-2022-42916 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-43551 | | | | curl: HSTS bypass via IDN | | | | | | | -->avd.aquasec.com/nvd/cve-2022-43551 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-27533 | | | 7.74.0-1.3+deb11u8 | curl: TELNET option IAC injection | | | | | | | -->avd.aquasec.com/nvd/cve-2023-27533 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-27534 | | | | curl: SFTP path ~ | | | | | | | resolving discrepancy | | | | | | | -->avd.aquasec.com/nvd/cve-2023-27534 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2024-2398 | | | | curl: HTTP/2 push | | | | | | | headers memory-leak | | | | | | | -->avd.aquasec.com/nvd/cve-2024-2398 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-43552 | MEDIUM | | 7.74.0-1.3+deb11u5 | curl: Use-after-free triggered | | | | | | | by an HTTP proxy deny response | | | | | | | -->avd.aquasec.com/nvd/cve-2022-43552 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-23915 | | | | curl: HSTS amnesia with --parallel | | | | | | | -->avd.aquasec.com/nvd/cve-2023-23915 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-23916 | | | 7.74.0-1.3+deb11u7 | curl: HTTP multi-header | | | | | | | compression denial of service | | | | | | | -->avd.aquasec.com/nvd/cve-2023-23916 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-27535 | | | 7.74.0-1.3+deb11u8 | curl: FTP too eager connection reuse | | | | | | | -->avd.aquasec.com/nvd/cve-2023-27535 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-27536 | | | | curl: GSS delegation too | | | | | | | eager connection re-use | | | | | | | -->avd.aquasec.com/nvd/cve-2023-27536 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-27538 | | | | curl: SSH connection | | | | | | | too eager reuse still | | | | | | | -->avd.aquasec.com/nvd/cve-2023-27538 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-28321 | | | 7.74.0-1.3+deb11u9 | curl: IDN wildcard match may lead | | | | | | | to Improper Cerificate Validation | | | | | | | -->avd.aquasec.com/nvd/cve-2023-28321 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-46218 | | | 7.74.0-1.3+deb11u11 | curl: information disclosure | | | | | | | by exploiting a mixed case flaw | | | | | | | -->avd.aquasec.com/nvd/cve-2023-46218 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-46219 | | | | curl: excessively long file name | | | | | | | may lead to unknown HSTS status | | | | | | | -->avd.aquasec.com/nvd/cve-2023-46219 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-22922 | LOW | | | curl: Content not matching hash | | | | | | | in Metalink is not being discarded | | | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-22923 | | | | curl: Metalink download | | | | | | | sends credentials | | | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-35252 | | | 7.74.0-1.3+deb11u3 | curl: Incorrect handling of | | | | | | | control code characters in cookies | | | | | | | -->avd.aquasec.com/nvd/cve-2022-35252 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-28320 | | | | curl: siglongjmp race | | | | | | | condition may lead to crash | | | | | | | -->avd.aquasec.com/nvd/cve-2023-28320 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-28322 | | | 7.74.0-1.3+deb11u9 | curl: more POST-after-PUT confusion | | | | | | | -->avd.aquasec.com/nvd/cve-2023-28322 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-38546 | | | 7.74.0-1.3+deb11u10 | curl: cookie injection with none file | | | | | | | -->avd.aquasec.com/nvd/cve-2023-38546 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2024-2379 | | | | curl: QUIC certificate | | | | | | | check bypass with wolfSSL | | | | | | | -->avd.aquasec.com/nvd/cve-2024-2379 | +------------------------------+---------------------+ +-------------------------+------------------------------+--------------------------------------------------------------------+ | dirmngr | CVE-2022-3219 | | 2.2.27-2+deb11u2 | | gnupg: denial of service | | | | | | | issue (resource consumption) | | | | | | | using compressed packets | | | | | | | -->avd.aquasec.com/nvd/cve-2022-3219 | +------------------------------+---------------------+----------+-------------------------+------------------------------+--------------------------------------------------------------------+ | e2fsprogs | CVE-2022-1304 | HIGH | 1.46.2-2 | | e2fsprogs: out-of-bounds | | | | | | | read/write via crafted filesystem | | | | | | | -->avd.aquasec.com/nvd/cve-2022-1304 | +------------------------------+---------------------+----------+-------------------------+------------------------------+--------------------------------------------------------------------+ | file | CVE-2022-48554 | MEDIUM | 1:5.39-3 | 1:5.39-3+deb11u1 | file: stack-based buffer over-read | | | | | | | in file_copystr in funcs.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-48554 | +------------------------------+---------------------+ +-------------------------+------------------------------+--------------------------------------------------------------------+ | g++-10 | CVE-2023-4039 | | 10.2.1-6 | | gcc: -fstack-protector | | | | | | | fails to guard dynamic | | | | | | | stack allocations on ARM64 | | | | | | | -->avd.aquasec.com/nvd/cve-2023-4039 | +------------------------------+ + + +------------------------------+ + | gcc-10 | | | | | | | | | | | | | | | | | | | | | | | | | | | +------------------------------+ + + +------------------------------+ + | gcc-10-base | | | | | | | | | | | | | | | | | | | | | | | | | | | +------------------------------+ + +-------------------------+------------------------------+ + | gcc-9-base | | | 9.3.0-22 | | | | | | | | | | | | | | | | | | | | | | | | +------------------------------+---------------------+----------+-------------------------+------------------------------+--------------------------------------------------------------------+ | gir1.2-gdkpixbuf-2.0 | CVE-2021-44648 | HIGH | 2.42.2+dfsg-1 | 2.42.2+dfsg-1+deb11u1 | gdk-pixbuf: heap-buffer overflow | | | | | | | when decoding the lzw compressed | | | | | | | stream of image data... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-44648 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-46829 | | | | gdk-pixbuf: heap-based buffer | | | | | | | overflow when compositing or | | | | | | | clearing frames in GIF files... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-46829 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-48622 | | | | gnome: heap memory | | | | | | | corruption on gdk-pixbuf | | | | | | | -->avd.aquasec.com/nvd/cve-2022-48622 | +------------------------------+---------------------+----------+-------------------------+------------------------------+--------------------------------------------------------------------+ | gir1.2-rsvg-2.0 | CVE-2023-38633 | MEDIUM | 2.50.3+dfsg-1 | 2.50.3+dfsg-1+deb11u1 | librsvg: Arbitrary file read when | | | | | | | xinclude href has special characters | | | | | | | -->avd.aquasec.com/nvd/cve-2023-38633 | +------------------------------+---------------------+----------+-------------------------+------------------------------+--------------------------------------------------------------------+ | git | CVE-2022-23521 | CRITICAL | 1:2.30.2-1 | 1:2.30.2-1+deb11u1 | git: gitattributes | | | | | | | parsing integer overflow | | | | | | | -->avd.aquasec.com/nvd/cve-2022-23521 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-41903 | | | | git: Heap overflow in `git archive`, | | | | | | | `git log --format` leading to RCE... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-41903 | + +---------------------+----------+ + +--------------------------------------------------------------------+ | | CVE-2022-24765 | HIGH | | | git: On multi-user machines | | | | | | | Git users might find | | | | | | | themselves unexpectedly in a... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-24765 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-29187 | | | | git: Bypass of | | | | | | | safe.directory protections | | | | | | | -->avd.aquasec.com/nvd/cve-2022-29187 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-39260 | | | | git: git shell function that | | | | | | | splits command arguments | | | | | | | can lead to arbitrary... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-39260 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-23946 | | | 1:2.30.2-1+deb11u2 | git: git apply: a path outside the | | | | | | | working tree can be overwritten... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-23946 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-25652 | | | | git: by feeding specially | | | | | | | crafted input to `git | | | | | | | apply --reject`, a path... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-25652 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-29007 | | | | git: arbitrary configuration | | | | | | | injection when renaming or | | | | | | | deleting a section from a... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-29007 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-39253 | MEDIUM | | 1:2.30.2-1+deb11u1 | git: exposure of sensitive | | | | | | | information to a malicious actor | | | | | | | -->avd.aquasec.com/nvd/cve-2022-39253 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-22490 | | | 1:2.30.2-1+deb11u2 | git: data exfiltration with | | | | | | | maliciously crafted repository | | | | | | | -->avd.aquasec.com/nvd/cve-2023-22490 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2018-1000021 | LOW | | | git: client prints server-sent | | | | | | | ANSI escape codes to the | | | | | | | terminal, allowing for... | | | | | | | -->avd.aquasec.com/nvd/cve-2018-1000021 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-24975 | | | | git: The --mirror option | | | | | | | for git leaks secret for | | | | | | | deleted content, aka... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-24975 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-25815 | | | | git: malicious placement of | | | | | | | crafted messages when git | | | | | | | was compiled with runtime... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-25815 | +------------------------------+---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | git-man | CVE-2022-23521 | CRITICAL | | 1:2.30.2-1+deb11u1 | git: gitattributes | | | | | | | parsing integer overflow | | | | | | | -->avd.aquasec.com/nvd/cve-2022-23521 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-41903 | | | | git: Heap overflow in `git archive`, | | | | | | | `git log --format` leading to RCE... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-41903 | + +---------------------+----------+ + +--------------------------------------------------------------------+ | | CVE-2022-24765 | HIGH | | | git: On multi-user machines | | | | | | | Git users might find | | | | | | | themselves unexpectedly in a... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-24765 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-29187 | | | | git: Bypass of | | | | | | | safe.directory protections | | | | | | | -->avd.aquasec.com/nvd/cve-2022-29187 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-39260 | | | | git: git shell function that | | | | | | | splits command arguments | | | | | | | can lead to arbitrary... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-39260 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-23946 | | | 1:2.30.2-1+deb11u2 | git: git apply: a path outside the | | | | | | | working tree can be overwritten... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-23946 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-25652 | | | | git: by feeding specially | | | | | | | crafted input to `git | | | | | | | apply --reject`, a path... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-25652 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-29007 | | | | git: arbitrary configuration | | | | | | | injection when renaming or | | | | | | | deleting a section from a... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-29007 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-39253 | MEDIUM | | 1:2.30.2-1+deb11u1 | git: exposure of sensitive | | | | | | | information to a malicious actor | | | | | | | -->avd.aquasec.com/nvd/cve-2022-39253 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-22490 | | | 1:2.30.2-1+deb11u2 | git: data exfiltration with | | | | | | | maliciously crafted repository | | | | | | | -->avd.aquasec.com/nvd/cve-2023-22490 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2018-1000021 | LOW | | | git: client prints server-sent | | | | | | | ANSI escape codes to the | | | | | | | terminal, allowing for... | | | | | | | -->avd.aquasec.com/nvd/cve-2018-1000021 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-24975 | | | | git: The --mirror option | | | | | | | for git leaks secret for | | | | | | | deleted content, aka... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-24975 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-25815 | | | | git: malicious placement of | | | | | | | crafted messages when git | | | | | | | was compiled with runtime... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-25815 | +------------------------------+---------------------+ +-------------------------+------------------------------+--------------------------------------------------------------------+ | gnupg | CVE-2022-3219 | | 2.2.27-2+deb11u2 | | gnupg: denial of service | | | | | | | issue (resource consumption) | | | | | | | using compressed packets | | | | | | | -->avd.aquasec.com/nvd/cve-2022-3219 | +------------------------------+ + + +------------------------------+ + | gnupg-l10n | | | | | | | | | | | | | | | | | | | | | | | | | | | +------------------------------+ + + +------------------------------+ + | gnupg-utils | | | | | | | | | | | | | | | | | | | | | | | | | | | +------------------------------+ + + +------------------------------+ + | gpg | | | | | | | | | | | | | | | | | | | | | | | | | | | +------------------------------+ + + +------------------------------+ + | gpg-agent | | | | | | | | | | | | | | | | | | | | | | | | | | | +------------------------------+ + + +------------------------------+ + | gpg-wks-client | | | | | | | | | | | | | | | | | | | | | | | | | | | +------------------------------+ + + +------------------------------+ + | gpg-wks-server | | | | | | | | | | | | | | | | | | | | | | | | | | | +------------------------------+ + + +------------------------------+ + | gpgconf | | | | | | | | | | | | | | | | | | | | | | | | | | | +------------------------------+ + + +------------------------------+ + | gpgsm | | | | | | | | | | | | | | | | | | | | | | | | | | | +------------------------------+ + + +------------------------------+ + | gpgv | | | | | | | | | | | | | | | | | | | | | | | | | | | +------------------------------+---------------------+----------+-------------------------+------------------------------+--------------------------------------------------------------------+ | imagemagick | CVE-2021-20309 | HIGH | 8:6.9.11.60+dfsg-1.3 | 8:6.9.11.60+dfsg-1.3+deb11u2 | ImagemMagick: Division | | | | | | | by zero in WaveImage() of | | | | | | | MagickCore/visual-effects.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20309 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-20312 | | | | ImageMagick: Integer overflow | | | | | | | in WriteTHUMBNAILImage | | | | | | | of coders/thumbnail.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20312 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-20313 | | | | ImageMagick: Cipher leak when | | | | | | | the calculating signatures | | | | | | | in TransformSignatureof | | | | | | | MagickCore/signature.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20313 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-3610 | | | 8:6.9.11.60+dfsg-1.3+deb11u3 | ImageMagick: heap-based | | | | | | | buffer overflow in | | | | | | | ReadTIFFImage() in coders/tiff.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3610 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-40211 | | | | ImageMagick: Division by zero | | | | | | | in ReadEnhMetaFile lead to DoS | | | | | | | -->avd.aquasec.com/nvd/cve-2021-40211 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-1114 | | | 8:6.9.11.60+dfsg-1.3+deb11u2 | ImageMagick: heap-use-after-free | | | | | | | in RelinquishDCMInfo of dcm.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-1114 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-28463 | | | | ImageMagick: heap-buffer-overflow in | | | | | | | PushLongPixel() of quantum-private.h | | | | | | | -->avd.aquasec.com/nvd/cve-2022-28463 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-32545 | | | | ImageMagick: outside the range | | | | | | | of representable values of | | | | | | | type 'unsigned char' at... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-32545 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-32546 | | | | ImageMagick: outside the range | | | | | | | of representable values of | | | | | | | type 'unsigned long' at... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-32546 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-32547 | | | | ImageMagick: load of misaligned | | | | | | | address at MagickCore/property.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-32547 | + +---------------------+----------+ + +--------------------------------------------------------------------+ | | CVE-2021-20241 | MEDIUM | | | ImageMagick: Division by zero in | | | | | | | WriteJP2Image() in coders/jp2.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20241 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-20243 | | | | ImageMagick: Division by | | | | | | | zero in GetResizeFilterWeight | | | | | | | in MagickCore/resize.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20243 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-20244 | | | | ImageMagick: Division by | | | | | | | zero in ImplodeImage in | | | | | | | MagickCore/visual-effects.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20244 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-20245 | | | | ImageMagick: Division by zero | | | | | | | in WriteAnimatedWEBPImage() | | | | | | | in coders/webp.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20245 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-20246 | | | | ImageMagick: Division by | | | | | | | zero in ScaleResampleFilter | | | | | | | in MagickCore/resample.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20246 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-4219 | | | | imagemagick: remote | | | | | | | DoS in MagicCore/draw.c | | | | | | | via crafted SVG file | | | | | | | -->avd.aquasec.com/nvd/cve-2021-4219 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-1115 | | | 8:6.9.11.60+dfsg-1.3+deb11u3 | ImageMagick: heap-buffer-overflow in | | | | | | | PushShortPixel of quantum-private.h | | | | | | | -->avd.aquasec.com/nvd/cve-2022-1115 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-3213 | | | | ImageMagick: heap buffer | | | | | | | overflow while processing | | | | | | | a malformed TIFF file | | | | | | | -->avd.aquasec.com/nvd/cve-2022-3213 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-44267 | | | 8:6.9.11.60+dfsg-1.3+deb11u1 | ImageMagick: Denial of Service | | | | | | | when it parses a PNG image | | | | | | | -->avd.aquasec.com/nvd/cve-2022-44267 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-44268 | | | | ImageMagick: vulnerable | | | | | | | to Information Disclosure | | | | | | | when it parses a PNG image | | | | | | | -->avd.aquasec.com/nvd/cve-2022-44268 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-1289 | | | 8:6.9.11.60+dfsg-1.3+deb11u3 | ImageMagick: Specially crafted | | | | | | | SVG leads to segmentation fault | | | | | | | and generate trash files... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-1289 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-1906 | | | | ImageMagick: heap-based | | | | | | | buffer overflow in | | | | | | | ImportMultiSpectralQuantum() | | | | | | | in MagickCore/quantum-import.c | | | | | | | -->avd.aquasec.com/nvd/cve-2023-1906 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-34151 | | | | ImageMagick: Undefined | | | | | | | behaviors of casting double | | | | | | | to size_t in svg, mvg and... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-34151 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-3428 | | | | ImageMagick: heap-buffer-overflow | | | | | | | in coders/tiff.c | | | | | | | -->avd.aquasec.com/nvd/cve-2023-3428 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-5341 | | | | ImageMagick: Heap | | | | | | | use-after-free in coders/bmp.c | | | | | | | -->avd.aquasec.com/nvd/cve-2023-5341 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2005-0406 | LOW | | | A design flaw in image | | | | | | | processing software that | | | | | | | modifies JPEG images m... | | | | | | | -->avd.aquasec.com/nvd/cve-2005-0406 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2008-3134 | | | | GraphicsMagick/ImageMagick: | | | | | | | multiple crash or DoS issues | | | | | | | -->avd.aquasec.com/nvd/cve-2008-3134 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2016-8678 | | | | ImageMagick: Heap-buffer | | | | | | | overflow in IsPixelMonochrome | | | | | | | -->avd.aquasec.com/nvd/cve-2016-8678 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2017-11754 | | | | ImageMagick: Memory leak | | | | | | | in WritePICONImage function | | | | | | | -->avd.aquasec.com/nvd/cve-2017-11754 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2017-11755 | | | | ImageMagick: Memory leak in | | | | | | | WritePICONImage function via | | | | | | | mishandled AcquireSemaphoreInfo call | | | | | | | -->avd.aquasec.com/nvd/cve-2017-11755 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2017-7275 | | | | ImageMagick: Memory allocation | | | | | | | failure in AcquireMagickMemory | | | | | | | (incomplete fix for CVE-2016-8866) | | | | | | | -->avd.aquasec.com/nvd/cve-2017-7275 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2018-15607 | | | | ImageMagick: CPU Exhaustion | | | | | | | via crafted input file | | | | | | | -->avd.aquasec.com/nvd/cve-2018-15607 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-20311 | | | | ImageMagick: Division by | | | | | | | zero in sRGBTransformImage() | | | | | | | in MagickCore/colorspace.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20311 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-3574 | | | 8:6.9.11.60+dfsg-1.3+deb11u2 | ImageMagick: memory leaks | | | | | | | with convert command | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3574 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-39212 | | | | ImageMagick: possible read | | | | | | | or write in postscript files | | | | | | | -->avd.aquasec.com/nvd/cve-2021-39212 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-34152 | | | | ImageMagick: RCE (shell command | | | | | | | injection) vulnerability in OpenBlob | | | | | | | with --enable-pipes configured | | | | | | | -->avd.aquasec.com/nvd/cve-2023-34152 | +------------------------------+---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | imagemagick-6-common | CVE-2021-20309 | HIGH | | 8:6.9.11.60+dfsg-1.3+deb11u2 | ImagemMagick: Division | | | | | | | by zero in WaveImage() of | | | | | | | MagickCore/visual-effects.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20309 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-20312 | | | | ImageMagick: Integer overflow | | | | | | | in WriteTHUMBNAILImage | | | | | | | of coders/thumbnail.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20312 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-20313 | | | | ImageMagick: Cipher leak when | | | | | | | the calculating signatures | | | | | | | in TransformSignatureof | | | | | | | MagickCore/signature.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20313 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-3610 | | | 8:6.9.11.60+dfsg-1.3+deb11u3 | ImageMagick: heap-based | | | | | | | buffer overflow in | | | | | | | ReadTIFFImage() in coders/tiff.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3610 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-40211 | | | | ImageMagick: Division by zero | | | | | | | in ReadEnhMetaFile lead to DoS | | | | | | | -->avd.aquasec.com/nvd/cve-2021-40211 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-1114 | | | 8:6.9.11.60+dfsg-1.3+deb11u2 | ImageMagick: heap-use-after-free | | | | | | | in RelinquishDCMInfo of dcm.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-1114 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-28463 | | | | ImageMagick: heap-buffer-overflow in | | | | | | | PushLongPixel() of quantum-private.h | | | | | | | -->avd.aquasec.com/nvd/cve-2022-28463 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-32545 | | | | ImageMagick: outside the range | | | | | | | of representable values of | | | | | | | type 'unsigned char' at... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-32545 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-32546 | | | | ImageMagick: outside the range | | | | | | | of representable values of | | | | | | | type 'unsigned long' at... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-32546 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-32547 | | | | ImageMagick: load of misaligned | | | | | | | address at MagickCore/property.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-32547 | + +---------------------+----------+ + +--------------------------------------------------------------------+ | | CVE-2021-20241 | MEDIUM | | | ImageMagick: Division by zero in | | | | | | | WriteJP2Image() in coders/jp2.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20241 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-20243 | | | | ImageMagick: Division by | | | | | | | zero in GetResizeFilterWeight | | | | | | | in MagickCore/resize.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20243 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-20244 | | | | ImageMagick: Division by | | | | | | | zero in ImplodeImage in | | | | | | | MagickCore/visual-effects.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20244 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-20245 | | | | ImageMagick: Division by zero | | | | | | | in WriteAnimatedWEBPImage() | | | | | | | in coders/webp.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20245 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-20246 | | | | ImageMagick: Division by | | | | | | | zero in ScaleResampleFilter | | | | | | | in MagickCore/resample.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20246 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-4219 | | | | imagemagick: remote | | | | | | | DoS in MagicCore/draw.c | | | | | | | via crafted SVG file | | | | | | | -->avd.aquasec.com/nvd/cve-2021-4219 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-1115 | | | 8:6.9.11.60+dfsg-1.3+deb11u3 | ImageMagick: heap-buffer-overflow in | | | | | | | PushShortPixel of quantum-private.h | | | | | | | -->avd.aquasec.com/nvd/cve-2022-1115 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-3213 | | | | ImageMagick: heap buffer | | | | | | | overflow while processing | | | | | | | a malformed TIFF file | | | | | | | -->avd.aquasec.com/nvd/cve-2022-3213 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-44267 | | | 8:6.9.11.60+dfsg-1.3+deb11u1 | ImageMagick: Denial of Service | | | | | | | when it parses a PNG image | | | | | | | -->avd.aquasec.com/nvd/cve-2022-44267 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-44268 | | | | ImageMagick: vulnerable | | | | | | | to Information Disclosure | | | | | | | when it parses a PNG image | | | | | | | -->avd.aquasec.com/nvd/cve-2022-44268 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-1289 | | | 8:6.9.11.60+dfsg-1.3+deb11u3 | ImageMagick: Specially crafted | | | | | | | SVG leads to segmentation fault | | | | | | | and generate trash files... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-1289 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-1906 | | | | ImageMagick: heap-based | | | | | | | buffer overflow in | | | | | | | ImportMultiSpectralQuantum() | | | | | | | in MagickCore/quantum-import.c | | | | | | | -->avd.aquasec.com/nvd/cve-2023-1906 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-34151 | | | | ImageMagick: Undefined | | | | | | | behaviors of casting double | | | | | | | to size_t in svg, mvg and... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-34151 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-3428 | | | | ImageMagick: heap-buffer-overflow | | | | | | | in coders/tiff.c | | | | | | | -->avd.aquasec.com/nvd/cve-2023-3428 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-5341 | | | | ImageMagick: Heap | | | | | | | use-after-free in coders/bmp.c | | | | | | | -->avd.aquasec.com/nvd/cve-2023-5341 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2005-0406 | LOW | | | A design flaw in image | | | | | | | processing software that | | | | | | | modifies JPEG images m... | | | | | | | -->avd.aquasec.com/nvd/cve-2005-0406 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2008-3134 | | | | GraphicsMagick/ImageMagick: | | | | | | | multiple crash or DoS issues | | | | | | | -->avd.aquasec.com/nvd/cve-2008-3134 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2016-8678 | | | | ImageMagick: Heap-buffer | | | | | | | overflow in IsPixelMonochrome | | | | | | | -->avd.aquasec.com/nvd/cve-2016-8678 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2017-11754 | | | | ImageMagick: Memory leak | | | | | | | in WritePICONImage function | | | | | | | -->avd.aquasec.com/nvd/cve-2017-11754 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2017-11755 | | | | ImageMagick: Memory leak in | | | | | | | WritePICONImage function via | | | | | | | mishandled AcquireSemaphoreInfo call | | | | | | | -->avd.aquasec.com/nvd/cve-2017-11755 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2017-7275 | | | | ImageMagick: Memory allocation | | | | | | | failure in AcquireMagickMemory | | | | | | | (incomplete fix for CVE-2016-8866) | | | | | | | -->avd.aquasec.com/nvd/cve-2017-7275 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2018-15607 | | | | ImageMagick: CPU Exhaustion | | | | | | | via crafted input file | | | | | | | -->avd.aquasec.com/nvd/cve-2018-15607 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-20311 | | | | ImageMagick: Division by | | | | | | | zero in sRGBTransformImage() | | | | | | | in MagickCore/colorspace.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20311 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-3574 | | | 8:6.9.11.60+dfsg-1.3+deb11u2 | ImageMagick: memory leaks | | | | | | | with convert command | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3574 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-39212 | | | | ImageMagick: possible read | | | | | | | or write in postscript files | | | | | | | -->avd.aquasec.com/nvd/cve-2021-39212 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-34152 | | | | ImageMagick: RCE (shell command | | | | | | | injection) vulnerability in OpenBlob | | | | | | | with --enable-pipes configured | | | | | | | -->avd.aquasec.com/nvd/cve-2023-34152 | +------------------------------+---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | imagemagick-6.q16 | CVE-2021-20309 | HIGH | | 8:6.9.11.60+dfsg-1.3+deb11u2 | ImagemMagick: Division | | | | | | | by zero in WaveImage() of | | | | | | | MagickCore/visual-effects.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20309 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-20312 | | | | ImageMagick: Integer overflow | | | | | | | in WriteTHUMBNAILImage | | | | | | | of coders/thumbnail.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20312 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-20313 | | | | ImageMagick: Cipher leak when | | | | | | | the calculating signatures | | | | | | | in TransformSignatureof | | | | | | | MagickCore/signature.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20313 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-3610 | | | 8:6.9.11.60+dfsg-1.3+deb11u3 | ImageMagick: heap-based | | | | | | | buffer overflow in | | | | | | | ReadTIFFImage() in coders/tiff.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3610 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-40211 | | | | ImageMagick: Division by zero | | | | | | | in ReadEnhMetaFile lead to DoS | | | | | | | -->avd.aquasec.com/nvd/cve-2021-40211 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-1114 | | | 8:6.9.11.60+dfsg-1.3+deb11u2 | ImageMagick: heap-use-after-free | | | | | | | in RelinquishDCMInfo of dcm.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-1114 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-28463 | | | | ImageMagick: heap-buffer-overflow in | | | | | | | PushLongPixel() of quantum-private.h | | | | | | | -->avd.aquasec.com/nvd/cve-2022-28463 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-32545 | | | | ImageMagick: outside the range | | | | | | | of representable values of | | | | | | | type 'unsigned char' at... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-32545 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-32546 | | | | ImageMagick: outside the range | | | | | | | of representable values of | | | | | | | type 'unsigned long' at... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-32546 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-32547 | | | | ImageMagick: load of misaligned | | | | | | | address at MagickCore/property.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-32547 | + +---------------------+----------+ + +--------------------------------------------------------------------+ | | CVE-2021-20241 | MEDIUM | | | ImageMagick: Division by zero in | | | | | | | WriteJP2Image() in coders/jp2.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20241 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-20243 | | | | ImageMagick: Division by | | | | | | | zero in GetResizeFilterWeight | | | | | | | in MagickCore/resize.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20243 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-20244 | | | | ImageMagick: Division by | | | | | | | zero in ImplodeImage in | | | | | | | MagickCore/visual-effects.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20244 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-20245 | | | | ImageMagick: Division by zero | | | | | | | in WriteAnimatedWEBPImage() | | | | | | | in coders/webp.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20245 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-20246 | | | | ImageMagick: Division by | | | | | | | zero in ScaleResampleFilter | | | | | | | in MagickCore/resample.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20246 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-4219 | | | | imagemagick: remote | | | | | | | DoS in MagicCore/draw.c | | | | | | | via crafted SVG file | | | | | | | -->avd.aquasec.com/nvd/cve-2021-4219 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-1115 | | | 8:6.9.11.60+dfsg-1.3+deb11u3 | ImageMagick: heap-buffer-overflow in | | | | | | | PushShortPixel of quantum-private.h | | | | | | | -->avd.aquasec.com/nvd/cve-2022-1115 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-3213 | | | | ImageMagick: heap buffer | | | | | | | overflow while processing | | | | | | | a malformed TIFF file | | | | | | | -->avd.aquasec.com/nvd/cve-2022-3213 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-44267 | | | 8:6.9.11.60+dfsg-1.3+deb11u1 | ImageMagick: Denial of Service | | | | | | | when it parses a PNG image | | | | | | | -->avd.aquasec.com/nvd/cve-2022-44267 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-44268 | | | | ImageMagick: vulnerable | | | | | | | to Information Disclosure | | | | | | | when it parses a PNG image | | | | | | | -->avd.aquasec.com/nvd/cve-2022-44268 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-1289 | | | 8:6.9.11.60+dfsg-1.3+deb11u3 | ImageMagick: Specially crafted | | | | | | | SVG leads to segmentation fault | | | | | | | and generate trash files... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-1289 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-1906 | | | | ImageMagick: heap-based | | | | | | | buffer overflow in | | | | | | | ImportMultiSpectralQuantum() | | | | | | | in MagickCore/quantum-import.c | | | | | | | -->avd.aquasec.com/nvd/cve-2023-1906 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-34151 | | | | ImageMagick: Undefined | | | | | | | behaviors of casting double | | | | | | | to size_t in svg, mvg and... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-34151 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-3428 | | | | ImageMagick: heap-buffer-overflow | | | | | | | in coders/tiff.c | | | | | | | -->avd.aquasec.com/nvd/cve-2023-3428 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-5341 | | | | ImageMagick: Heap | | | | | | | use-after-free in coders/bmp.c | | | | | | | -->avd.aquasec.com/nvd/cve-2023-5341 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2005-0406 | LOW | | | A design flaw in image | | | | | | | processing software that | | | | | | | modifies JPEG images m... | | | | | | | -->avd.aquasec.com/nvd/cve-2005-0406 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2008-3134 | | | | GraphicsMagick/ImageMagick: | | | | | | | multiple crash or DoS issues | | | | | | | -->avd.aquasec.com/nvd/cve-2008-3134 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2016-8678 | | | | ImageMagick: Heap-buffer | | | | | | | overflow in IsPixelMonochrome | | | | | | | -->avd.aquasec.com/nvd/cve-2016-8678 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2017-11754 | | | | ImageMagick: Memory leak | | | | | | | in WritePICONImage function | | | | | | | -->avd.aquasec.com/nvd/cve-2017-11754 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2017-11755 | | | | ImageMagick: Memory leak in | | | | | | | WritePICONImage function via | | | | | | | mishandled AcquireSemaphoreInfo call | | | | | | | -->avd.aquasec.com/nvd/cve-2017-11755 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2017-7275 | | | | ImageMagick: Memory allocation | | | | | | | failure in AcquireMagickMemory | | | | | | | (incomplete fix for CVE-2016-8866) | | | | | | | -->avd.aquasec.com/nvd/cve-2017-7275 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2018-15607 | | | | ImageMagick: CPU Exhaustion | | | | | | | via crafted input file | | | | | | | -->avd.aquasec.com/nvd/cve-2018-15607 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-20311 | | | | ImageMagick: Division by | | | | | | | zero in sRGBTransformImage() | | | | | | | in MagickCore/colorspace.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20311 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-3574 | | | 8:6.9.11.60+dfsg-1.3+deb11u2 | ImageMagick: memory leaks | | | | | | | with convert command | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3574 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-39212 | | | | ImageMagick: possible read | | | | | | | or write in postscript files | | | | | | | -->avd.aquasec.com/nvd/cve-2021-39212 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-34152 | | | | ImageMagick: RCE (shell command | | | | | | | injection) vulnerability in OpenBlob | | | | | | | with --enable-pipes configured | | | | | | | -->avd.aquasec.com/nvd/cve-2023-34152 | +------------------------------+---------------------+----------+-------------------------+------------------------------+--------------------------------------------------------------------+ | krb5-multidev | CVE-2022-42898 | HIGH | 1.18.3-6+deb11u1 | 1.18.3-6+deb11u3 | krb5: integer overflow | | | | | | | vulnerabilities in PAC parsing | | | | | | | -->avd.aquasec.com/nvd/cve-2022-42898 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2024-26462 | | | | krb5: Memory leak at | | | | | | | /krb5/src/kdc/ndr.c | | | | | | | -->avd.aquasec.com/nvd/cve-2024-26462 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-36054 | MEDIUM | | 1.18.3-6+deb11u4 | krb5: Denial of service through | | | | | | | freeing uninitialized pointer | | | | | | | -->avd.aquasec.com/nvd/cve-2023-36054 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2024-26458 | | | | krb5: Memory leak at | | | | | | | /krb5/src/lib/rpc/pmap_rmt.c | | | | | | | -->avd.aquasec.com/nvd/cve-2024-26458 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2024-26461 | | | | krb5: Memory leak at | | | | | | | /krb5/src/lib/gssapi/krb5/k5sealv3.c | | | | | | | -->avd.aquasec.com/nvd/cve-2024-26461 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2018-5709 | LOW | | | krb5: integer overflow | | | | | | | in dbentry->n_key_data | | | | | | | in kadmin/dbutil/dump.c | | | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | +------------------------------+---------------------+----------+-------------------------+------------------------------+--------------------------------------------------------------------+ | libaom0 | CVE-2021-30473 | CRITICAL | 1.0.0.errata1-3 | 1.0.0.errata1-3+deb11u1 | aom_image.c in libaom in | | | | | | | AOMedia before 2021-04-07 | | | | | | | frees memory that i ...... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-30473 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-30474 | | | | aom_dsp/grain_table.c in | | | | | | | libaom in AOMedia before | | | | | | | 2021-03-30 has a use ... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-30474 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-30475 | | | | aom_dsp/noise_model.c in | | | | | | | libaom in AOMedia before | | | | | | | 2021-03-24 has a buf ... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-30475 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-6879 | | | | aom: heap-buffer-overflow | | | | | | | on frame size change | | | | | | | -->avd.aquasec.com/nvd/cve-2023-6879 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2020-0478 | HIGH | | | In extend_frame_lowbd of | | | | | | | restoration.c, there is a | | | | | | | possible out of bou ...... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-0478 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2020-36131 | | | 1.0.0.errata1-3+deb11u1 | AOM v2.0.1 was discovered to contain | | | | | | | a stack buffer overflow via the... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-36131 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2020-36133 | | | | AOM v2.0.1 was discovered to contain | | | | | | | a global buffer overflow via the... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-36133 | + +---------------------+----------+ + +--------------------------------------------------------------------+ | | CVE-2020-36130 | MEDIUM | | | AOM v2.0.1 was discovered to contain | | | | | | | a NULL pointer dereference via th... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-36130 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2020-36135 | | | | AOM v2.0.1 was discovered to contain | | | | | | | a NULL pointer dereference via th... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-36135 | +------------------------------+---------------------+----------+-------------------------+------------------------------+--------------------------------------------------------------------+ | libapr1 | CVE-2022-24963 | CRITICAL | 1.7.0-6+deb11u1 | 1.7.0-6+deb11u2 | apr: integer overflow/wraparound | | | | | | | in apr_encode | | | | | | | -->avd.aquasec.com/nvd/cve-2022-24963 | +------------------------------+---------------------+----------+-------------------------+------------------------------+--------------------------------------------------------------------+ | libaprutil1 | CVE-2022-25147 | MEDIUM | 1.6.1-5 | 1.6.1-5+deb11u1 | apr-util: out-of-bounds | | | | | | | writes in the apr_base64 | | | | | | | -->avd.aquasec.com/nvd/cve-2022-25147 | +------------------------------+---------------------+----------+-------------------------+------------------------------+--------------------------------------------------------------------+ | libapt-pkg6.0 | CVE-2011-3374 | LOW | 2.2.4 | | It was found that apt-key in apt, | | | | | | | all versions, do not correctly... | | | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | +------------------------------+---------------------+----------+-------------------------+------------------------------+--------------------------------------------------------------------+ | libasan6 | CVE-2023-4039 | MEDIUM | 10.2.1-6 | | gcc: -fstack-protector | | | | | | | fails to guard dynamic | | | | | | | stack allocations on ARM64 | | | | | | | -->avd.aquasec.com/nvd/cve-2023-4039 | +------------------------------+ + + +------------------------------+ + | libatomic1 | | | | | | | | | | | | | | | | | | | | | | | | | | | +------------------------------+---------------------+----------+-------------------------+------------------------------+--------------------------------------------------------------------+ | libbinutils | CVE-2017-13716 | LOW | 2.35.2-2 | | binutils: Memory leak with the C++ | | | | | | | symbol demangler routine in libiberty | | | | | | | -->avd.aquasec.com/nvd/cve-2017-13716 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2018-18483 | | | | binutils: Integer overflow | | | | | | | in cplus-dem.c:get_count() | | | | | | | allows for denial of service | | | | | | | -->avd.aquasec.com/nvd/cve-2018-18483 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2018-20673 | | | | libiberty: Integer overflow in | | | | | | | demangle_template() function | | | | | | | -->avd.aquasec.com/nvd/cve-2018-20673 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2018-20712 | | | | libiberty: heap-based buffer | | | | | | | over-read in d_expression_1 | | | | | | | -->avd.aquasec.com/nvd/cve-2018-20712 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2018-9996 | | | | binutils: Stack-overflow in | | | | | | | libiberty/cplus-dem.c causes crash | | | | | | | -->avd.aquasec.com/nvd/cve-2018-9996 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2019-1010204 | | | | binutils: Improper Input Validation, | | | | | | | Signed/Unsigned Comparison, | | | | | | | Out-of-bounds Read in gold/fileread.cc | | | | | | | and elfcpp/elfcpp_file.h... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1010204 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2020-19726 | | | | binutils: heap-based buffer overflow | | | | | | | in bfd_getl32() in bfd/libbfd.c | | | | | | | -->avd.aquasec.com/nvd/cve-2020-19726 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2020-35448 | | | | binutils: Heap-based buffer overflow | | | | | | | in bfd_getl_signed_32() in libbfd.c | | | | | | | because sh_entsize is not... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-35448 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-20197 | | | | binutils: Race window allows | | | | | | | users to own arbitrary files | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20197 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-20284 | | | | binutils: Heap-based | | | | | | | buffer overflow in | | | | | | | _bfd_elf_slurp_secondary_reloc_section | | | | | | | in elf.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20284 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-32256 | | | | binutils: stack-overflow issue in | | | | | | | demangle_type in rust-demangle.c. | | | | | | | -->avd.aquasec.com/nvd/cve-2021-32256 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-3530 | | | | binutils: stack memory exhaustion in | | | | | | | demangle_path() in rust-demangle.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3530 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-3549 | | | | binutils: heap-based | | | | | | | buffer overflow in | | | | | | | avr_elf32_load_records_from_section() | | | | | | | via large section parameter | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3549 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-3826 | | | | libiberty: Heap/stack buffer | | | | | | | overflow in the dlang_lname | | | | | | | function in d-demangle.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3826 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-45078 | | | | binutils: out-of-bounds write in | | | | | | | stab_xcoff_builtin_type() in stabs.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-45078 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-46174 | | | | binutils: heap-based buffer | | | | | | | overflow in bfd_getl32() | | | | | | | in libbfd.c via objdump | | | | | | | -->avd.aquasec.com/nvd/cve-2021-46174 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-46195 | | | | gcc: uncontrolled recursion | | | | | | | in libiberty/rust-demangle.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-46195 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-35205 | | | | binutils: reachable assertion in | | | | | | | display_debug_names() in dwarf.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-35205 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-35206 | | | | binutils: NULL pointer dereference | | | | | | | in read_and_display_attr_value() | | | | | | | in dwarf.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-35206 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-38533 | | | | binutils: heap-based buffer overflow | | | | | | | in bfd_getl32() when called by | | | | | | | strip_main() in objcopy.c... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-38533 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-4285 | | | | binutils: NULL | | | | | | | pointer dereference in | | | | | | | _bfd_elf_get_symbol_version_string | | | | | | | leads to segfault | | | | | | | -->avd.aquasec.com/nvd/cve-2022-4285 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-44840 | | | | binutils: heap-based buffer overflow | | | | | | | in find_section_in_set() in readelf.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-44840 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-45703 | | | | binutils: heap-based | | | | | | | buffer overflow in | | | | | | | display_debug_section() in readelf.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-45703 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-47007 | | | | binutils: memory leak in | | | | | | | stab_demangle_v3_arg() in stabs.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-47007 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-47008 | | | | binutils: memory leak | | | | | | | in make_tempdir() and | | | | | | | make_tempname() in bucomm.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-47008 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-47010 | | | | binutils: memory leak in | | | | | | | pr_function_type() in prdbg.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-47010 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-47011 | | | | binutils: memory leak in | | | | | | | parse_stab_struct_fields() in stabs.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-47011 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-47673 | | | | binutils: out-of-bounds | | | | | | | read in parse_module() in | | | | | | | bfd/vms-alpha.c via addr2line | | | | | | | -->avd.aquasec.com/nvd/cve-2022-47673 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-47695 | | | | binutils: uninitialized field in | | | | | | | bfd_mach_o_get_synthetic_symtab() | | | | | | | in match-o.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-47695 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-47696 | | | | binutils: segmentation fault in | | | | | | | compare_symbols() in objdump.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-47696 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-48063 | | | | binutils: excessive | | | | | | | memory consumption in | | | | | | | load_separate_debug_files() | | | | | | | in dwarf.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-48063 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-48064 | | | | binutils: excessive | | | | | | | memory consumption in | | | | | | | _bfd_dwarf2_find_nearest_line_with_alt() | | | | | | | in dwarf2.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-48064 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-48065 | | | | binutils: memory leak in | | | | | | | find_abstract_instance() in dwarf2.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-48065 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-1579 | | | | binutils: Heap-buffer-overflow | | | | | | | binutils-gdb/bfd/libbfd.c | | | | | | | in bfd_getl64 | | | | | | | -->avd.aquasec.com/nvd/cve-2023-1579 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-1972 | | | | binutils: Illegal memory access when | | | | | | | accessing a zer0-lengthverdef table | | | | | | | -->avd.aquasec.com/nvd/cve-2023-1972 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-25584 | | | | binutils: Out of bounds | | | | | | | read in parse_module | | | | | | | function in bfd/vms-alpha.c | | | | | | | -->avd.aquasec.com/nvd/cve-2023-25584 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-25585 | | | | binutils: Field `file_table` | | | | | | | of `struct module | | | | | | | *module` is uninitialized | | | | | | | -->avd.aquasec.com/nvd/cve-2023-25585 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-25586 | | | | binutils: Local variable | | | | | | | `ch_type` in function | | | | | | | `bfd_init_section_decompress_status` | | | | | | | can be uninitialized | | | | | | | -->avd.aquasec.com/nvd/cve-2023-25586 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-25588 | | | | binutils: Field | | | | | | | `the_bfd` of `asymbol` is | | | | | | | uninitialized in function | | | | | | | `bfd_mach_o_get_synthetic_symtab` | | | | | | | -->avd.aquasec.com/nvd/cve-2023-25588 | +------------------------------+---------------------+----------+-------------------------+------------------------------+--------------------------------------------------------------------+ | libblkid-dev | CVE-2024-28085 | HIGH | 2.36.1-8+deb11u1 | 2.36.1-8+deb11u2 | util-linux: CVE-2024-28085: | | | | | | | wall: escape sequence injection | | | | | | | -->avd.aquasec.com/nvd/cve-2024-28085 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-0563 | LOW | | | util-linux: partial disclosure | | | | | | | of arbitrary files in chfn | | | | | | | and chsh when compiled... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-0563 | +------------------------------+---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | libblkid1 | CVE-2024-28085 | HIGH | | 2.36.1-8+deb11u2 | util-linux: CVE-2024-28085: | | | | | | | wall: escape sequence injection | | | | | | | -->avd.aquasec.com/nvd/cve-2024-28085 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-0563 | LOW | | | util-linux: partial disclosure | | | | | | | of arbitrary files in chfn | | | | | | | and chsh when compiled... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-0563 | +------------------------------+---------------------+----------+-------------------------+------------------------------+--------------------------------------------------------------------+ | libbluetooth-dev | CVE-2021-43400 | CRITICAL | 5.55-3.1 | | bluez: use-after-free | | | | | | | in gatt-database.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-43400 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-0204 | HIGH | | | bluez: heap-based buffer | | | | | | | overflow in the implementation | | | | | | | of the gatt protocol | | | | | | | -->avd.aquasec.com/nvd/cve-2022-0204 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-39176 | | | | bluez: BlueZ allows physically | | | | | | | proximate attackers to obtain | | | | | | | sensitive information because | | | | | | | profiles/audio/avrcp.c... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-39176 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-39177 | | | | bluez: BlueZ allows physically | | | | | | | proximate attackers to | | | | | | | cause a denial of service... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-39177 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-3658 | MEDIUM | | | bluez: adapter incorrectly | | | | | | | restores Discoverable | | | | | | | state after powered down | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3658 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-41229 | | | | bluez: memory leak | | | | | | | in the SDP protocol | | | | | | | -->avd.aquasec.com/nvd/cve-2021-41229 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-45866 | | | 5.55-3.1+deb11u1 | bluez: unauthorized HID | | | | | | | device connections allows | | | | | | | keystroke injection and | | | | | | | arbitrary commands execution... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-45866 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2016-9797 | LOW | | | bluez: buffer over-read | | | | | | | in l2cap_dump() | | | | | | | -->avd.aquasec.com/nvd/cve-2016-9797 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2016-9798 | | | | bluez: use-after-free in conf_opt() | | | | | | | -->avd.aquasec.com/nvd/cve-2016-9798 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2016-9799 | | | | bluez: buffer overflow | | | | | | | in pklg_read_hci() | | | | | | | -->avd.aquasec.com/nvd/cve-2016-9799 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2016-9800 | | | | bluez: buffer overflow | | | | | | | in pin_code_reply_dump() | | | | | | | -->avd.aquasec.com/nvd/cve-2016-9800 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2016-9801 | | | | bluez: buffer overflow | | | | | | | in set_ext_ctrl() | | | | | | | -->avd.aquasec.com/nvd/cve-2016-9801 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2016-9802 | | | | bluez: buffer over-read | | | | | | | in l2cap_packet() | | | | | | | -->avd.aquasec.com/nvd/cve-2016-9802 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2016-9803 | | | | bluez: out-of-bounds | | | | | | | read in le_meta_ev_dump() | | | | | | | -->avd.aquasec.com/nvd/cve-2016-9803 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2016-9804 | | | | bluez: buffer overflow | | | | | | | in commands_dump() | | | | | | | -->avd.aquasec.com/nvd/cve-2016-9804 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2016-9917 | | | | bluez: Heap-based buffer overflow | | | | | | | vulnerability in read_n() | | | | | | | -->avd.aquasec.com/nvd/cve-2016-9917 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2016-9918 | | | | bluez: Out of bounds stack | | | | | | | read in packet_hexdump() | | | | | | | -->avd.aquasec.com/nvd/cve-2016-9918 | +------------------------------+---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | libbluetooth3 | CVE-2021-43400 | CRITICAL | | | bluez: use-after-free | | | | | | | in gatt-database.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-43400 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-0204 | HIGH | | | bluez: heap-based buffer | | | | | | | overflow in the implementation | | | | | | | of the gatt protocol | | | | | | | -->avd.aquasec.com/nvd/cve-2022-0204 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-39176 | | | | bluez: BlueZ allows physically | | | | | | | proximate attackers to obtain | | | | | | | sensitive information because | | | | | | | profiles/audio/avrcp.c... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-39176 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-39177 | | | | bluez: BlueZ allows physically | | | | | | | proximate attackers to | | | | | | | cause a denial of service... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-39177 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-3658 | MEDIUM | | | bluez: adapter incorrectly | | | | | | | restores Discoverable | | | | | | | state after powered down | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3658 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-41229 | | | | bluez: memory leak | | | | | | | in the SDP protocol | | | | | | | -->avd.aquasec.com/nvd/cve-2021-41229 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-45866 | | | 5.55-3.1+deb11u1 | bluez: unauthorized HID | | | | | | | device connections allows | | | | | | | keystroke injection and | | | | | | | arbitrary commands execution... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-45866 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2016-9797 | LOW | | | bluez: buffer over-read | | | | | | | in l2cap_dump() | | | | | | | -->avd.aquasec.com/nvd/cve-2016-9797 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2016-9798 | | | | bluez: use-after-free in conf_opt() | | | | | | | -->avd.aquasec.com/nvd/cve-2016-9798 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2016-9799 | | | | bluez: buffer overflow | | | | | | | in pklg_read_hci() | | | | | | | -->avd.aquasec.com/nvd/cve-2016-9799 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2016-9800 | | | | bluez: buffer overflow | | | | | | | in pin_code_reply_dump() | | | | | | | -->avd.aquasec.com/nvd/cve-2016-9800 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2016-9801 | | | | bluez: buffer overflow | | | | | | | in set_ext_ctrl() | | | | | | | -->avd.aquasec.com/nvd/cve-2016-9801 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2016-9802 | | | | bluez: buffer over-read | | | | | | | in l2cap_packet() | | | | | | | -->avd.aquasec.com/nvd/cve-2016-9802 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2016-9803 | | | | bluez: out-of-bounds | | | | | | | read in le_meta_ev_dump() | | | | | | | -->avd.aquasec.com/nvd/cve-2016-9803 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2016-9804 | | | | bluez: buffer overflow | | | | | | | in commands_dump() | | | | | | | -->avd.aquasec.com/nvd/cve-2016-9804 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2016-9917 | | | | bluez: Heap-based buffer overflow | | | | | | | vulnerability in read_n() | | | | | | | -->avd.aquasec.com/nvd/cve-2016-9917 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2016-9918 | | | | bluez: Out of bounds stack | | | | | | | read in packet_hexdump() | | | | | | | -->avd.aquasec.com/nvd/cve-2016-9918 | +------------------------------+---------------------+----------+-------------------------+------------------------------+--------------------------------------------------------------------+ | libc-bin | CVE-2021-3999 | HIGH | 2.31-13+deb11u3 | 2.31-13+deb11u4 | glibc: Off-by-one buffer | | | | | | | overflow/underflow in getcwd() | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3999 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-4911 | | | 2.31-13+deb11u7 | glibc: buffer overflow in ld.so | | | | | | | leading to privilege escalation | | | | | | | -->avd.aquasec.com/nvd/cve-2023-4911 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2024-2961 | | | 2.31-13+deb11u9 | glibc: Out of bounds write in | | | | | | | iconv may lead to remote code... | | | | | | | -->avd.aquasec.com/nvd/cve-2024-2961 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-4806 | MEDIUM | | | glibc: potential | | | | | | | use-after-free in getaddrinfo() | | | | | | | -->avd.aquasec.com/nvd/cve-2023-4806 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-4813 | | | | glibc: potential | | | | | | | use-after-free in gaih_inet() | | | | | | | -->avd.aquasec.com/nvd/cve-2023-4813 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2010-4756 | LOW | | | glibc: glob implementation | | | | | | | can cause excessive CPU and | | | | | | | memory consumption due to... | | | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | | | | | | | function check_dst_limits_calc_pos_1 | | | | | | | in posix/regexec.c | | | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | | | | | | | leads to code execution because of... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2019-1010024 | | | | glibc: ASLR bypass using | | | | | | | cache of thread stack and heap | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2019-1010025 | | | | glibc: information disclosure of heap | | | | | | | addresses of pthread_created thread | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | | | | | | | function check_dst_limits_calc_pos_1 | | | | | | | in posix/regexec.c | | | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | +------------------------------+---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | libc-dev-bin | CVE-2021-3999 | HIGH | | 2.31-13+deb11u4 | glibc: Off-by-one buffer | | | | | | | overflow/underflow in getcwd() | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3999 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-4911 | | | 2.31-13+deb11u7 | glibc: buffer overflow in ld.so | | | | | | | leading to privilege escalation | | | | | | | -->avd.aquasec.com/nvd/cve-2023-4911 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2024-2961 | | | 2.31-13+deb11u9 | glibc: Out of bounds write in | | | | | | | iconv may lead to remote code... | | | | | | | -->avd.aquasec.com/nvd/cve-2024-2961 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-4806 | MEDIUM | | | glibc: potential | | | | | | | use-after-free in getaddrinfo() | | | | | | | -->avd.aquasec.com/nvd/cve-2023-4806 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-4813 | | | | glibc: potential | | | | | | | use-after-free in gaih_inet() | | | | | | | -->avd.aquasec.com/nvd/cve-2023-4813 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2010-4756 | LOW | | | glibc: glob implementation | | | | | | | can cause excessive CPU and | | | | | | | memory consumption due to... | | | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | | | | | | | function check_dst_limits_calc_pos_1 | | | | | | | in posix/regexec.c | | | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | | | | | | | leads to code execution because of... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2019-1010024 | | | | glibc: ASLR bypass using | | | | | | | cache of thread stack and heap | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2019-1010025 | | | | glibc: information disclosure of heap | | | | | | | addresses of pthread_created thread | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | | | | | | | function check_dst_limits_calc_pos_1 | | | | | | | in posix/regexec.c | | | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | +------------------------------+---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | libc6 | CVE-2021-3999 | HIGH | | 2.31-13+deb11u4 | glibc: Off-by-one buffer | | | | | | | overflow/underflow in getcwd() | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3999 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-4911 | | | 2.31-13+deb11u7 | glibc: buffer overflow in ld.so | | | | | | | leading to privilege escalation | | | | | | | -->avd.aquasec.com/nvd/cve-2023-4911 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2024-2961 | | | 2.31-13+deb11u9 | glibc: Out of bounds write in | | | | | | | iconv may lead to remote code... | | | | | | | -->avd.aquasec.com/nvd/cve-2024-2961 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-4806 | MEDIUM | | | glibc: potential | | | | | | | use-after-free in getaddrinfo() | | | | | | | -->avd.aquasec.com/nvd/cve-2023-4806 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-4813 | | | | glibc: potential | | | | | | | use-after-free in gaih_inet() | | | | | | | -->avd.aquasec.com/nvd/cve-2023-4813 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2010-4756 | LOW | | | glibc: glob implementation | | | | | | | can cause excessive CPU and | | | | | | | memory consumption due to... | | | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | | | | | | | function check_dst_limits_calc_pos_1 | | | | | | | in posix/regexec.c | | | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | | | | | | | leads to code execution because of... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2019-1010024 | | | | glibc: ASLR bypass using | | | | | | | cache of thread stack and heap | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2019-1010025 | | | | glibc: information disclosure of heap | | | | | | | addresses of pthread_created thread | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | | | | | | | function check_dst_limits_calc_pos_1 | | | | | | | in posix/regexec.c | | | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | +------------------------------+---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | libc6-dev | CVE-2021-3999 | HIGH | | 2.31-13+deb11u4 | glibc: Off-by-one buffer | | | | | | | overflow/underflow in getcwd() | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3999 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-4911 | | | 2.31-13+deb11u7 | glibc: buffer overflow in ld.so | | | | | | | leading to privilege escalation | | | | | | | -->avd.aquasec.com/nvd/cve-2023-4911 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2024-2961 | | | 2.31-13+deb11u9 | glibc: Out of bounds write in | | | | | | | iconv may lead to remote code... | | | | | | | -->avd.aquasec.com/nvd/cve-2024-2961 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-4806 | MEDIUM | | | glibc: potential | | | | | | | use-after-free in getaddrinfo() | | | | | | | -->avd.aquasec.com/nvd/cve-2023-4806 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-4813 | | | | glibc: potential | | | | | | | use-after-free in gaih_inet() | | | | | | | -->avd.aquasec.com/nvd/cve-2023-4813 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2010-4756 | LOW | | | glibc: glob implementation | | | | | | | can cause excessive CPU and | | | | | | | memory consumption due to... | | | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | | | | | | | function check_dst_limits_calc_pos_1 | | | | | | | in posix/regexec.c | | | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | | | | | | | leads to code execution because of... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2019-1010024 | | | | glibc: ASLR bypass using | | | | | | | cache of thread stack and heap | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2019-1010025 | | | | glibc: information disclosure of heap | | | | | | | addresses of pthread_created thread | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | | | | | | | function check_dst_limits_calc_pos_1 | | | | | | | in posix/regexec.c | | | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | +------------------------------+---------------------+ +-------------------------+------------------------------+--------------------------------------------------------------------+ | libcairo-gobject2 | CVE-2017-7475 | | 1.16.0-5 | | cairo: NULL pointer dereference | | | | | | | with a crafted font file | | | | | | | -->avd.aquasec.com/nvd/cve-2017-7475 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2018-18064 | | | | cairo: Stack-based buffer | | | | | | | overflow via parsing of | | | | | | | crafted WebKitGTK+ document | | | | | | | -->avd.aquasec.com/nvd/cve-2018-18064 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2019-6461 | | | | cairo: assertion problem | | | | | | | in _cairo_arc_in_direction | | | | | | | in cairo-arc.c | | | | | | | -->avd.aquasec.com/nvd/cve-2019-6461 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2019-6462 | | | | cairo: infinite loop in the | | | | | | | function _arc_error_normalized | | | | | | | in the file cairo-arc.c | | | | | | | -->avd.aquasec.com/nvd/cve-2019-6462 | +------------------------------+---------------------+ + +------------------------------+--------------------------------------------------------------------+ | libcairo-script-interpreter2 | CVE-2017-7475 | | | | cairo: NULL pointer dereference | | | | | | | with a crafted font file | | | | | | | -->avd.aquasec.com/nvd/cve-2017-7475 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2018-18064 | | | | cairo: Stack-based buffer | | | | | | | overflow via parsing of | | | | | | | crafted WebKitGTK+ document | | | | | | | -->avd.aquasec.com/nvd/cve-2018-18064 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2019-6461 | | | | cairo: assertion problem | | | | | | | in _cairo_arc_in_direction | | | | | | | in cairo-arc.c | | | | | | | -->avd.aquasec.com/nvd/cve-2019-6461 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2019-6462 | | | | cairo: infinite loop in the | | | | | | | function _arc_error_normalized | | | | | | | in the file cairo-arc.c | | | | | | | -->avd.aquasec.com/nvd/cve-2019-6462 | +------------------------------+---------------------+ + +------------------------------+--------------------------------------------------------------------+ | libcairo2 | CVE-2017-7475 | | | | cairo: NULL pointer dereference | | | | | | | with a crafted font file | | | | | | | -->avd.aquasec.com/nvd/cve-2017-7475 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2018-18064 | | | | cairo: Stack-based buffer | | | | | | | overflow via parsing of | | | | | | | crafted WebKitGTK+ document | | | | | | | -->avd.aquasec.com/nvd/cve-2018-18064 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2019-6461 | | | | cairo: assertion problem | | | | | | | in _cairo_arc_in_direction | | | | | | | in cairo-arc.c | | | | | | | -->avd.aquasec.com/nvd/cve-2019-6461 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2019-6462 | | | | cairo: infinite loop in the | | | | | | | function _arc_error_normalized | | | | | | | in the file cairo-arc.c | | | | | | | -->avd.aquasec.com/nvd/cve-2019-6462 | +------------------------------+---------------------+ + +------------------------------+--------------------------------------------------------------------+ | libcairo2-dev | CVE-2017-7475 | | | | cairo: NULL pointer dereference | | | | | | | with a crafted font file | | | | | | | -->avd.aquasec.com/nvd/cve-2017-7475 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2018-18064 | | | | cairo: Stack-based buffer | | | | | | | overflow via parsing of | | | | | | | crafted WebKitGTK+ document | | | | | | | -->avd.aquasec.com/nvd/cve-2018-18064 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2019-6461 | | | | cairo: assertion problem | | | | | | | in _cairo_arc_in_direction | | | | | | | in cairo-arc.c | | | | | | | -->avd.aquasec.com/nvd/cve-2019-6461 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2019-6462 | | | | cairo: infinite loop in the | | | | | | | function _arc_error_normalized | | | | | | | in the file cairo-arc.c | | | | | | | -->avd.aquasec.com/nvd/cve-2019-6462 | +------------------------------+---------------------+----------+-------------------------+------------------------------+--------------------------------------------------------------------+ | libcc1-0 | CVE-2023-4039 | MEDIUM | 10.2.1-6 | | gcc: -fstack-protector | | | | | | | fails to guard dynamic | | | | | | | stack allocations on ARM64 | | | | | | | -->avd.aquasec.com/nvd/cve-2023-4039 | +------------------------------+---------------------+----------+-------------------------+------------------------------+--------------------------------------------------------------------+ | libcom-err2 | CVE-2022-1304 | HIGH | 1.46.2-2 | | e2fsprogs: out-of-bounds | | | | | | | read/write via crafted filesystem | | | | | | | -->avd.aquasec.com/nvd/cve-2022-1304 | +------------------------------+---------------------+----------+-------------------------+------------------------------+--------------------------------------------------------------------+ | libctf-nobfd0 | CVE-2017-13716 | LOW | 2.35.2-2 | | binutils: Memory leak with the C++ | | | | | | | symbol demangler routine in libiberty | | | | | | | -->avd.aquasec.com/nvd/cve-2017-13716 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2018-18483 | | | | binutils: Integer overflow | | | | | | | in cplus-dem.c:get_count() | | | | | | | allows for denial of service | | | | | | | -->avd.aquasec.com/nvd/cve-2018-18483 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2018-20673 | | | | libiberty: Integer overflow in | | | | | | | demangle_template() function | | | | | | | -->avd.aquasec.com/nvd/cve-2018-20673 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2018-20712 | | | | libiberty: heap-based buffer | | | | | | | over-read in d_expression_1 | | | | | | | -->avd.aquasec.com/nvd/cve-2018-20712 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2018-9996 | | | | binutils: Stack-overflow in | | | | | | | libiberty/cplus-dem.c causes crash | | | | | | | -->avd.aquasec.com/nvd/cve-2018-9996 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2019-1010204 | | | | binutils: Improper Input Validation, | | | | | | | Signed/Unsigned Comparison, | | | | | | | Out-of-bounds Read in gold/fileread.cc | | | | | | | and elfcpp/elfcpp_file.h... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1010204 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2020-19726 | | | | binutils: heap-based buffer overflow | | | | | | | in bfd_getl32() in bfd/libbfd.c | | | | | | | -->avd.aquasec.com/nvd/cve-2020-19726 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2020-35448 | | | | binutils: Heap-based buffer overflow | | | | | | | in bfd_getl_signed_32() in libbfd.c | | | | | | | because sh_entsize is not... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-35448 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-20197 | | | | binutils: Race window allows | | | | | | | users to own arbitrary files | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20197 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-20284 | | | | binutils: Heap-based | | | | | | | buffer overflow in | | | | | | | _bfd_elf_slurp_secondary_reloc_section | | | | | | | in elf.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20284 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-32256 | | | | binutils: stack-overflow issue in | | | | | | | demangle_type in rust-demangle.c. | | | | | | | -->avd.aquasec.com/nvd/cve-2021-32256 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-3530 | | | | binutils: stack memory exhaustion in | | | | | | | demangle_path() in rust-demangle.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3530 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-3549 | | | | binutils: heap-based | | | | | | | buffer overflow in | | | | | | | avr_elf32_load_records_from_section() | | | | | | | via large section parameter | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3549 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-3826 | | | | libiberty: Heap/stack buffer | | | | | | | overflow in the dlang_lname | | | | | | | function in d-demangle.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3826 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-45078 | | | | binutils: out-of-bounds write in | | | | | | | stab_xcoff_builtin_type() in stabs.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-45078 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-46174 | | | | binutils: heap-based buffer | | | | | | | overflow in bfd_getl32() | | | | | | | in libbfd.c via objdump | | | | | | | -->avd.aquasec.com/nvd/cve-2021-46174 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-46195 | | | | gcc: uncontrolled recursion | | | | | | | in libiberty/rust-demangle.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-46195 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-35205 | | | | binutils: reachable assertion in | | | | | | | display_debug_names() in dwarf.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-35205 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-35206 | | | | binutils: NULL pointer dereference | | | | | | | in read_and_display_attr_value() | | | | | | | in dwarf.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-35206 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-38533 | | | | binutils: heap-based buffer overflow | | | | | | | in bfd_getl32() when called by | | | | | | | strip_main() in objcopy.c... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-38533 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-4285 | | | | binutils: NULL | | | | | | | pointer dereference in | | | | | | | _bfd_elf_get_symbol_version_string | | | | | | | leads to segfault | | | | | | | -->avd.aquasec.com/nvd/cve-2022-4285 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-44840 | | | | binutils: heap-based buffer overflow | | | | | | | in find_section_in_set() in readelf.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-44840 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-45703 | | | | binutils: heap-based | | | | | | | buffer overflow in | | | | | | | display_debug_section() in readelf.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-45703 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-47007 | | | | binutils: memory leak in | | | | | | | stab_demangle_v3_arg() in stabs.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-47007 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-47008 | | | | binutils: memory leak | | | | | | | in make_tempdir() and | | | | | | | make_tempname() in bucomm.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-47008 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-47010 | | | | binutils: memory leak in | | | | | | | pr_function_type() in prdbg.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-47010 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-47011 | | | | binutils: memory leak in | | | | | | | parse_stab_struct_fields() in stabs.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-47011 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-47673 | | | | binutils: out-of-bounds | | | | | | | read in parse_module() in | | | | | | | bfd/vms-alpha.c via addr2line | | | | | | | -->avd.aquasec.com/nvd/cve-2022-47673 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-47695 | | | | binutils: uninitialized field in | | | | | | | bfd_mach_o_get_synthetic_symtab() | | | | | | | in match-o.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-47695 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-47696 | | | | binutils: segmentation fault in | | | | | | | compare_symbols() in objdump.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-47696 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-48063 | | | | binutils: excessive | | | | | | | memory consumption in | | | | | | | load_separate_debug_files() | | | | | | | in dwarf.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-48063 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-48064 | | | | binutils: excessive | | | | | | | memory consumption in | | | | | | | _bfd_dwarf2_find_nearest_line_with_alt() | | | | | | | in dwarf2.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-48064 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-48065 | | | | binutils: memory leak in | | | | | | | find_abstract_instance() in dwarf2.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-48065 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-1579 | | | | binutils: Heap-buffer-overflow | | | | | | | binutils-gdb/bfd/libbfd.c | | | | | | | in bfd_getl64 | | | | | | | -->avd.aquasec.com/nvd/cve-2023-1579 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-1972 | | | | binutils: Illegal memory access when | | | | | | | accessing a zer0-lengthverdef table | | | | | | | -->avd.aquasec.com/nvd/cve-2023-1972 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-25584 | | | | binutils: Out of bounds | | | | | | | read in parse_module | | | | | | | function in bfd/vms-alpha.c | | | | | | | -->avd.aquasec.com/nvd/cve-2023-25584 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-25585 | | | | binutils: Field `file_table` | | | | | | | of `struct module | | | | | | | *module` is uninitialized | | | | | | | -->avd.aquasec.com/nvd/cve-2023-25585 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-25586 | | | | binutils: Local variable | | | | | | | `ch_type` in function | | | | | | | `bfd_init_section_decompress_status` | | | | | | | can be uninitialized | | | | | | | -->avd.aquasec.com/nvd/cve-2023-25586 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-25588 | | | | binutils: Field | | | | | | | `the_bfd` of `asymbol` is | | | | | | | uninitialized in function | | | | | | | `bfd_mach_o_get_synthetic_symtab` | | | | | | | -->avd.aquasec.com/nvd/cve-2023-25588 | +------------------------------+---------------------+ + +------------------------------+--------------------------------------------------------------------+ | libctf0 | CVE-2017-13716 | | | | binutils: Memory leak with the C++ | | | | | | | symbol demangler routine in libiberty | | | | | | | -->avd.aquasec.com/nvd/cve-2017-13716 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2018-18483 | | | | binutils: Integer overflow | | | | | | | in cplus-dem.c:get_count() | | | | | | | allows for denial of service | | | | | | | -->avd.aquasec.com/nvd/cve-2018-18483 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2018-20673 | | | | libiberty: Integer overflow in | | | | | | | demangle_template() function | | | | | | | -->avd.aquasec.com/nvd/cve-2018-20673 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2018-20712 | | | | libiberty: heap-based buffer | | | | | | | over-read in d_expression_1 | | | | | | | -->avd.aquasec.com/nvd/cve-2018-20712 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2018-9996 | | | | binutils: Stack-overflow in | | | | | | | libiberty/cplus-dem.c causes crash | | | | | | | -->avd.aquasec.com/nvd/cve-2018-9996 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2019-1010204 | | | | binutils: Improper Input Validation, | | | | | | | Signed/Unsigned Comparison, | | | | | | | Out-of-bounds Read in gold/fileread.cc | | | | | | | and elfcpp/elfcpp_file.h... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1010204 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2020-19726 | | | | binutils: heap-based buffer overflow | | | | | | | in bfd_getl32() in bfd/libbfd.c | | | | | | | -->avd.aquasec.com/nvd/cve-2020-19726 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2020-35448 | | | | binutils: Heap-based buffer overflow | | | | | | | in bfd_getl_signed_32() in libbfd.c | | | | | | | because sh_entsize is not... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-35448 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-20197 | | | | binutils: Race window allows | | | | | | | users to own arbitrary files | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20197 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-20284 | | | | binutils: Heap-based | | | | | | | buffer overflow in | | | | | | | _bfd_elf_slurp_secondary_reloc_section | | | | | | | in elf.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20284 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-32256 | | | | binutils: stack-overflow issue in | | | | | | | demangle_type in rust-demangle.c. | | | | | | | -->avd.aquasec.com/nvd/cve-2021-32256 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-3530 | | | | binutils: stack memory exhaustion in | | | | | | | demangle_path() in rust-demangle.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3530 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-3549 | | | | binutils: heap-based | | | | | | | buffer overflow in | | | | | | | avr_elf32_load_records_from_section() | | | | | | | via large section parameter | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3549 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-3826 | | | | libiberty: Heap/stack buffer | | | | | | | overflow in the dlang_lname | | | | | | | function in d-demangle.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3826 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-45078 | | | | binutils: out-of-bounds write in | | | | | | | stab_xcoff_builtin_type() in stabs.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-45078 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-46174 | | | | binutils: heap-based buffer | | | | | | | overflow in bfd_getl32() | | | | | | | in libbfd.c via objdump | | | | | | | -->avd.aquasec.com/nvd/cve-2021-46174 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-46195 | | | | gcc: uncontrolled recursion | | | | | | | in libiberty/rust-demangle.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-46195 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-35205 | | | | binutils: reachable assertion in | | | | | | | display_debug_names() in dwarf.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-35205 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-35206 | | | | binutils: NULL pointer dereference | | | | | | | in read_and_display_attr_value() | | | | | | | in dwarf.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-35206 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-38533 | | | | binutils: heap-based buffer overflow | | | | | | | in bfd_getl32() when called by | | | | | | | strip_main() in objcopy.c... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-38533 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-4285 | | | | binutils: NULL | | | | | | | pointer dereference in | | | | | | | _bfd_elf_get_symbol_version_string | | | | | | | leads to segfault | | | | | | | -->avd.aquasec.com/nvd/cve-2022-4285 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-44840 | | | | binutils: heap-based buffer overflow | | | | | | | in find_section_in_set() in readelf.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-44840 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-45703 | | | | binutils: heap-based | | | | | | | buffer overflow in | | | | | | | display_debug_section() in readelf.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-45703 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-47007 | | | | binutils: memory leak in | | | | | | | stab_demangle_v3_arg() in stabs.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-47007 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-47008 | | | | binutils: memory leak | | | | | | | in make_tempdir() and | | | | | | | make_tempname() in bucomm.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-47008 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-47010 | | | | binutils: memory leak in | | | | | | | pr_function_type() in prdbg.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-47010 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-47011 | | | | binutils: memory leak in | | | | | | | parse_stab_struct_fields() in stabs.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-47011 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-47673 | | | | binutils: out-of-bounds | | | | | | | read in parse_module() in | | | | | | | bfd/vms-alpha.c via addr2line | | | | | | | -->avd.aquasec.com/nvd/cve-2022-47673 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-47695 | | | | binutils: uninitialized field in | | | | | | | bfd_mach_o_get_synthetic_symtab() | | | | | | | in match-o.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-47695 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-47696 | | | | binutils: segmentation fault in | | | | | | | compare_symbols() in objdump.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-47696 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-48063 | | | | binutils: excessive | | | | | | | memory consumption in | | | | | | | load_separate_debug_files() | | | | | | | in dwarf.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-48063 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-48064 | | | | binutils: excessive | | | | | | | memory consumption in | | | | | | | _bfd_dwarf2_find_nearest_line_with_alt() | | | | | | | in dwarf2.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-48064 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-48065 | | | | binutils: memory leak in | | | | | | | find_abstract_instance() in dwarf2.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-48065 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-1579 | | | | binutils: Heap-buffer-overflow | | | | | | | binutils-gdb/bfd/libbfd.c | | | | | | | in bfd_getl64 | | | | | | | -->avd.aquasec.com/nvd/cve-2023-1579 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-1972 | | | | binutils: Illegal memory access when | | | | | | | accessing a zer0-lengthverdef table | | | | | | | -->avd.aquasec.com/nvd/cve-2023-1972 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-25584 | | | | binutils: Out of bounds | | | | | | | read in parse_module | | | | | | | function in bfd/vms-alpha.c | | | | | | | -->avd.aquasec.com/nvd/cve-2023-25584 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-25585 | | | | binutils: Field `file_table` | | | | | | | of `struct module | | | | | | | *module` is uninitialized | | | | | | | -->avd.aquasec.com/nvd/cve-2023-25585 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-25586 | | | | binutils: Local variable | | | | | | | `ch_type` in function | | | | | | | `bfd_init_section_decompress_status` | | | | | | | can be uninitialized | | | | | | | -->avd.aquasec.com/nvd/cve-2023-25586 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-25588 | | | | binutils: Field | | | | | | | `the_bfd` of `asymbol` is | | | | | | | uninitialized in function | | | | | | | `bfd_mach_o_get_synthetic_symtab` | | | | | | | -->avd.aquasec.com/nvd/cve-2023-25588 | +------------------------------+---------------------+----------+-------------------------+------------------------------+--------------------------------------------------------------------+ | libcurl3-gnutls | CVE-2022-32221 | CRITICAL | 7.74.0-1.3+deb11u2 | 7.74.0-1.3+deb11u5 | curl: POST following PUT confusion | | | | | | | -->avd.aquasec.com/nvd/cve-2022-32221 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-23914 | | | | curl: HSTS ignored | | | | | | | on multiple requests | | | | | | | -->avd.aquasec.com/nvd/cve-2023-23914 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-38545 | | | 7.74.0-1.3+deb11u10 | curl: heap based buffer overflow | | | | | | | in the SOCKS5 proxy handshake | | | | | | | -->avd.aquasec.com/nvd/cve-2023-38545 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-42916 | HIGH | | | curl: HSTS bypass via IDN | | | | | | | -->avd.aquasec.com/nvd/cve-2022-42916 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-43551 | | | | curl: HSTS bypass via IDN | | | | | | | -->avd.aquasec.com/nvd/cve-2022-43551 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-27533 | | | 7.74.0-1.3+deb11u8 | curl: TELNET option IAC injection | | | | | | | -->avd.aquasec.com/nvd/cve-2023-27533 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-27534 | | | | curl: SFTP path ~ | | | | | | | resolving discrepancy | | | | | | | -->avd.aquasec.com/nvd/cve-2023-27534 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2024-2398 | | | | curl: HTTP/2 push | | | | | | | headers memory-leak | | | | | | | -->avd.aquasec.com/nvd/cve-2024-2398 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-43552 | MEDIUM | | 7.74.0-1.3+deb11u5 | curl: Use-after-free triggered | | | | | | | by an HTTP proxy deny response | | | | | | | -->avd.aquasec.com/nvd/cve-2022-43552 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-23915 | | | | curl: HSTS amnesia with --parallel | | | | | | | -->avd.aquasec.com/nvd/cve-2023-23915 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-23916 | | | 7.74.0-1.3+deb11u7 | curl: HTTP multi-header | | | | | | | compression denial of service | | | | | | | -->avd.aquasec.com/nvd/cve-2023-23916 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-27535 | | | 7.74.0-1.3+deb11u8 | curl: FTP too eager connection reuse | | | | | | | -->avd.aquasec.com/nvd/cve-2023-27535 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-27536 | | | | curl: GSS delegation too | | | | | | | eager connection re-use | | | | | | | -->avd.aquasec.com/nvd/cve-2023-27536 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-27538 | | | | curl: SSH connection | | | | | | | too eager reuse still | | | | | | | -->avd.aquasec.com/nvd/cve-2023-27538 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-28321 | | | 7.74.0-1.3+deb11u9 | curl: IDN wildcard match may lead | | | | | | | to Improper Cerificate Validation | | | | | | | -->avd.aquasec.com/nvd/cve-2023-28321 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-46218 | | | 7.74.0-1.3+deb11u11 | curl: information disclosure | | | | | | | by exploiting a mixed case flaw | | | | | | | -->avd.aquasec.com/nvd/cve-2023-46218 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-46219 | | | | curl: excessively long file name | | | | | | | may lead to unknown HSTS status | | | | | | | -->avd.aquasec.com/nvd/cve-2023-46219 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-22922 | LOW | | | curl: Content not matching hash | | | | | | | in Metalink is not being discarded | | | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-22923 | | | | curl: Metalink download | | | | | | | sends credentials | | | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-35252 | | | 7.74.0-1.3+deb11u3 | curl: Incorrect handling of | | | | | | | control code characters in cookies | | | | | | | -->avd.aquasec.com/nvd/cve-2022-35252 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-28320 | | | | curl: siglongjmp race | | | | | | | condition may lead to crash | | | | | | | -->avd.aquasec.com/nvd/cve-2023-28320 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-28322 | | | 7.74.0-1.3+deb11u9 | curl: more POST-after-PUT confusion | | | | | | | -->avd.aquasec.com/nvd/cve-2023-28322 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-38546 | | | 7.74.0-1.3+deb11u10 | curl: cookie injection with none file | | | | | | | -->avd.aquasec.com/nvd/cve-2023-38546 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2024-2379 | | | | curl: QUIC certificate | | | | | | | check bypass with wolfSSL | | | | | | | -->avd.aquasec.com/nvd/cve-2024-2379 | +------------------------------+---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | libcurl4 | CVE-2022-32221 | CRITICAL | | 7.74.0-1.3+deb11u5 | curl: POST following PUT confusion | | | | | | | -->avd.aquasec.com/nvd/cve-2022-32221 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-23914 | | | | curl: HSTS ignored | | | | | | | on multiple requests | | | | | | | -->avd.aquasec.com/nvd/cve-2023-23914 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-38545 | | | 7.74.0-1.3+deb11u10 | curl: heap based buffer overflow | | | | | | | in the SOCKS5 proxy handshake | | | | | | | -->avd.aquasec.com/nvd/cve-2023-38545 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-42916 | HIGH | | | curl: HSTS bypass via IDN | | | | | | | -->avd.aquasec.com/nvd/cve-2022-42916 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-43551 | | | | curl: HSTS bypass via IDN | | | | | | | -->avd.aquasec.com/nvd/cve-2022-43551 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-27533 | | | 7.74.0-1.3+deb11u8 | curl: TELNET option IAC injection | | | | | | | -->avd.aquasec.com/nvd/cve-2023-27533 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-27534 | | | | curl: SFTP path ~ | | | | | | | resolving discrepancy | | | | | | | -->avd.aquasec.com/nvd/cve-2023-27534 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2024-2398 | | | | curl: HTTP/2 push | | | | | | | headers memory-leak | | | | | | | -->avd.aquasec.com/nvd/cve-2024-2398 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-43552 | MEDIUM | | 7.74.0-1.3+deb11u5 | curl: Use-after-free triggered | | | | | | | by an HTTP proxy deny response | | | | | | | -->avd.aquasec.com/nvd/cve-2022-43552 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-23915 | | | | curl: HSTS amnesia with --parallel | | | | | | | -->avd.aquasec.com/nvd/cve-2023-23915 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-23916 | | | 7.74.0-1.3+deb11u7 | curl: HTTP multi-header | | | | | | | compression denial of service | | | | | | | -->avd.aquasec.com/nvd/cve-2023-23916 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-27535 | | | 7.74.0-1.3+deb11u8 | curl: FTP too eager connection reuse | | | | | | | -->avd.aquasec.com/nvd/cve-2023-27535 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-27536 | | | | curl: GSS delegation too | | | | | | | eager connection re-use | | | | | | | -->avd.aquasec.com/nvd/cve-2023-27536 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-27538 | | | | curl: SSH connection | | | | | | | too eager reuse still | | | | | | | -->avd.aquasec.com/nvd/cve-2023-27538 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-28321 | | | 7.74.0-1.3+deb11u9 | curl: IDN wildcard match may lead | | | | | | | to Improper Cerificate Validation | | | | | | | -->avd.aquasec.com/nvd/cve-2023-28321 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-46218 | | | 7.74.0-1.3+deb11u11 | curl: information disclosure | | | | | | | by exploiting a mixed case flaw | | | | | | | -->avd.aquasec.com/nvd/cve-2023-46218 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-46219 | | | | curl: excessively long file name | | | | | | | may lead to unknown HSTS status | | | | | | | -->avd.aquasec.com/nvd/cve-2023-46219 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-22922 | LOW | | | curl: Content not matching hash | | | | | | | in Metalink is not being discarded | | | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-22923 | | | | curl: Metalink download | | | | | | | sends credentials | | | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-35252 | | | 7.74.0-1.3+deb11u3 | curl: Incorrect handling of | | | | | | | control code characters in cookies | | | | | | | -->avd.aquasec.com/nvd/cve-2022-35252 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-28320 | | | | curl: siglongjmp race | | | | | | | condition may lead to crash | | | | | | | -->avd.aquasec.com/nvd/cve-2023-28320 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-28322 | | | 7.74.0-1.3+deb11u9 | curl: more POST-after-PUT confusion | | | | | | | -->avd.aquasec.com/nvd/cve-2023-28322 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-38546 | | | 7.74.0-1.3+deb11u10 | curl: cookie injection with none file | | | | | | | -->avd.aquasec.com/nvd/cve-2023-38546 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2024-2379 | | | | curl: QUIC certificate | | | | | | | check bypass with wolfSSL | | | | | | | -->avd.aquasec.com/nvd/cve-2024-2379 | +------------------------------+---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | libcurl4-openssl-dev | CVE-2022-32221 | CRITICAL | | 7.74.0-1.3+deb11u5 | curl: POST following PUT confusion | | | | | | | -->avd.aquasec.com/nvd/cve-2022-32221 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-23914 | | | | curl: HSTS ignored | | | | | | | on multiple requests | | | | | | | -->avd.aquasec.com/nvd/cve-2023-23914 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-38545 | | | 7.74.0-1.3+deb11u10 | curl: heap based buffer overflow | | | | | | | in the SOCKS5 proxy handshake | | | | | | | -->avd.aquasec.com/nvd/cve-2023-38545 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-42916 | HIGH | | | curl: HSTS bypass via IDN | | | | | | | -->avd.aquasec.com/nvd/cve-2022-42916 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-43551 | | | | curl: HSTS bypass via IDN | | | | | | | -->avd.aquasec.com/nvd/cve-2022-43551 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-27533 | | | 7.74.0-1.3+deb11u8 | curl: TELNET option IAC injection | | | | | | | -->avd.aquasec.com/nvd/cve-2023-27533 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-27534 | | | | curl: SFTP path ~ | | | | | | | resolving discrepancy | | | | | | | -->avd.aquasec.com/nvd/cve-2023-27534 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2024-2398 | | | | curl: HTTP/2 push | | | | | | | headers memory-leak | | | | | | | -->avd.aquasec.com/nvd/cve-2024-2398 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-43552 | MEDIUM | | 7.74.0-1.3+deb11u5 | curl: Use-after-free triggered | | | | | | | by an HTTP proxy deny response | | | | | | | -->avd.aquasec.com/nvd/cve-2022-43552 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-23915 | | | | curl: HSTS amnesia with --parallel | | | | | | | -->avd.aquasec.com/nvd/cve-2023-23915 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-23916 | | | 7.74.0-1.3+deb11u7 | curl: HTTP multi-header | | | | | | | compression denial of service | | | | | | | -->avd.aquasec.com/nvd/cve-2023-23916 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-27535 | | | 7.74.0-1.3+deb11u8 | curl: FTP too eager connection reuse | | | | | | | -->avd.aquasec.com/nvd/cve-2023-27535 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-27536 | | | | curl: GSS delegation too | | | | | | | eager connection re-use | | | | | | | -->avd.aquasec.com/nvd/cve-2023-27536 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-27538 | | | | curl: SSH connection | | | | | | | too eager reuse still | | | | | | | -->avd.aquasec.com/nvd/cve-2023-27538 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-28321 | | | 7.74.0-1.3+deb11u9 | curl: IDN wildcard match may lead | | | | | | | to Improper Cerificate Validation | | | | | | | -->avd.aquasec.com/nvd/cve-2023-28321 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-46218 | | | 7.74.0-1.3+deb11u11 | curl: information disclosure | | | | | | | by exploiting a mixed case flaw | | | | | | | -->avd.aquasec.com/nvd/cve-2023-46218 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-46219 | | | | curl: excessively long file name | | | | | | | may lead to unknown HSTS status | | | | | | | -->avd.aquasec.com/nvd/cve-2023-46219 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-22922 | LOW | | | curl: Content not matching hash | | | | | | | in Metalink is not being discarded | | | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-22923 | | | | curl: Metalink download | | | | | | | sends credentials | | | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-35252 | | | 7.74.0-1.3+deb11u3 | curl: Incorrect handling of | | | | | | | control code characters in cookies | | | | | | | -->avd.aquasec.com/nvd/cve-2022-35252 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-28320 | | | | curl: siglongjmp race | | | | | | | condition may lead to crash | | | | | | | -->avd.aquasec.com/nvd/cve-2023-28320 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-28322 | | | 7.74.0-1.3+deb11u9 | curl: more POST-after-PUT confusion | | | | | | | -->avd.aquasec.com/nvd/cve-2023-28322 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-38546 | | | 7.74.0-1.3+deb11u10 | curl: cookie injection with none file | | | | | | | -->avd.aquasec.com/nvd/cve-2023-38546 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2024-2379 | | | | curl: QUIC certificate | | | | | | | check bypass with wolfSSL | | | | | | | -->avd.aquasec.com/nvd/cve-2024-2379 | +------------------------------+---------------------+----------+-------------------------+------------------------------+--------------------------------------------------------------------+ | libdav1d4 | CVE-2023-32570 | MEDIUM | 0.7.1-3 | | VideoLAN dav1d before 1.2.0 | | | | | | | has a thread_task.c race | | | | | | | condition that ca ...... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-32570 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2024-1580 | UNKNOWN | | | An integer overflow in | | | | | | | dav1d AV1 decoder that | | | | | | | can occur when decoding... | | | | | | | -->avd.aquasec.com/nvd/cve-2024-1580 | +------------------------------+---------------------+----------+-------------------------+------------------------------+--------------------------------------------------------------------+ | libdb5.3 | CVE-2019-8457 | CRITICAL | 5.3.28+dfsg1-0.8 | | sqlite: heap out-of-bound | | | | | | | read in function rtreenode() | | | | | | | -->avd.aquasec.com/nvd/cve-2019-8457 | +------------------------------+ + + +------------------------------+ + | libdb5.3-dev | | | | | | | | | | | | | | | | | | | | +------------------------------+---------------------+ +-------------------------+------------------------------+--------------------------------------------------------------------+ | libde265-0 | CVE-2022-1253 | | 1.0.8-1 | 1.0.11-0+deb11u1 | Heap-based Buffer Overflow | | | | | | | in GitHub repository | | | | | | | strukturag/libde265 pr ... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-1253 | + +---------------------+----------+ + +--------------------------------------------------------------------+ | | CVE-2020-21598 | HIGH | | | libde265 v1.0.4 contains | | | | | | | a heap buffer overflow in | | | | | | | the ff_hevc_put_unw ... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-21598 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-36409 | | | | There is an Assertion | | | | | | | `scaling_list_pred_matrix_id_delta==1' | | | | | | | failed at ... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-36409 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-47655 | | | | Libde265 1.0.9 is vulnerable | | | | | | | to Buffer Overflow in | | | | | | | function void put_q ...... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-47655 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-47664 | | | | Libde265 1.0.9 is vulnerable | | | | | | | to Buffer Overflow in | | | | | | | ff_hevc_put_hevc_qp ... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-47664 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-47665 | | | | Libde265 1.0.9 has a heap | | | | | | | buffer overflow vulnerability | | | | | | | in de265_image ... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-47665 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-25221 | | | | Libde265 v1.0.10 was | | | | | | | discovered to contain a | | | | | | | heap-buffer-overflow vuln ... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-25221 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-27103 | | | 1.0.11-0+deb11u2 | Libde265 v1.0.11 was | | | | | | | discovered to contain a | | | | | | | heap buffer overflow via ... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-27103 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-43887 | | | | Libde265 v1.0.12 was | | | | | | | discovered to contain multiple | | | | | | | buffer overflows v ... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-43887 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-49465 | | | 1.0.11-0+deb11u3 | Libde265 v1.0.14 was | | | | | | | discovered to contain a | | | | | | | heap-buffer-overflow vuln ... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-49465 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-49467 | | | | Libde265 v1.0.14 was | | | | | | | discovered to contain a | | | | | | | heap-buffer-overflow vuln ... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-49467 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-49468 | | | | Libde265 v1.0.14 was | | | | | | | discovered to contain a global | | | | | | | buffer overflow vu ...... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-49468 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2020-21594 | MEDIUM | | 1.0.11-0+deb11u1 | libde265 v1.0.4 contains | | | | | | | a heap buffer overflow in | | | | | | | the put_epel_hv_fal ... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-21594 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2020-21595 | | | | libde265 v1.0.4 contains | | | | | | | a heap buffer overflow in | | | | | | | the mc_luma functio ...... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-21595 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2020-21596 | | | | libde265 v1.0.4 contains | | | | | | | a global buffer overflow | | | | | | | in the decode_CABAC_ ... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-21596 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2020-21597 | | | | libde265 v1.0.4 contains | | | | | | | a heap buffer overflow in | | | | | | | the mc_chroma funct ...... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-21597 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2020-21599 | | | | libde265 v1.0.4 contains | | | | | | | a heap buffer overflow in | | | | | | | the de265_image::av ... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-21599 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2020-21600 | | | | libde265 v1.0.4 contains | | | | | | | a heap buffer overflow in | | | | | | | the put_weighted_pr ... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-21600 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2020-21601 | | | | libde265 v1.0.4 contains | | | | | | | a stack buffer overflow | | | | | | | in the put_qpel_fallb ... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-21601 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2020-21602 | | | | libde265 v1.0.4 contains | | | | | | | a heap buffer overflow in | | | | | | | the put_weighted_bi ... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-21602 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2020-21603 | | | | libde265 v1.0.4 contains | | | | | | | a heap buffer overflow in | | | | | | | the put_qpel_0_0_fa ... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-21603 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2020-21604 | | | | libde265 v1.0.4 contains a | | | | | | | heap buffer overflow fault | | | | | | | in the _mm_loadl ...... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-21604 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2020-21605 | | | | libde265 v1.0.4 contains | | | | | | | a segmentation fault in | | | | | | | the apply_sao_interna ... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-21605 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2020-21606 | | | | libde265 v1.0.4 contains a | | | | | | | heap buffer overflow fault | | | | | | | in the put_epel_ ...... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-21606 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-35452 | | | | An Incorrect Access Control | | | | | | | vulnerability exists in | | | | | | | libde265 v1.0.8 du ... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-35452 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-36408 | | | | An issue was discovered | | | | | | | in libde265 v1.0.8.There | | | | | | | is a Heap-use-after-f ... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-36408 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-36410 | | | | A stack-buffer-overflow | | | | | | | exists in libde265 v1.0.8 | | | | | | | via fallback-motion. ... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-36410 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-36411 | | | | An issue has been found in libde265 | | | | | | | v1.0.8 due to incorrect access... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-36411 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-43235 | | | | Libde265 v1.0.8 was | | | | | | | discovered to contain a | | | | | | | heap-buffer-overflow vulne ... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-43235 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-43236 | | | | Libde265 v1.0.8 was | | | | | | | discovered to contain a | | | | | | | stack-buffer-overflow vuln ... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-43236 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-43237 | | | | Libde265 v1.0.8 was | | | | | | | discovered to contain a | | | | | | | stack-buffer-overflow vuln ... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-43237 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-43238 | | | | Libde265 v1.0.8 was discovered | | | | | | | to contain an unknown | | | | | | | crash via ff_hevc ...... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-43238 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-43239 | | | | Libde265 v1.0.8 was | | | | | | | discovered to contain a | | | | | | | heap-buffer-overflow vulne ... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-43239 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-43240 | | | | Libde265 v1.0.8 was | | | | | | | discovered to contain a | | | | | | | heap-buffer-overflow vulne ... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-43240 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-43241 | | | | Libde265 v1.0.8 was discovered | | | | | | | to contain an unknown | | | | | | | crash via ff_hevc ...... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-43241 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-43242 | | | | Libde265 v1.0.8 was | | | | | | | discovered to contain a | | | | | | | heap-buffer-overflow vulne ... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-43242 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-43243 | | | | Libde265 v1.0.8 was | | | | | | | discovered to contain a | | | | | | | heap-buffer-overflow vulne ... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-43243 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-43244 | | | | Libde265 v1.0.8 was | | | | | | | discovered to contain a | | | | | | | heap-buffer-overflow vulne ... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-43244 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-43245 | | | | Libde265 v1.0.8 was | | | | | | | discovered to contain a | | | | | | | segmentation violation via ... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-43245 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-43248 | | | | Libde265 v1.0.8 was | | | | | | | discovered to contain a | | | | | | | heap-buffer-overflow vulne ... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-43248 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-43249 | | | | Libde265 v1.0.8 was | | | | | | | discovered to contain a | | | | | | | heap-buffer-overflow vulne ... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-43249 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-43250 | | | | Libde265 v1.0.8 was | | | | | | | discovered to contain a | | | | | | | heap-buffer-overflow vulne ... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-43250 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-43252 | | | | Libde265 v1.0.8 was | | | | | | | discovered to contain a | | | | | | | heap-buffer-overflow vulne ... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-43252 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-43253 | | | | Libde265 v1.0.8 was | | | | | | | discovered to contain a | | | | | | | heap-buffer-overflow vulne ... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-43253 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-24751 | | | | libde265 v1.0.10 was | | | | | | | discovered to contain a NULL | | | | | | | pointer dereference ...... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-24751 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-24752 | | | | libde265 v1.0.10 was | | | | | | | discovered to contain a NULL | | | | | | | pointer dereference ...... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-24752 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-24754 | | | | libde265 v1.0.10 was | | | | | | | discovered to contain a NULL | | | | | | | pointer dereference ...... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-24754 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-24755 | | | | libde265 v1.0.10 was | | | | | | | discovered to contain a NULL | | | | | | | pointer dereference ...... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-24755 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-24756 | | | | libde265 v1.0.10 was | | | | | | | discovered to contain a NULL | | | | | | | pointer dereference ...... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-24756 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-24757 | | | | libde265 v1.0.10 was | | | | | | | discovered to contain a NULL | | | | | | | pointer dereference ...... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-24757 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-24758 | | | | libde265 v1.0.10 was | | | | | | | discovered to contain a NULL | | | | | | | pointer dereference ...... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-24758 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-27102 | | | 1.0.11-0+deb11u2 | Libde265 v1.0.11 was | | | | | | | discovered to contain a | | | | | | | segmentation violation vi ... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-27102 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-47471 | | | | Buffer Overflow vulnerability | | | | | | | in strukturag libde265 | | | | | | | v1.10.12 allows a ... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-47471 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-51792 | UNKNOWN | | | Buffer Overflow vulnerability | | | | | | | in libde265 v1.0.12 | | | | | | | allows a local attac ... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-51792 | +------------------------------+---------------------+----------+-------------------------+------------------------------+--------------------------------------------------------------------+ | libdjvulibre-dev | CVE-2021-46310 | MEDIUM | 3.5.28-2 | | An issue was discovered | | | | | | | IW44Image.cpp in djvulibre | | | | | | | 3.5.28 in allows at ...... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-46310 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-46312 | | | | An issue was discovered | | | | | | | IW44EncodeCodec.cpp in | | | | | | | djvulibre 3.5.28 in all ... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-46312 | +------------------------------+---------------------+ + +------------------------------+--------------------------------------------------------------------+ | libdjvulibre-text | CVE-2021-46310 | | | | An issue was discovered | | | | | | | IW44Image.cpp in djvulibre | | | | | | | 3.5.28 in allows at ...... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-46310 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-46312 | | | | An issue was discovered | | | | | | | IW44EncodeCodec.cpp in | | | | | | | djvulibre 3.5.28 in all ... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-46312 | +------------------------------+---------------------+ + +------------------------------+--------------------------------------------------------------------+ | libdjvulibre21 | CVE-2021-46310 | | | | An issue was discovered | | | | | | | IW44Image.cpp in djvulibre | | | | | | | 3.5.28 in allows at ...... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-46310 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-46312 | | | | An issue was discovered | | | | | | | IW44EncodeCodec.cpp in | | | | | | | djvulibre 3.5.28 in all ... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-46312 | +------------------------------+---------------------+----------+-------------------------+------------------------------+--------------------------------------------------------------------+ | libelf1 | CVE-2021-33294 | LOW | 0.183-1 | | elfutils: an infinite loop | | | | | | | was found in the function | | | | | | | handle_symtab in readelf.c... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-33294 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2024-25260 | | | | elfutils: global-buffer-overflow | | | | | | | exists in the function | | | | | | | ebl_machine_flag_name | | | | | | | in eblmachineflagname.c | | | | | | | -->avd.aquasec.com/nvd/cve-2024-25260 | +------------------------------+---------------------+----------+-------------------------+------------------------------+--------------------------------------------------------------------+ | libexpat1 | CVE-2022-40674 | HIGH | 2.2.10-2+deb11u3 | 2.2.10-2+deb11u4 | expat: a use-after-free in the | | | | | | | doContent function in xmlparse.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-40674 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-43680 | | | 2.2.10-2+deb11u5 | expat: use-after free caused | | | | | | | by overeager destruction | | | | | | | of a shared DTD in... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-43680 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-52425 | | | | expat: parsing large tokens | | | | | | | can trigger a denial of service | | | | | | | -->avd.aquasec.com/nvd/cve-2023-52425 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2013-0340 | LOW | | | expat: internal entity expansion | | | | | | | -->avd.aquasec.com/nvd/cve-2013-0340 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-52426 | | | | expat: recursive XML entity | | | | | | | expansion vulnerability | | | | | | | -->avd.aquasec.com/nvd/cve-2023-52426 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2024-28757 | | | | expat: XML Entity Expansion | | | | | | | -->avd.aquasec.com/nvd/cve-2024-28757 | +------------------------------+---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | libexpat1-dev | CVE-2022-40674 | HIGH | | 2.2.10-2+deb11u4 | expat: a use-after-free in the | | | | | | | doContent function in xmlparse.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-40674 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-43680 | | | 2.2.10-2+deb11u5 | expat: use-after free caused | | | | | | | by overeager destruction | | | | | | | of a shared DTD in... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-43680 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-52425 | | | | expat: parsing large tokens | | | | | | | can trigger a denial of service | | | | | | | -->avd.aquasec.com/nvd/cve-2023-52425 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2013-0340 | LOW | | | expat: internal entity expansion | | | | | | | -->avd.aquasec.com/nvd/cve-2013-0340 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-52426 | | | | expat: recursive XML entity | | | | | | | expansion vulnerability | | | | | | | -->avd.aquasec.com/nvd/cve-2023-52426 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2024-28757 | | | | expat: XML Entity Expansion | | | | | | | -->avd.aquasec.com/nvd/cve-2024-28757 | +------------------------------+---------------------+----------+-------------------------+------------------------------+--------------------------------------------------------------------+ | libext2fs2 | CVE-2022-1304 | HIGH | 1.46.2-2 | | e2fsprogs: out-of-bounds | | | | | | | read/write via crafted filesystem | | | | | | | -->avd.aquasec.com/nvd/cve-2022-1304 | +------------------------------+---------------------+----------+-------------------------+------------------------------+--------------------------------------------------------------------+ | libfreetype-dev | CVE-2022-31782 | LOW | 2.10.4+dfsg-1+deb11u1 | | ftbench.c in FreeType Demo | | | | | | | Programs through 2.12.1 | | | | | | | has a heap-based bu ...... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-31782 | +------------------------------+ + + +------------------------------+ + | libfreetype6 | | | | | | | | | | | | | | | | | | | | | | | | | | | +------------------------------+ + + +------------------------------+ + | libfreetype6-dev | | | | | | | | | | | | | | | | | | | | | | | | | | | +------------------------------+---------------------+----------+-------------------------+------------------------------+--------------------------------------------------------------------+ | libgcc-10-dev | CVE-2023-4039 | MEDIUM | 10.2.1-6 | | gcc: -fstack-protector | | | | | | | fails to guard dynamic | | | | | | | stack allocations on ARM64 | | | | | | | -->avd.aquasec.com/nvd/cve-2023-4039 | +------------------------------+ + + +------------------------------+ + | libgcc-s1 | | | | | | | | | | | | | | | | | | | | | | | | | | | +------------------------------+---------------------+----------+-------------------------+------------------------------+--------------------------------------------------------------------+ | libgcrypt20 | CVE-2021-33560 | HIGH | 1.8.7-6 | | libgcrypt: mishandles ElGamal | | | | | | | encryption because it lacks | | | | | | | exponent blinding to address a... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-33560 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2024-2236 | MEDIUM | | | libgcrypt: vulnerable | | | | | | | to Marvin Attack | | | | | | | -->avd.aquasec.com/nvd/cve-2024-2236 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2018-6829 | LOW | | | libgcrypt: ElGamal implementation | | | | | | | doesn't have semantic security due | | | | | | | to incorrectly encoded plaintexts... | | | | | | | -->avd.aquasec.com/nvd/cve-2018-6829 | +------------------------------+---------------------+----------+-------------------------+------------------------------+--------------------------------------------------------------------+ | libgdk-pixbuf-2.0-0 | CVE-2021-44648 | HIGH | 2.42.2+dfsg-1 | 2.42.2+dfsg-1+deb11u1 | gdk-pixbuf: heap-buffer overflow | | | | | | | when decoding the lzw compressed | | | | | | | stream of image data... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-44648 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-46829 | | | | gdk-pixbuf: heap-based buffer | | | | | | | overflow when compositing or | | | | | | | clearing frames in GIF files... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-46829 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-48622 | | | | gnome: heap memory | | | | | | | corruption on gdk-pixbuf | | | | | | | -->avd.aquasec.com/nvd/cve-2022-48622 | +------------------------------+---------------------+ + +------------------------------+--------------------------------------------------------------------+ | libgdk-pixbuf-2.0-dev | CVE-2021-44648 | | | 2.42.2+dfsg-1+deb11u1 | gdk-pixbuf: heap-buffer overflow | | | | | | | when decoding the lzw compressed | | | | | | | stream of image data... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-44648 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-46829 | | | | gdk-pixbuf: heap-based buffer | | | | | | | overflow when compositing or | | | | | | | clearing frames in GIF files... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-46829 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-48622 | | | | gnome: heap memory | | | | | | | corruption on gdk-pixbuf | | | | | | | -->avd.aquasec.com/nvd/cve-2022-48622 | +------------------------------+---------------------+ + +------------------------------+--------------------------------------------------------------------+ | libgdk-pixbuf2.0-bin | CVE-2021-44648 | | | 2.42.2+dfsg-1+deb11u1 | gdk-pixbuf: heap-buffer overflow | | | | | | | when decoding the lzw compressed | | | | | | | stream of image data... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-44648 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-46829 | | | | gdk-pixbuf: heap-based buffer | | | | | | | overflow when compositing or | | | | | | | clearing frames in GIF files... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-46829 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-48622 | | | | gnome: heap memory | | | | | | | corruption on gdk-pixbuf | | | | | | | -->avd.aquasec.com/nvd/cve-2022-48622 | +------------------------------+---------------------+ + +------------------------------+--------------------------------------------------------------------+ | libgdk-pixbuf2.0-common | CVE-2021-44648 | | | 2.42.2+dfsg-1+deb11u1 | gdk-pixbuf: heap-buffer overflow | | | | | | | when decoding the lzw compressed | | | | | | | stream of image data... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-44648 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-46829 | | | | gdk-pixbuf: heap-based buffer | | | | | | | overflow when compositing or | | | | | | | clearing frames in GIF files... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-46829 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-48622 | | | | gnome: heap memory | | | | | | | corruption on gdk-pixbuf | | | | | | | -->avd.aquasec.com/nvd/cve-2022-48622 | +------------------------------+---------------------+ +-------------------------+------------------------------+--------------------------------------------------------------------+ | libglib2.0-0 | CVE-2023-29499 | | 2.66.8-1 | 2.66.8-1+deb11u1 | glib: GVariant offset table entry | | | | | | | size is not checked in is_normal() | | | | | | | -->avd.aquasec.com/nvd/cve-2023-29499 | + +---------------------+----------+ + +--------------------------------------------------------------------+ | | CVE-2023-32611 | MEDIUM | | | glib: g_variant_byteswap() can take a | | | | | | | long time with some non-normal inputs | | | | | | | -->avd.aquasec.com/nvd/cve-2023-32611 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-32665 | | | | glib: GVariant deserialisation does | | | | | | | not match spec for non-normal data | | | | | | | -->avd.aquasec.com/nvd/cve-2023-32665 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2012-0039 | LOW | | | glib2: hash table | | | | | | | collisions CPU usage DoS | | | | | | | -->avd.aquasec.com/nvd/cve-2012-0039 | +------------------------------+---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | libglib2.0-bin | CVE-2023-29499 | HIGH | | 2.66.8-1+deb11u1 | glib: GVariant offset table entry | | | | | | | size is not checked in is_normal() | | | | | | | -->avd.aquasec.com/nvd/cve-2023-29499 | + +---------------------+----------+ + +--------------------------------------------------------------------+ | | CVE-2023-32611 | MEDIUM | | | glib: g_variant_byteswap() can take a | | | | | | | long time with some non-normal inputs | | | | | | | -->avd.aquasec.com/nvd/cve-2023-32611 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-32665 | | | | glib: GVariant deserialisation does | | | | | | | not match spec for non-normal data | | | | | | | -->avd.aquasec.com/nvd/cve-2023-32665 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2012-0039 | LOW | | | glib2: hash table | | | | | | | collisions CPU usage DoS | | | | | | | -->avd.aquasec.com/nvd/cve-2012-0039 | +------------------------------+---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | libglib2.0-data | CVE-2023-29499 | HIGH | | 2.66.8-1+deb11u1 | glib: GVariant offset table entry | | | | | | | size is not checked in is_normal() | | | | | | | -->avd.aquasec.com/nvd/cve-2023-29499 | + +---------------------+----------+ + +--------------------------------------------------------------------+ | | CVE-2023-32611 | MEDIUM | | | glib: g_variant_byteswap() can take a | | | | | | | long time with some non-normal inputs | | | | | | | -->avd.aquasec.com/nvd/cve-2023-32611 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-32665 | | | | glib: GVariant deserialisation does | | | | | | | not match spec for non-normal data | | | | | | | -->avd.aquasec.com/nvd/cve-2023-32665 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2012-0039 | LOW | | | glib2: hash table | | | | | | | collisions CPU usage DoS | | | | | | | -->avd.aquasec.com/nvd/cve-2012-0039 | +------------------------------+---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | libglib2.0-dev | CVE-2023-29499 | HIGH | | 2.66.8-1+deb11u1 | glib: GVariant offset table entry | | | | | | | size is not checked in is_normal() | | | | | | | -->avd.aquasec.com/nvd/cve-2023-29499 | + +---------------------+----------+ + +--------------------------------------------------------------------+ | | CVE-2023-32611 | MEDIUM | | | glib: g_variant_byteswap() can take a | | | | | | | long time with some non-normal inputs | | | | | | | -->avd.aquasec.com/nvd/cve-2023-32611 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-32665 | | | | glib: GVariant deserialisation does | | | | | | | not match spec for non-normal data | | | | | | | -->avd.aquasec.com/nvd/cve-2023-32665 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2012-0039 | LOW | | | glib2: hash table | | | | | | | collisions CPU usage DoS | | | | | | | -->avd.aquasec.com/nvd/cve-2012-0039 | +------------------------------+---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | libglib2.0-dev-bin | CVE-2023-29499 | HIGH | | 2.66.8-1+deb11u1 | glib: GVariant offset table entry | | | | | | | size is not checked in is_normal() | | | | | | | -->avd.aquasec.com/nvd/cve-2023-29499 | + +---------------------+----------+ + +--------------------------------------------------------------------+ | | CVE-2023-32611 | MEDIUM | | | glib: g_variant_byteswap() can take a | | | | | | | long time with some non-normal inputs | | | | | | | -->avd.aquasec.com/nvd/cve-2023-32611 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-32665 | | | | glib: GVariant deserialisation does | | | | | | | not match spec for non-normal data | | | | | | | -->avd.aquasec.com/nvd/cve-2023-32665 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2012-0039 | LOW | | | glib2: hash table | | | | | | | collisions CPU usage DoS | | | | | | | -->avd.aquasec.com/nvd/cve-2012-0039 | +------------------------------+---------------------+----------+-------------------------+------------------------------+--------------------------------------------------------------------+ | libgnutls30 | CVE-2022-2509 | HIGH | 3.7.1-5+deb11u1 | 3.7.1-5+deb11u2 | gnutls: Double free | | | | | | | during gnutls_pkcs7_verify | | | | | | | -->avd.aquasec.com/nvd/cve-2022-2509 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-0361 | | | 3.7.1-5+deb11u3 | gnutls: timing side-channel in | | | | | | | the TLS RSA key exchange code | | | | | | | -->avd.aquasec.com/nvd/cve-2023-0361 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2024-0553 | | | | gnutls: incomplete | | | | | | | fix for CVE-2023-5981 | | | | | | | -->avd.aquasec.com/nvd/cve-2024-0553 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2024-0567 | | | | gnutls: rejects certificate | | | | | | | chain with distributed trust | | | | | | | -->avd.aquasec.com/nvd/cve-2024-0567 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-5981 | MEDIUM | | 3.7.1-5+deb11u4 | gnutls: timing side-channel | | | | | | | in the RSA-PSK authentication | | | | | | | -->avd.aquasec.com/nvd/cve-2023-5981 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2024-28834 | | | | gnutls: vulnerable to Minerva | | | | | | | side-channel information leak | | | | | | | -->avd.aquasec.com/nvd/cve-2024-28834 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2024-28835 | | | | gnutls: potential crash during | | | | | | | chain building/verification | | | | | | | -->avd.aquasec.com/nvd/cve-2024-28835 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2011-3389 | LOW | | | HTTPS: block-wise chosen-plaintext | | | | | | | attack against SSL/TLS (BEAST) | | | | | | | -->avd.aquasec.com/nvd/cve-2011-3389 | +------------------------------+---------------------+----------+-------------------------+------------------------------+--------------------------------------------------------------------+ | libgomp1 | CVE-2023-4039 | MEDIUM | 10.2.1-6 | | gcc: -fstack-protector | | | | | | | fails to guard dynamic | | | | | | | stack allocations on ARM64 | | | | | | | -->avd.aquasec.com/nvd/cve-2023-4039 | +------------------------------+---------------------+----------+-------------------------+------------------------------+--------------------------------------------------------------------+ | libgssapi-krb5-2 | CVE-2022-42898 | HIGH | 1.18.3-6+deb11u1 | 1.18.3-6+deb11u3 | krb5: integer overflow | | | | | | | vulnerabilities in PAC parsing | | | | | | | -->avd.aquasec.com/nvd/cve-2022-42898 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2024-26462 | | | | krb5: Memory leak at | | | | | | | /krb5/src/kdc/ndr.c | | | | | | | -->avd.aquasec.com/nvd/cve-2024-26462 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-36054 | MEDIUM | | 1.18.3-6+deb11u4 | krb5: Denial of service through | | | | | | | freeing uninitialized pointer | | | | | | | -->avd.aquasec.com/nvd/cve-2023-36054 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2024-26458 | | | | krb5: Memory leak at | | | | | | | /krb5/src/lib/rpc/pmap_rmt.c | | | | | | | -->avd.aquasec.com/nvd/cve-2024-26458 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2024-26461 | | | | krb5: Memory leak at | | | | | | | /krb5/src/lib/gssapi/krb5/k5sealv3.c | | | | | | | -->avd.aquasec.com/nvd/cve-2024-26461 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2018-5709 | LOW | | | krb5: integer overflow | | | | | | | in dbentry->n_key_data | | | | | | | in kadmin/dbutil/dump.c | | | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | +------------------------------+---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | libgssrpc4 | CVE-2022-42898 | HIGH | | 1.18.3-6+deb11u3 | krb5: integer overflow | | | | | | | vulnerabilities in PAC parsing | | | | | | | -->avd.aquasec.com/nvd/cve-2022-42898 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2024-26462 | | | | krb5: Memory leak at | | | | | | | /krb5/src/kdc/ndr.c | | | | | | | -->avd.aquasec.com/nvd/cve-2024-26462 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-36054 | MEDIUM | | 1.18.3-6+deb11u4 | krb5: Denial of service through | | | | | | | freeing uninitialized pointer | | | | | | | -->avd.aquasec.com/nvd/cve-2023-36054 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2024-26458 | | | | krb5: Memory leak at | | | | | | | /krb5/src/lib/rpc/pmap_rmt.c | | | | | | | -->avd.aquasec.com/nvd/cve-2024-26458 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2024-26461 | | | | krb5: Memory leak at | | | | | | | /krb5/src/lib/gssapi/krb5/k5sealv3.c | | | | | | | -->avd.aquasec.com/nvd/cve-2024-26461 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2018-5709 | LOW | | | krb5: integer overflow | | | | | | | in dbentry->n_key_data | | | | | | | in kadmin/dbutil/dump.c | | | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | +------------------------------+---------------------+----------+-------------------------+------------------------------+--------------------------------------------------------------------+ | libharfbuzz0b | CVE-2023-25193 | HIGH | 2.7.4-1 | | harfbuzz: allows attackers to trigger | | | | | | | O(n^2) growth via consecutive marks | | | | | | | -->avd.aquasec.com/nvd/cve-2023-25193 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-33068 | MEDIUM | | | harfbuzz: integer overflow in the | | | | | | | component hb-ot-shape-fallback.cc | | | | | | | -->avd.aquasec.com/nvd/cve-2022-33068 | +------------------------------+---------------------+----------+-------------------------+------------------------------+--------------------------------------------------------------------+ | libheif1 | CVE-2023-0996 | HIGH | 1.11.0-1 | | There is a vulnerability | | | | | | | in the strided image | | | | | | | data parsing code in... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-0996 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-49460 | | | | libheif v1.17.5 was | | | | | | | discovered to contain a | | | | | | | segmentation violation via ... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-49460 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-49462 | | | | libheif v1.17.5 was | | | | | | | discovered to contain a | | | | | | | segmentation violation via ... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-49462 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-49463 | | | | libheif v1.17.5 was | | | | | | | discovered to contain a | | | | | | | segmentation violation via ... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-49463 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-49464 | | | | libheif v1.17.5 was | | | | | | | discovered to contain a | | | | | | | segmentation violation via ... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-49464 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-29659 | MEDIUM | | | A Segmentation fault | | | | | | | caused by a floating point | | | | | | | exception exists in li... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-29659 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2024-25269 | LOW | | | libheif <= 1.17.6 contains a | | | | | | | memory leak in the function | | | | | | | JpegEncoder:: ...... | | | | | | | -->avd.aquasec.com/nvd/cve-2024-25269 | +------------------------------+---------------------+----------+-------------------------+------------------------------+--------------------------------------------------------------------+ | libitm1 | CVE-2023-4039 | MEDIUM | 10.2.1-6 | | gcc: -fstack-protector | | | | | | | fails to guard dynamic | | | | | | | stack allocations on ARM64 | | | | | | | -->avd.aquasec.com/nvd/cve-2023-4039 | +------------------------------+---------------------+----------+-------------------------+------------------------------+--------------------------------------------------------------------+ | libjbig-dev | CVE-2017-9937 | LOW | 2.1-3.1 | | libtiff: memory malloc failure | | | | | | | in tif_jbig.c could cause DOS. | | | | | | | -->avd.aquasec.com/nvd/cve-2017-9937 | +------------------------------+ + + +------------------------------+ + | libjbig0 | | | | | | | | | | | | | | | | | | | | +------------------------------+---------------------+----------+-------------------------+------------------------------+--------------------------------------------------------------------+ | libjpeg-dev | CVE-2021-46822 | MEDIUM | 1:2.0.6-4 | | libjpeg-turbo: heap buffer overflow | | | | | | | in get_word_rgb_row() in rdppm.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-46822 | +------------------------------+ + + +------------------------------+ + | libjpeg62-turbo | | | | | | | | | | | | | | | | | | | | +------------------------------+ + + +------------------------------+ + | libjpeg62-turbo-dev | | | | | | | | | | | | | | | | | | | | +------------------------------+---------------------+----------+-------------------------+------------------------------+--------------------------------------------------------------------+ | libk5crypto3 | CVE-2022-42898 | HIGH | 1.18.3-6+deb11u1 | 1.18.3-6+deb11u3 | krb5: integer overflow | | | | | | | vulnerabilities in PAC parsing | | | | | | | -->avd.aquasec.com/nvd/cve-2022-42898 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2024-26462 | | | | krb5: Memory leak at | | | | | | | /krb5/src/kdc/ndr.c | | | | | | | -->avd.aquasec.com/nvd/cve-2024-26462 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-36054 | MEDIUM | | 1.18.3-6+deb11u4 | krb5: Denial of service through | | | | | | | freeing uninitialized pointer | | | | | | | -->avd.aquasec.com/nvd/cve-2023-36054 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2024-26458 | | | | krb5: Memory leak at | | | | | | | /krb5/src/lib/rpc/pmap_rmt.c | | | | | | | -->avd.aquasec.com/nvd/cve-2024-26458 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2024-26461 | | | | krb5: Memory leak at | | | | | | | /krb5/src/lib/gssapi/krb5/k5sealv3.c | | | | | | | -->avd.aquasec.com/nvd/cve-2024-26461 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2018-5709 | LOW | | | krb5: integer overflow | | | | | | | in dbentry->n_key_data | | | | | | | in kadmin/dbutil/dump.c | | | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | +------------------------------+---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | libkadm5clnt-mit12 | CVE-2022-42898 | HIGH | | 1.18.3-6+deb11u3 | krb5: integer overflow | | | | | | | vulnerabilities in PAC parsing | | | | | | | -->avd.aquasec.com/nvd/cve-2022-42898 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2024-26462 | | | | krb5: Memory leak at | | | | | | | /krb5/src/kdc/ndr.c | | | | | | | -->avd.aquasec.com/nvd/cve-2024-26462 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-36054 | MEDIUM | | 1.18.3-6+deb11u4 | krb5: Denial of service through | | | | | | | freeing uninitialized pointer | | | | | | | -->avd.aquasec.com/nvd/cve-2023-36054 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2024-26458 | | | | krb5: Memory leak at | | | | | | | /krb5/src/lib/rpc/pmap_rmt.c | | | | | | | -->avd.aquasec.com/nvd/cve-2024-26458 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2024-26461 | | | | krb5: Memory leak at | | | | | | | /krb5/src/lib/gssapi/krb5/k5sealv3.c | | | | | | | -->avd.aquasec.com/nvd/cve-2024-26461 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2018-5709 | LOW | | | krb5: integer overflow | | | | | | | in dbentry->n_key_data | | | | | | | in kadmin/dbutil/dump.c | | | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | +------------------------------+---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | libkadm5srv-mit12 | CVE-2022-42898 | HIGH | | 1.18.3-6+deb11u3 | krb5: integer overflow | | | | | | | vulnerabilities in PAC parsing | | | | | | | -->avd.aquasec.com/nvd/cve-2022-42898 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2024-26462 | | | | krb5: Memory leak at | | | | | | | /krb5/src/kdc/ndr.c | | | | | | | -->avd.aquasec.com/nvd/cve-2024-26462 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-36054 | MEDIUM | | 1.18.3-6+deb11u4 | krb5: Denial of service through | | | | | | | freeing uninitialized pointer | | | | | | | -->avd.aquasec.com/nvd/cve-2023-36054 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2024-26458 | | | | krb5: Memory leak at | | | | | | | /krb5/src/lib/rpc/pmap_rmt.c | | | | | | | -->avd.aquasec.com/nvd/cve-2024-26458 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2024-26461 | | | | krb5: Memory leak at | | | | | | | /krb5/src/lib/gssapi/krb5/k5sealv3.c | | | | | | | -->avd.aquasec.com/nvd/cve-2024-26461 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2018-5709 | LOW | | | krb5: integer overflow | | | | | | | in dbentry->n_key_data | | | | | | | in kadmin/dbutil/dump.c | | | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | +------------------------------+---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | libkdb5-10 | CVE-2022-42898 | HIGH | | 1.18.3-6+deb11u3 | krb5: integer overflow | | | | | | | vulnerabilities in PAC parsing | | | | | | | -->avd.aquasec.com/nvd/cve-2022-42898 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2024-26462 | | | | krb5: Memory leak at | | | | | | | /krb5/src/kdc/ndr.c | | | | | | | -->avd.aquasec.com/nvd/cve-2024-26462 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-36054 | MEDIUM | | 1.18.3-6+deb11u4 | krb5: Denial of service through | | | | | | | freeing uninitialized pointer | | | | | | | -->avd.aquasec.com/nvd/cve-2023-36054 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2024-26458 | | | | krb5: Memory leak at | | | | | | | /krb5/src/lib/rpc/pmap_rmt.c | | | | | | | -->avd.aquasec.com/nvd/cve-2024-26458 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2024-26461 | | | | krb5: Memory leak at | | | | | | | /krb5/src/lib/gssapi/krb5/k5sealv3.c | | | | | | | -->avd.aquasec.com/nvd/cve-2024-26461 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2018-5709 | LOW | | | krb5: integer overflow | | | | | | | in dbentry->n_key_data | | | | | | | in kadmin/dbutil/dump.c | | | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | +------------------------------+---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | libkrb5-3 | CVE-2022-42898 | HIGH | | 1.18.3-6+deb11u3 | krb5: integer overflow | | | | | | | vulnerabilities in PAC parsing | | | | | | | -->avd.aquasec.com/nvd/cve-2022-42898 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2024-26462 | | | | krb5: Memory leak at | | | | | | | /krb5/src/kdc/ndr.c | | | | | | | -->avd.aquasec.com/nvd/cve-2024-26462 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-36054 | MEDIUM | | 1.18.3-6+deb11u4 | krb5: Denial of service through | | | | | | | freeing uninitialized pointer | | | | | | | -->avd.aquasec.com/nvd/cve-2023-36054 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2024-26458 | | | | krb5: Memory leak at | | | | | | | /krb5/src/lib/rpc/pmap_rmt.c | | | | | | | -->avd.aquasec.com/nvd/cve-2024-26458 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2024-26461 | | | | krb5: Memory leak at | | | | | | | /krb5/src/lib/gssapi/krb5/k5sealv3.c | | | | | | | -->avd.aquasec.com/nvd/cve-2024-26461 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2018-5709 | LOW | | | krb5: integer overflow | | | | | | | in dbentry->n_key_data | | | | | | | in kadmin/dbutil/dump.c | | | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | +------------------------------+---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | libkrb5-dev | CVE-2022-42898 | HIGH | | 1.18.3-6+deb11u3 | krb5: integer overflow | | | | | | | vulnerabilities in PAC parsing | | | | | | | -->avd.aquasec.com/nvd/cve-2022-42898 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2024-26462 | | | | krb5: Memory leak at | | | | | | | /krb5/src/kdc/ndr.c | | | | | | | -->avd.aquasec.com/nvd/cve-2024-26462 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-36054 | MEDIUM | | 1.18.3-6+deb11u4 | krb5: Denial of service through | | | | | | | freeing uninitialized pointer | | | | | | | -->avd.aquasec.com/nvd/cve-2023-36054 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2024-26458 | | | | krb5: Memory leak at | | | | | | | /krb5/src/lib/rpc/pmap_rmt.c | | | | | | | -->avd.aquasec.com/nvd/cve-2024-26458 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2024-26461 | | | | krb5: Memory leak at | | | | | | | /krb5/src/lib/gssapi/krb5/k5sealv3.c | | | | | | | -->avd.aquasec.com/nvd/cve-2024-26461 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2018-5709 | LOW | | | krb5: integer overflow | | | | | | | in dbentry->n_key_data | | | | | | | in kadmin/dbutil/dump.c | | | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | +------------------------------+---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | libkrb5support0 | CVE-2022-42898 | HIGH | | 1.18.3-6+deb11u3 | krb5: integer overflow | | | | | | | vulnerabilities in PAC parsing | | | | | | | -->avd.aquasec.com/nvd/cve-2022-42898 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2024-26462 | | | | krb5: Memory leak at | | | | | | | /krb5/src/kdc/ndr.c | | | | | | | -->avd.aquasec.com/nvd/cve-2024-26462 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-36054 | MEDIUM | | 1.18.3-6+deb11u4 | krb5: Denial of service through | | | | | | | freeing uninitialized pointer | | | | | | | -->avd.aquasec.com/nvd/cve-2023-36054 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2024-26458 | | | | krb5: Memory leak at | | | | | | | /krb5/src/lib/rpc/pmap_rmt.c | | | | | | | -->avd.aquasec.com/nvd/cve-2024-26458 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2024-26461 | | | | krb5: Memory leak at | | | | | | | /krb5/src/lib/gssapi/krb5/k5sealv3.c | | | | | | | -->avd.aquasec.com/nvd/cve-2024-26461 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2018-5709 | LOW | | | krb5: integer overflow | | | | | | | in dbentry->n_key_data | | | | | | | in kadmin/dbutil/dump.c | | | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | +------------------------------+---------------------+----------+-------------------------+------------------------------+--------------------------------------------------------------------+ | libksba8 | CVE-2022-3515 | CRITICAL | 1.5.0-3 | 1.5.0-3+deb11u1 | libksba: integer overflow may | | | | | | | lead to remote code execution | | | | | | | -->avd.aquasec.com/nvd/cve-2022-3515 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-47629 | | | 1.5.0-3+deb11u2 | libksba: integer overflow | | | | | | | to code execution | | | | | | | -->avd.aquasec.com/nvd/cve-2022-47629 | +------------------------------+---------------------+----------+-------------------------+------------------------------+--------------------------------------------------------------------+ | libldap-2.4-2 | CVE-2023-2953 | HIGH | 2.4.57+dfsg-3+deb11u1 | | openldap: null pointer dereference | | | | | | | in ber_memalloc_x function | | | | | | | -->avd.aquasec.com/nvd/cve-2023-2953 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2015-3276 | LOW | | | openldap: incorrect multi-keyword | | | | | | | mode cipherstring parsing | | | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2017-14159 | | | | openldap: Privilege escalation | | | | | | | via PID file manipulation | | | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2017-17740 | | | | openldap: | | | | | | | contrib/slapd-modules/nops/nops.c | | | | | | | attempts to free stack buffer | | | | | | | allowing remote attackers to cause... | | | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2020-15719 | | | | openldap: Certificate | | | | | | | validation incorrectly | | | | | | | matches name against CN-ID | | | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 | +------------------------------+---------------------+----------+-------------------------+------------------------------+--------------------------------------------------------------------+ | liblsan0 | CVE-2023-4039 | MEDIUM | 10.2.1-6 | | gcc: -fstack-protector | | | | | | | fails to guard dynamic | | | | | | | stack allocations on ARM64 | | | | | | | -->avd.aquasec.com/nvd/cve-2023-4039 | +------------------------------+---------------------+ +-------------------------+------------------------------+--------------------------------------------------------------------+ | libmagic-mgc | CVE-2022-48554 | | 1:5.39-3 | 1:5.39-3+deb11u1 | file: stack-based buffer over-read | | | | | | | in file_copystr in funcs.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-48554 | +------------------------------+ + + + + + | libmagic1 | | | | | | | | | | | | | | | | | | | | +------------------------------+---------------------+----------+-------------------------+------------------------------+--------------------------------------------------------------------+ | libmagickcore-6-arch-config | CVE-2021-20309 | HIGH | 8:6.9.11.60+dfsg-1.3 | 8:6.9.11.60+dfsg-1.3+deb11u2 | ImagemMagick: Division | | | | | | | by zero in WaveImage() of | | | | | | | MagickCore/visual-effects.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20309 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-20312 | | | | ImageMagick: Integer overflow | | | | | | | in WriteTHUMBNAILImage | | | | | | | of coders/thumbnail.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20312 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-20313 | | | | ImageMagick: Cipher leak when | | | | | | | the calculating signatures | | | | | | | in TransformSignatureof | | | | | | | MagickCore/signature.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20313 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-3610 | | | 8:6.9.11.60+dfsg-1.3+deb11u3 | ImageMagick: heap-based | | | | | | | buffer overflow in | | | | | | | ReadTIFFImage() in coders/tiff.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3610 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-40211 | | | | ImageMagick: Division by zero | | | | | | | in ReadEnhMetaFile lead to DoS | | | | | | | -->avd.aquasec.com/nvd/cve-2021-40211 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-1114 | | | 8:6.9.11.60+dfsg-1.3+deb11u2 | ImageMagick: heap-use-after-free | | | | | | | in RelinquishDCMInfo of dcm.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-1114 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-28463 | | | | ImageMagick: heap-buffer-overflow in | | | | | | | PushLongPixel() of quantum-private.h | | | | | | | -->avd.aquasec.com/nvd/cve-2022-28463 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-32545 | | | | ImageMagick: outside the range | | | | | | | of representable values of | | | | | | | type 'unsigned char' at... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-32545 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-32546 | | | | ImageMagick: outside the range | | | | | | | of representable values of | | | | | | | type 'unsigned long' at... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-32546 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-32547 | | | | ImageMagick: load of misaligned | | | | | | | address at MagickCore/property.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-32547 | + +---------------------+----------+ + +--------------------------------------------------------------------+ | | CVE-2021-20241 | MEDIUM | | | ImageMagick: Division by zero in | | | | | | | WriteJP2Image() in coders/jp2.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20241 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-20243 | | | | ImageMagick: Division by | | | | | | | zero in GetResizeFilterWeight | | | | | | | in MagickCore/resize.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20243 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-20244 | | | | ImageMagick: Division by | | | | | | | zero in ImplodeImage in | | | | | | | MagickCore/visual-effects.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20244 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-20245 | | | | ImageMagick: Division by zero | | | | | | | in WriteAnimatedWEBPImage() | | | | | | | in coders/webp.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20245 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-20246 | | | | ImageMagick: Division by | | | | | | | zero in ScaleResampleFilter | | | | | | | in MagickCore/resample.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20246 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-4219 | | | | imagemagick: remote | | | | | | | DoS in MagicCore/draw.c | | | | | | | via crafted SVG file | | | | | | | -->avd.aquasec.com/nvd/cve-2021-4219 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-1115 | | | 8:6.9.11.60+dfsg-1.3+deb11u3 | ImageMagick: heap-buffer-overflow in | | | | | | | PushShortPixel of quantum-private.h | | | | | | | -->avd.aquasec.com/nvd/cve-2022-1115 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-3213 | | | | ImageMagick: heap buffer | | | | | | | overflow while processing | | | | | | | a malformed TIFF file | | | | | | | -->avd.aquasec.com/nvd/cve-2022-3213 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-44267 | | | 8:6.9.11.60+dfsg-1.3+deb11u1 | ImageMagick: Denial of Service | | | | | | | when it parses a PNG image | | | | | | | -->avd.aquasec.com/nvd/cve-2022-44267 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-44268 | | | | ImageMagick: vulnerable | | | | | | | to Information Disclosure | | | | | | | when it parses a PNG image | | | | | | | -->avd.aquasec.com/nvd/cve-2022-44268 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-1289 | | | 8:6.9.11.60+dfsg-1.3+deb11u3 | ImageMagick: Specially crafted | | | | | | | SVG leads to segmentation fault | | | | | | | and generate trash files... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-1289 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-1906 | | | | ImageMagick: heap-based | | | | | | | buffer overflow in | | | | | | | ImportMultiSpectralQuantum() | | | | | | | in MagickCore/quantum-import.c | | | | | | | -->avd.aquasec.com/nvd/cve-2023-1906 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-34151 | | | | ImageMagick: Undefined | | | | | | | behaviors of casting double | | | | | | | to size_t in svg, mvg and... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-34151 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-3428 | | | | ImageMagick: heap-buffer-overflow | | | | | | | in coders/tiff.c | | | | | | | -->avd.aquasec.com/nvd/cve-2023-3428 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-5341 | | | | ImageMagick: Heap | | | | | | | use-after-free in coders/bmp.c | | | | | | | -->avd.aquasec.com/nvd/cve-2023-5341 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2005-0406 | LOW | | | A design flaw in image | | | | | | | processing software that | | | | | | | modifies JPEG images m... | | | | | | | -->avd.aquasec.com/nvd/cve-2005-0406 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2008-3134 | | | | GraphicsMagick/ImageMagick: | | | | | | | multiple crash or DoS issues | | | | | | | -->avd.aquasec.com/nvd/cve-2008-3134 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2016-8678 | | | | ImageMagick: Heap-buffer | | | | | | | overflow in IsPixelMonochrome | | | | | | | -->avd.aquasec.com/nvd/cve-2016-8678 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2017-11754 | | | | ImageMagick: Memory leak | | | | | | | in WritePICONImage function | | | | | | | -->avd.aquasec.com/nvd/cve-2017-11754 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2017-11755 | | | | ImageMagick: Memory leak in | | | | | | | WritePICONImage function via | | | | | | | mishandled AcquireSemaphoreInfo call | | | | | | | -->avd.aquasec.com/nvd/cve-2017-11755 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2017-7275 | | | | ImageMagick: Memory allocation | | | | | | | failure in AcquireMagickMemory | | | | | | | (incomplete fix for CVE-2016-8866) | | | | | | | -->avd.aquasec.com/nvd/cve-2017-7275 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2018-15607 | | | | ImageMagick: CPU Exhaustion | | | | | | | via crafted input file | | | | | | | -->avd.aquasec.com/nvd/cve-2018-15607 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-20311 | | | | ImageMagick: Division by | | | | | | | zero in sRGBTransformImage() | | | | | | | in MagickCore/colorspace.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20311 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-3574 | | | 8:6.9.11.60+dfsg-1.3+deb11u2 | ImageMagick: memory leaks | | | | | | | with convert command | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3574 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-39212 | | | | ImageMagick: possible read | | | | | | | or write in postscript files | | | | | | | -->avd.aquasec.com/nvd/cve-2021-39212 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-34152 | | | | ImageMagick: RCE (shell command | | | | | | | injection) vulnerability in OpenBlob | | | | | | | with --enable-pipes configured | | | | | | | -->avd.aquasec.com/nvd/cve-2023-34152 | +------------------------------+---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | libmagickcore-6-headers | CVE-2021-20309 | HIGH | | 8:6.9.11.60+dfsg-1.3+deb11u2 | ImagemMagick: Division | | | | | | | by zero in WaveImage() of | | | | | | | MagickCore/visual-effects.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20309 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-20312 | | | | ImageMagick: Integer overflow | | | | | | | in WriteTHUMBNAILImage | | | | | | | of coders/thumbnail.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20312 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-20313 | | | | ImageMagick: Cipher leak when | | | | | | | the calculating signatures | | | | | | | in TransformSignatureof | | | | | | | MagickCore/signature.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20313 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-3610 | | | 8:6.9.11.60+dfsg-1.3+deb11u3 | ImageMagick: heap-based | | | | | | | buffer overflow in | | | | | | | ReadTIFFImage() in coders/tiff.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3610 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-40211 | | | | ImageMagick: Division by zero | | | | | | | in ReadEnhMetaFile lead to DoS | | | | | | | -->avd.aquasec.com/nvd/cve-2021-40211 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-1114 | | | 8:6.9.11.60+dfsg-1.3+deb11u2 | ImageMagick: heap-use-after-free | | | | | | | in RelinquishDCMInfo of dcm.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-1114 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-28463 | | | | ImageMagick: heap-buffer-overflow in | | | | | | | PushLongPixel() of quantum-private.h | | | | | | | -->avd.aquasec.com/nvd/cve-2022-28463 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-32545 | | | | ImageMagick: outside the range | | | | | | | of representable values of | | | | | | | type 'unsigned char' at... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-32545 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-32546 | | | | ImageMagick: outside the range | | | | | | | of representable values of | | | | | | | type 'unsigned long' at... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-32546 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-32547 | | | | ImageMagick: load of misaligned | | | | | | | address at MagickCore/property.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-32547 | + +---------------------+----------+ + +--------------------------------------------------------------------+ | | CVE-2021-20241 | MEDIUM | | | ImageMagick: Division by zero in | | | | | | | WriteJP2Image() in coders/jp2.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20241 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-20243 | | | | ImageMagick: Division by | | | | | | | zero in GetResizeFilterWeight | | | | | | | in MagickCore/resize.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20243 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-20244 | | | | ImageMagick: Division by | | | | | | | zero in ImplodeImage in | | | | | | | MagickCore/visual-effects.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20244 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-20245 | | | | ImageMagick: Division by zero | | | | | | | in WriteAnimatedWEBPImage() | | | | | | | in coders/webp.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20245 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-20246 | | | | ImageMagick: Division by | | | | | | | zero in ScaleResampleFilter | | | | | | | in MagickCore/resample.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20246 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-4219 | | | | imagemagick: remote | | | | | | | DoS in MagicCore/draw.c | | | | | | | via crafted SVG file | | | | | | | -->avd.aquasec.com/nvd/cve-2021-4219 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-1115 | | | 8:6.9.11.60+dfsg-1.3+deb11u3 | ImageMagick: heap-buffer-overflow in | | | | | | | PushShortPixel of quantum-private.h | | | | | | | -->avd.aquasec.com/nvd/cve-2022-1115 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-3213 | | | | ImageMagick: heap buffer | | | | | | | overflow while processing | | | | | | | a malformed TIFF file | | | | | | | -->avd.aquasec.com/nvd/cve-2022-3213 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-44267 | | | 8:6.9.11.60+dfsg-1.3+deb11u1 | ImageMagick: Denial of Service | | | | | | | when it parses a PNG image | | | | | | | -->avd.aquasec.com/nvd/cve-2022-44267 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-44268 | | | | ImageMagick: vulnerable | | | | | | | to Information Disclosure | | | | | | | when it parses a PNG image | | | | | | | -->avd.aquasec.com/nvd/cve-2022-44268 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-1289 | | | 8:6.9.11.60+dfsg-1.3+deb11u3 | ImageMagick: Specially crafted | | | | | | | SVG leads to segmentation fault | | | | | | | and generate trash files... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-1289 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-1906 | | | | ImageMagick: heap-based | | | | | | | buffer overflow in | | | | | | | ImportMultiSpectralQuantum() | | | | | | | in MagickCore/quantum-import.c | | | | | | | -->avd.aquasec.com/nvd/cve-2023-1906 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-34151 | | | | ImageMagick: Undefined | | | | | | | behaviors of casting double | | | | | | | to size_t in svg, mvg and... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-34151 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-3428 | | | | ImageMagick: heap-buffer-overflow | | | | | | | in coders/tiff.c | | | | | | | -->avd.aquasec.com/nvd/cve-2023-3428 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-5341 | | | | ImageMagick: Heap | | | | | | | use-after-free in coders/bmp.c | | | | | | | -->avd.aquasec.com/nvd/cve-2023-5341 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2005-0406 | LOW | | | A design flaw in image | | | | | | | processing software that | | | | | | | modifies JPEG images m... | | | | | | | -->avd.aquasec.com/nvd/cve-2005-0406 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2008-3134 | | | | GraphicsMagick/ImageMagick: | | | | | | | multiple crash or DoS issues | | | | | | | -->avd.aquasec.com/nvd/cve-2008-3134 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2016-8678 | | | | ImageMagick: Heap-buffer | | | | | | | overflow in IsPixelMonochrome | | | | | | | -->avd.aquasec.com/nvd/cve-2016-8678 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2017-11754 | | | | ImageMagick: Memory leak | | | | | | | in WritePICONImage function | | | | | | | -->avd.aquasec.com/nvd/cve-2017-11754 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2017-11755 | | | | ImageMagick: Memory leak in | | | | | | | WritePICONImage function via | | | | | | | mishandled AcquireSemaphoreInfo call | | | | | | | -->avd.aquasec.com/nvd/cve-2017-11755 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2017-7275 | | | | ImageMagick: Memory allocation | | | | | | | failure in AcquireMagickMemory | | | | | | | (incomplete fix for CVE-2016-8866) | | | | | | | -->avd.aquasec.com/nvd/cve-2017-7275 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2018-15607 | | | | ImageMagick: CPU Exhaustion | | | | | | | via crafted input file | | | | | | | -->avd.aquasec.com/nvd/cve-2018-15607 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-20311 | | | | ImageMagick: Division by | | | | | | | zero in sRGBTransformImage() | | | | | | | in MagickCore/colorspace.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20311 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-3574 | | | 8:6.9.11.60+dfsg-1.3+deb11u2 | ImageMagick: memory leaks | | | | | | | with convert command | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3574 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-39212 | | | | ImageMagick: possible read | | | | | | | or write in postscript files | | | | | | | -->avd.aquasec.com/nvd/cve-2021-39212 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-34152 | | | | ImageMagick: RCE (shell command | | | | | | | injection) vulnerability in OpenBlob | | | | | | | with --enable-pipes configured | | | | | | | -->avd.aquasec.com/nvd/cve-2023-34152 | +------------------------------+---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | libmagickcore-6.q16-6 | CVE-2021-20309 | HIGH | | 8:6.9.11.60+dfsg-1.3+deb11u2 | ImagemMagick: Division | | | | | | | by zero in WaveImage() of | | | | | | | MagickCore/visual-effects.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20309 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-20312 | | | | ImageMagick: Integer overflow | | | | | | | in WriteTHUMBNAILImage | | | | | | | of coders/thumbnail.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20312 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-20313 | | | | ImageMagick: Cipher leak when | | | | | | | the calculating signatures | | | | | | | in TransformSignatureof | | | | | | | MagickCore/signature.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20313 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-3610 | | | 8:6.9.11.60+dfsg-1.3+deb11u3 | ImageMagick: heap-based | | | | | | | buffer overflow in | | | | | | | ReadTIFFImage() in coders/tiff.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3610 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-40211 | | | | ImageMagick: Division by zero | | | | | | | in ReadEnhMetaFile lead to DoS | | | | | | | -->avd.aquasec.com/nvd/cve-2021-40211 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-1114 | | | 8:6.9.11.60+dfsg-1.3+deb11u2 | ImageMagick: heap-use-after-free | | | | | | | in RelinquishDCMInfo of dcm.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-1114 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-28463 | | | | ImageMagick: heap-buffer-overflow in | | | | | | | PushLongPixel() of quantum-private.h | | | | | | | -->avd.aquasec.com/nvd/cve-2022-28463 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-32545 | | | | ImageMagick: outside the range | | | | | | | of representable values of | | | | | | | type 'unsigned char' at... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-32545 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-32546 | | | | ImageMagick: outside the range | | | | | | | of representable values of | | | | | | | type 'unsigned long' at... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-32546 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-32547 | | | | ImageMagick: load of misaligned | | | | | | | address at MagickCore/property.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-32547 | + +---------------------+----------+ + +--------------------------------------------------------------------+ | | CVE-2021-20241 | MEDIUM | | | ImageMagick: Division by zero in | | | | | | | WriteJP2Image() in coders/jp2.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20241 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-20243 | | | | ImageMagick: Division by | | | | | | | zero in GetResizeFilterWeight | | | | | | | in MagickCore/resize.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20243 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-20244 | | | | ImageMagick: Division by | | | | | | | zero in ImplodeImage in | | | | | | | MagickCore/visual-effects.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20244 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-20245 | | | | ImageMagick: Division by zero | | | | | | | in WriteAnimatedWEBPImage() | | | | | | | in coders/webp.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20245 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-20246 | | | | ImageMagick: Division by | | | | | | | zero in ScaleResampleFilter | | | | | | | in MagickCore/resample.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20246 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-4219 | | | | imagemagick: remote | | | | | | | DoS in MagicCore/draw.c | | | | | | | via crafted SVG file | | | | | | | -->avd.aquasec.com/nvd/cve-2021-4219 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-1115 | | | 8:6.9.11.60+dfsg-1.3+deb11u3 | ImageMagick: heap-buffer-overflow in | | | | | | | PushShortPixel of quantum-private.h | | | | | | | -->avd.aquasec.com/nvd/cve-2022-1115 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-3213 | | | | ImageMagick: heap buffer | | | | | | | overflow while processing | | | | | | | a malformed TIFF file | | | | | | | -->avd.aquasec.com/nvd/cve-2022-3213 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-44267 | | | 8:6.9.11.60+dfsg-1.3+deb11u1 | ImageMagick: Denial of Service | | | | | | | when it parses a PNG image | | | | | | | -->avd.aquasec.com/nvd/cve-2022-44267 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-44268 | | | | ImageMagick: vulnerable | | | | | | | to Information Disclosure | | | | | | | when it parses a PNG image | | | | | | | -->avd.aquasec.com/nvd/cve-2022-44268 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-1289 | | | 8:6.9.11.60+dfsg-1.3+deb11u3 | ImageMagick: Specially crafted | | | | | | | SVG leads to segmentation fault | | | | | | | and generate trash files... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-1289 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-1906 | | | | ImageMagick: heap-based | | | | | | | buffer overflow in | | | | | | | ImportMultiSpectralQuantum() | | | | | | | in MagickCore/quantum-import.c | | | | | | | -->avd.aquasec.com/nvd/cve-2023-1906 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-34151 | | | | ImageMagick: Undefined | | | | | | | behaviors of casting double | | | | | | | to size_t in svg, mvg and... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-34151 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-3428 | | | | ImageMagick: heap-buffer-overflow | | | | | | | in coders/tiff.c | | | | | | | -->avd.aquasec.com/nvd/cve-2023-3428 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-5341 | | | | ImageMagick: Heap | | | | | | | use-after-free in coders/bmp.c | | | | | | | -->avd.aquasec.com/nvd/cve-2023-5341 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2005-0406 | LOW | | | A design flaw in image | | | | | | | processing software that | | | | | | | modifies JPEG images m... | | | | | | | -->avd.aquasec.com/nvd/cve-2005-0406 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2008-3134 | | | | GraphicsMagick/ImageMagick: | | | | | | | multiple crash or DoS issues | | | | | | | -->avd.aquasec.com/nvd/cve-2008-3134 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2016-8678 | | | | ImageMagick: Heap-buffer | | | | | | | overflow in IsPixelMonochrome | | | | | | | -->avd.aquasec.com/nvd/cve-2016-8678 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2017-11754 | | | | ImageMagick: Memory leak | | | | | | | in WritePICONImage function | | | | | | | -->avd.aquasec.com/nvd/cve-2017-11754 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2017-11755 | | | | ImageMagick: Memory leak in | | | | | | | WritePICONImage function via | | | | | | | mishandled AcquireSemaphoreInfo call | | | | | | | -->avd.aquasec.com/nvd/cve-2017-11755 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2017-7275 | | | | ImageMagick: Memory allocation | | | | | | | failure in AcquireMagickMemory | | | | | | | (incomplete fix for CVE-2016-8866) | | | | | | | -->avd.aquasec.com/nvd/cve-2017-7275 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2018-15607 | | | | ImageMagick: CPU Exhaustion | | | | | | | via crafted input file | | | | | | | -->avd.aquasec.com/nvd/cve-2018-15607 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-20311 | | | | ImageMagick: Division by | | | | | | | zero in sRGBTransformImage() | | | | | | | in MagickCore/colorspace.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20311 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-3574 | | | 8:6.9.11.60+dfsg-1.3+deb11u2 | ImageMagick: memory leaks | | | | | | | with convert command | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3574 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-39212 | | | | ImageMagick: possible read | | | | | | | or write in postscript files | | | | | | | -->avd.aquasec.com/nvd/cve-2021-39212 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-34152 | | | | ImageMagick: RCE (shell command | | | | | | | injection) vulnerability in OpenBlob | | | | | | | with --enable-pipes configured | | | | | | | -->avd.aquasec.com/nvd/cve-2023-34152 | +------------------------------+---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | libmagickcore-6.q16-6-extra | CVE-2021-20309 | HIGH | | 8:6.9.11.60+dfsg-1.3+deb11u2 | ImagemMagick: Division | | | | | | | by zero in WaveImage() of | | | | | | | MagickCore/visual-effects.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20309 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-20312 | | | | ImageMagick: Integer overflow | | | | | | | in WriteTHUMBNAILImage | | | | | | | of coders/thumbnail.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20312 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-20313 | | | | ImageMagick: Cipher leak when | | | | | | | the calculating signatures | | | | | | | in TransformSignatureof | | | | | | | MagickCore/signature.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20313 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-3610 | | | 8:6.9.11.60+dfsg-1.3+deb11u3 | ImageMagick: heap-based | | | | | | | buffer overflow in | | | | | | | ReadTIFFImage() in coders/tiff.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3610 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-40211 | | | | ImageMagick: Division by zero | | | | | | | in ReadEnhMetaFile lead to DoS | | | | | | | -->avd.aquasec.com/nvd/cve-2021-40211 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-1114 | | | 8:6.9.11.60+dfsg-1.3+deb11u2 | ImageMagick: heap-use-after-free | | | | | | | in RelinquishDCMInfo of dcm.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-1114 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-28463 | | | | ImageMagick: heap-buffer-overflow in | | | | | | | PushLongPixel() of quantum-private.h | | | | | | | -->avd.aquasec.com/nvd/cve-2022-28463 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-32545 | | | | ImageMagick: outside the range | | | | | | | of representable values of | | | | | | | type 'unsigned char' at... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-32545 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-32546 | | | | ImageMagick: outside the range | | | | | | | of representable values of | | | | | | | type 'unsigned long' at... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-32546 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-32547 | | | | ImageMagick: load of misaligned | | | | | | | address at MagickCore/property.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-32547 | + +---------------------+----------+ + +--------------------------------------------------------------------+ | | CVE-2021-20241 | MEDIUM | | | ImageMagick: Division by zero in | | | | | | | WriteJP2Image() in coders/jp2.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20241 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-20243 | | | | ImageMagick: Division by | | | | | | | zero in GetResizeFilterWeight | | | | | | | in MagickCore/resize.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20243 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-20244 | | | | ImageMagick: Division by | | | | | | | zero in ImplodeImage in | | | | | | | MagickCore/visual-effects.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20244 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-20245 | | | | ImageMagick: Division by zero | | | | | | | in WriteAnimatedWEBPImage() | | | | | | | in coders/webp.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20245 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-20246 | | | | ImageMagick: Division by | | | | | | | zero in ScaleResampleFilter | | | | | | | in MagickCore/resample.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20246 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-4219 | | | | imagemagick: remote | | | | | | | DoS in MagicCore/draw.c | | | | | | | via crafted SVG file | | | | | | | -->avd.aquasec.com/nvd/cve-2021-4219 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-1115 | | | 8:6.9.11.60+dfsg-1.3+deb11u3 | ImageMagick: heap-buffer-overflow in | | | | | | | PushShortPixel of quantum-private.h | | | | | | | -->avd.aquasec.com/nvd/cve-2022-1115 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-3213 | | | | ImageMagick: heap buffer | | | | | | | overflow while processing | | | | | | | a malformed TIFF file | | | | | | | -->avd.aquasec.com/nvd/cve-2022-3213 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-44267 | | | 8:6.9.11.60+dfsg-1.3+deb11u1 | ImageMagick: Denial of Service | | | | | | | when it parses a PNG image | | | | | | | -->avd.aquasec.com/nvd/cve-2022-44267 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-44268 | | | | ImageMagick: vulnerable | | | | | | | to Information Disclosure | | | | | | | when it parses a PNG image | | | | | | | -->avd.aquasec.com/nvd/cve-2022-44268 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-1289 | | | 8:6.9.11.60+dfsg-1.3+deb11u3 | ImageMagick: Specially crafted | | | | | | | SVG leads to segmentation fault | | | | | | | and generate trash files... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-1289 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-1906 | | | | ImageMagick: heap-based | | | | | | | buffer overflow in | | | | | | | ImportMultiSpectralQuantum() | | | | | | | in MagickCore/quantum-import.c | | | | | | | -->avd.aquasec.com/nvd/cve-2023-1906 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-34151 | | | | ImageMagick: Undefined | | | | | | | behaviors of casting double | | | | | | | to size_t in svg, mvg and... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-34151 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-3428 | | | | ImageMagick: heap-buffer-overflow | | | | | | | in coders/tiff.c | | | | | | | -->avd.aquasec.com/nvd/cve-2023-3428 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-5341 | | | | ImageMagick: Heap | | | | | | | use-after-free in coders/bmp.c | | | | | | | -->avd.aquasec.com/nvd/cve-2023-5341 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2005-0406 | LOW | | | A design flaw in image | | | | | | | processing software that | | | | | | | modifies JPEG images m... | | | | | | | -->avd.aquasec.com/nvd/cve-2005-0406 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2008-3134 | | | | GraphicsMagick/ImageMagick: | | | | | | | multiple crash or DoS issues | | | | | | | -->avd.aquasec.com/nvd/cve-2008-3134 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2016-8678 | | | | ImageMagick: Heap-buffer | | | | | | | overflow in IsPixelMonochrome | | | | | | | -->avd.aquasec.com/nvd/cve-2016-8678 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2017-11754 | | | | ImageMagick: Memory leak | | | | | | | in WritePICONImage function | | | | | | | -->avd.aquasec.com/nvd/cve-2017-11754 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2017-11755 | | | | ImageMagick: Memory leak in | | | | | | | WritePICONImage function via | | | | | | | mishandled AcquireSemaphoreInfo call | | | | | | | -->avd.aquasec.com/nvd/cve-2017-11755 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2017-7275 | | | | ImageMagick: Memory allocation | | | | | | | failure in AcquireMagickMemory | | | | | | | (incomplete fix for CVE-2016-8866) | | | | | | | -->avd.aquasec.com/nvd/cve-2017-7275 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2018-15607 | | | | ImageMagick: CPU Exhaustion | | | | | | | via crafted input file | | | | | | | -->avd.aquasec.com/nvd/cve-2018-15607 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-20311 | | | | ImageMagick: Division by | | | | | | | zero in sRGBTransformImage() | | | | | | | in MagickCore/colorspace.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20311 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-3574 | | | 8:6.9.11.60+dfsg-1.3+deb11u2 | ImageMagick: memory leaks | | | | | | | with convert command | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3574 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-39212 | | | | ImageMagick: possible read | | | | | | | or write in postscript files | | | | | | | -->avd.aquasec.com/nvd/cve-2021-39212 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-34152 | | | | ImageMagick: RCE (shell command | | | | | | | injection) vulnerability in OpenBlob | | | | | | | with --enable-pipes configured | | | | | | | -->avd.aquasec.com/nvd/cve-2023-34152 | +------------------------------+---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | libmagickcore-6.q16-dev | CVE-2021-20309 | HIGH | | 8:6.9.11.60+dfsg-1.3+deb11u2 | ImagemMagick: Division | | | | | | | by zero in WaveImage() of | | | | | | | MagickCore/visual-effects.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20309 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-20312 | | | | ImageMagick: Integer overflow | | | | | | | in WriteTHUMBNAILImage | | | | | | | of coders/thumbnail.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20312 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-20313 | | | | ImageMagick: Cipher leak when | | | | | | | the calculating signatures | | | | | | | in TransformSignatureof | | | | | | | MagickCore/signature.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20313 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-3610 | | | 8:6.9.11.60+dfsg-1.3+deb11u3 | ImageMagick: heap-based | | | | | | | buffer overflow in | | | | | | | ReadTIFFImage() in coders/tiff.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3610 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-40211 | | | | ImageMagick: Division by zero | | | | | | | in ReadEnhMetaFile lead to DoS | | | | | | | -->avd.aquasec.com/nvd/cve-2021-40211 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-1114 | | | 8:6.9.11.60+dfsg-1.3+deb11u2 | ImageMagick: heap-use-after-free | | | | | | | in RelinquishDCMInfo of dcm.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-1114 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-28463 | | | | ImageMagick: heap-buffer-overflow in | | | | | | | PushLongPixel() of quantum-private.h | | | | | | | -->avd.aquasec.com/nvd/cve-2022-28463 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-32545 | | | | ImageMagick: outside the range | | | | | | | of representable values of | | | | | | | type 'unsigned char' at... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-32545 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-32546 | | | | ImageMagick: outside the range | | | | | | | of representable values of | | | | | | | type 'unsigned long' at... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-32546 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-32547 | | | | ImageMagick: load of misaligned | | | | | | | address at MagickCore/property.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-32547 | + +---------------------+----------+ + +--------------------------------------------------------------------+ | | CVE-2021-20241 | MEDIUM | | | ImageMagick: Division by zero in | | | | | | | WriteJP2Image() in coders/jp2.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20241 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-20243 | | | | ImageMagick: Division by | | | | | | | zero in GetResizeFilterWeight | | | | | | | in MagickCore/resize.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20243 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-20244 | | | | ImageMagick: Division by | | | | | | | zero in ImplodeImage in | | | | | | | MagickCore/visual-effects.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20244 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-20245 | | | | ImageMagick: Division by zero | | | | | | | in WriteAnimatedWEBPImage() | | | | | | | in coders/webp.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20245 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-20246 | | | | ImageMagick: Division by | | | | | | | zero in ScaleResampleFilter | | | | | | | in MagickCore/resample.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20246 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-4219 | | | | imagemagick: remote | | | | | | | DoS in MagicCore/draw.c | | | | | | | via crafted SVG file | | | | | | | -->avd.aquasec.com/nvd/cve-2021-4219 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-1115 | | | 8:6.9.11.60+dfsg-1.3+deb11u3 | ImageMagick: heap-buffer-overflow in | | | | | | | PushShortPixel of quantum-private.h | | | | | | | -->avd.aquasec.com/nvd/cve-2022-1115 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-3213 | | | | ImageMagick: heap buffer | | | | | | | overflow while processing | | | | | | | a malformed TIFF file | | | | | | | -->avd.aquasec.com/nvd/cve-2022-3213 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-44267 | | | 8:6.9.11.60+dfsg-1.3+deb11u1 | ImageMagick: Denial of Service | | | | | | | when it parses a PNG image | | | | | | | -->avd.aquasec.com/nvd/cve-2022-44267 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-44268 | | | | ImageMagick: vulnerable | | | | | | | to Information Disclosure | | | | | | | when it parses a PNG image | | | | | | | -->avd.aquasec.com/nvd/cve-2022-44268 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-1289 | | | 8:6.9.11.60+dfsg-1.3+deb11u3 | ImageMagick: Specially crafted | | | | | | | SVG leads to segmentation fault | | | | | | | and generate trash files... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-1289 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-1906 | | | | ImageMagick: heap-based | | | | | | | buffer overflow in | | | | | | | ImportMultiSpectralQuantum() | | | | | | | in MagickCore/quantum-import.c | | | | | | | -->avd.aquasec.com/nvd/cve-2023-1906 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-34151 | | | | ImageMagick: Undefined | | | | | | | behaviors of casting double | | | | | | | to size_t in svg, mvg and... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-34151 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-3428 | | | | ImageMagick: heap-buffer-overflow | | | | | | | in coders/tiff.c | | | | | | | -->avd.aquasec.com/nvd/cve-2023-3428 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-5341 | | | | ImageMagick: Heap | | | | | | | use-after-free in coders/bmp.c | | | | | | | -->avd.aquasec.com/nvd/cve-2023-5341 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2005-0406 | LOW | | | A design flaw in image | | | | | | | processing software that | | | | | | | modifies JPEG images m... | | | | | | | -->avd.aquasec.com/nvd/cve-2005-0406 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2008-3134 | | | | GraphicsMagick/ImageMagick: | | | | | | | multiple crash or DoS issues | | | | | | | -->avd.aquasec.com/nvd/cve-2008-3134 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2016-8678 | | | | ImageMagick: Heap-buffer | | | | | | | overflow in IsPixelMonochrome | | | | | | | -->avd.aquasec.com/nvd/cve-2016-8678 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2017-11754 | | | | ImageMagick: Memory leak | | | | | | | in WritePICONImage function | | | | | | | -->avd.aquasec.com/nvd/cve-2017-11754 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2017-11755 | | | | ImageMagick: Memory leak in | | | | | | | WritePICONImage function via | | | | | | | mishandled AcquireSemaphoreInfo call | | | | | | | -->avd.aquasec.com/nvd/cve-2017-11755 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2017-7275 | | | | ImageMagick: Memory allocation | | | | | | | failure in AcquireMagickMemory | | | | | | | (incomplete fix for CVE-2016-8866) | | | | | | | -->avd.aquasec.com/nvd/cve-2017-7275 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2018-15607 | | | | ImageMagick: CPU Exhaustion | | | | | | | via crafted input file | | | | | | | -->avd.aquasec.com/nvd/cve-2018-15607 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-20311 | | | | ImageMagick: Division by | | | | | | | zero in sRGBTransformImage() | | | | | | | in MagickCore/colorspace.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20311 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-3574 | | | 8:6.9.11.60+dfsg-1.3+deb11u2 | ImageMagick: memory leaks | | | | | | | with convert command | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3574 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-39212 | | | | ImageMagick: possible read | | | | | | | or write in postscript files | | | | | | | -->avd.aquasec.com/nvd/cve-2021-39212 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-34152 | | | | ImageMagick: RCE (shell command | | | | | | | injection) vulnerability in OpenBlob | | | | | | | with --enable-pipes configured | | | | | | | -->avd.aquasec.com/nvd/cve-2023-34152 | +------------------------------+---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | libmagickcore-dev | CVE-2021-20309 | HIGH | | 8:6.9.11.60+dfsg-1.3+deb11u2 | ImagemMagick: Division | | | | | | | by zero in WaveImage() of | | | | | | | MagickCore/visual-effects.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20309 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-20312 | | | | ImageMagick: Integer overflow | | | | | | | in WriteTHUMBNAILImage | | | | | | | of coders/thumbnail.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20312 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-20313 | | | | ImageMagick: Cipher leak when | | | | | | | the calculating signatures | | | | | | | in TransformSignatureof | | | | | | | MagickCore/signature.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20313 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-3610 | | | 8:6.9.11.60+dfsg-1.3+deb11u3 | ImageMagick: heap-based | | | | | | | buffer overflow in | | | | | | | ReadTIFFImage() in coders/tiff.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3610 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-40211 | | | | ImageMagick: Division by zero | | | | | | | in ReadEnhMetaFile lead to DoS | | | | | | | -->avd.aquasec.com/nvd/cve-2021-40211 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-1114 | | | 8:6.9.11.60+dfsg-1.3+deb11u2 | ImageMagick: heap-use-after-free | | | | | | | in RelinquishDCMInfo of dcm.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-1114 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-28463 | | | | ImageMagick: heap-buffer-overflow in | | | | | | | PushLongPixel() of quantum-private.h | | | | | | | -->avd.aquasec.com/nvd/cve-2022-28463 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-32545 | | | | ImageMagick: outside the range | | | | | | | of representable values of | | | | | | | type 'unsigned char' at... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-32545 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-32546 | | | | ImageMagick: outside the range | | | | | | | of representable values of | | | | | | | type 'unsigned long' at... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-32546 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-32547 | | | | ImageMagick: load of misaligned | | | | | | | address at MagickCore/property.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-32547 | + +---------------------+----------+ + +--------------------------------------------------------------------+ | | CVE-2021-20241 | MEDIUM | | | ImageMagick: Division by zero in | | | | | | | WriteJP2Image() in coders/jp2.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20241 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-20243 | | | | ImageMagick: Division by | | | | | | | zero in GetResizeFilterWeight | | | | | | | in MagickCore/resize.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20243 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-20244 | | | | ImageMagick: Division by | | | | | | | zero in ImplodeImage in | | | | | | | MagickCore/visual-effects.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20244 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-20245 | | | | ImageMagick: Division by zero | | | | | | | in WriteAnimatedWEBPImage() | | | | | | | in coders/webp.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20245 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-20246 | | | | ImageMagick: Division by | | | | | | | zero in ScaleResampleFilter | | | | | | | in MagickCore/resample.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20246 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-4219 | | | | imagemagick: remote | | | | | | | DoS in MagicCore/draw.c | | | | | | | via crafted SVG file | | | | | | | -->avd.aquasec.com/nvd/cve-2021-4219 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-1115 | | | 8:6.9.11.60+dfsg-1.3+deb11u3 | ImageMagick: heap-buffer-overflow in | | | | | | | PushShortPixel of quantum-private.h | | | | | | | -->avd.aquasec.com/nvd/cve-2022-1115 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-3213 | | | | ImageMagick: heap buffer | | | | | | | overflow while processing | | | | | | | a malformed TIFF file | | | | | | | -->avd.aquasec.com/nvd/cve-2022-3213 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-44267 | | | 8:6.9.11.60+dfsg-1.3+deb11u1 | ImageMagick: Denial of Service | | | | | | | when it parses a PNG image | | | | | | | -->avd.aquasec.com/nvd/cve-2022-44267 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-44268 | | | | ImageMagick: vulnerable | | | | | | | to Information Disclosure | | | | | | | when it parses a PNG image | | | | | | | -->avd.aquasec.com/nvd/cve-2022-44268 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-1289 | | | 8:6.9.11.60+dfsg-1.3+deb11u3 | ImageMagick: Specially crafted | | | | | | | SVG leads to segmentation fault | | | | | | | and generate trash files... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-1289 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-1906 | | | | ImageMagick: heap-based | | | | | | | buffer overflow in | | | | | | | ImportMultiSpectralQuantum() | | | | | | | in MagickCore/quantum-import.c | | | | | | | -->avd.aquasec.com/nvd/cve-2023-1906 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-34151 | | | | ImageMagick: Undefined | | | | | | | behaviors of casting double | | | | | | | to size_t in svg, mvg and... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-34151 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-3428 | | | | ImageMagick: heap-buffer-overflow | | | | | | | in coders/tiff.c | | | | | | | -->avd.aquasec.com/nvd/cve-2023-3428 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-5341 | | | | ImageMagick: Heap | | | | | | | use-after-free in coders/bmp.c | | | | | | | -->avd.aquasec.com/nvd/cve-2023-5341 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2005-0406 | LOW | | | A design flaw in image | | | | | | | processing software that | | | | | | | modifies JPEG images m... | | | | | | | -->avd.aquasec.com/nvd/cve-2005-0406 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2008-3134 | | | | GraphicsMagick/ImageMagick: | | | | | | | multiple crash or DoS issues | | | | | | | -->avd.aquasec.com/nvd/cve-2008-3134 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2016-8678 | | | | ImageMagick: Heap-buffer | | | | | | | overflow in IsPixelMonochrome | | | | | | | -->avd.aquasec.com/nvd/cve-2016-8678 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2017-11754 | | | | ImageMagick: Memory leak | | | | | | | in WritePICONImage function | | | | | | | -->avd.aquasec.com/nvd/cve-2017-11754 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2017-11755 | | | | ImageMagick: Memory leak in | | | | | | | WritePICONImage function via | | | | | | | mishandled AcquireSemaphoreInfo call | | | | | | | -->avd.aquasec.com/nvd/cve-2017-11755 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2017-7275 | | | | ImageMagick: Memory allocation | | | | | | | failure in AcquireMagickMemory | | | | | | | (incomplete fix for CVE-2016-8866) | | | | | | | -->avd.aquasec.com/nvd/cve-2017-7275 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2018-15607 | | | | ImageMagick: CPU Exhaustion | | | | | | | via crafted input file | | | | | | | -->avd.aquasec.com/nvd/cve-2018-15607 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-20311 | | | | ImageMagick: Division by | | | | | | | zero in sRGBTransformImage() | | | | | | | in MagickCore/colorspace.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20311 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-3574 | | | 8:6.9.11.60+dfsg-1.3+deb11u2 | ImageMagick: memory leaks | | | | | | | with convert command | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3574 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-39212 | | | | ImageMagick: possible read | | | | | | | or write in postscript files | | | | | | | -->avd.aquasec.com/nvd/cve-2021-39212 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-34152 | | | | ImageMagick: RCE (shell command | | | | | | | injection) vulnerability in OpenBlob | | | | | | | with --enable-pipes configured | | | | | | | -->avd.aquasec.com/nvd/cve-2023-34152 | +------------------------------+---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | libmagickwand-6-headers | CVE-2021-20309 | HIGH | | 8:6.9.11.60+dfsg-1.3+deb11u2 | ImagemMagick: Division | | | | | | | by zero in WaveImage() of | | | | | | | MagickCore/visual-effects.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20309 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-20312 | | | | ImageMagick: Integer overflow | | | | | | | in WriteTHUMBNAILImage | | | | | | | of coders/thumbnail.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20312 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-20313 | | | | ImageMagick: Cipher leak when | | | | | | | the calculating signatures | | | | | | | in TransformSignatureof | | | | | | | MagickCore/signature.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20313 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-3610 | | | 8:6.9.11.60+dfsg-1.3+deb11u3 | ImageMagick: heap-based | | | | | | | buffer overflow in | | | | | | | ReadTIFFImage() in coders/tiff.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3610 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-40211 | | | | ImageMagick: Division by zero | | | | | | | in ReadEnhMetaFile lead to DoS | | | | | | | -->avd.aquasec.com/nvd/cve-2021-40211 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-1114 | | | 8:6.9.11.60+dfsg-1.3+deb11u2 | ImageMagick: heap-use-after-free | | | | | | | in RelinquishDCMInfo of dcm.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-1114 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-28463 | | | | ImageMagick: heap-buffer-overflow in | | | | | | | PushLongPixel() of quantum-private.h | | | | | | | -->avd.aquasec.com/nvd/cve-2022-28463 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-32545 | | | | ImageMagick: outside the range | | | | | | | of representable values of | | | | | | | type 'unsigned char' at... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-32545 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-32546 | | | | ImageMagick: outside the range | | | | | | | of representable values of | | | | | | | type 'unsigned long' at... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-32546 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-32547 | | | | ImageMagick: load of misaligned | | | | | | | address at MagickCore/property.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-32547 | + +---------------------+----------+ + +--------------------------------------------------------------------+ | | CVE-2021-20241 | MEDIUM | | | ImageMagick: Division by zero in | | | | | | | WriteJP2Image() in coders/jp2.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20241 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-20243 | | | | ImageMagick: Division by | | | | | | | zero in GetResizeFilterWeight | | | | | | | in MagickCore/resize.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20243 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-20244 | | | | ImageMagick: Division by | | | | | | | zero in ImplodeImage in | | | | | | | MagickCore/visual-effects.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20244 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-20245 | | | | ImageMagick: Division by zero | | | | | | | in WriteAnimatedWEBPImage() | | | | | | | in coders/webp.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20245 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-20246 | | | | ImageMagick: Division by | | | | | | | zero in ScaleResampleFilter | | | | | | | in MagickCore/resample.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20246 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-4219 | | | | imagemagick: remote | | | | | | | DoS in MagicCore/draw.c | | | | | | | via crafted SVG file | | | | | | | -->avd.aquasec.com/nvd/cve-2021-4219 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-1115 | | | 8:6.9.11.60+dfsg-1.3+deb11u3 | ImageMagick: heap-buffer-overflow in | | | | | | | PushShortPixel of quantum-private.h | | | | | | | -->avd.aquasec.com/nvd/cve-2022-1115 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-3213 | | | | ImageMagick: heap buffer | | | | | | | overflow while processing | | | | | | | a malformed TIFF file | | | | | | | -->avd.aquasec.com/nvd/cve-2022-3213 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-44267 | | | 8:6.9.11.60+dfsg-1.3+deb11u1 | ImageMagick: Denial of Service | | | | | | | when it parses a PNG image | | | | | | | -->avd.aquasec.com/nvd/cve-2022-44267 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-44268 | | | | ImageMagick: vulnerable | | | | | | | to Information Disclosure | | | | | | | when it parses a PNG image | | | | | | | -->avd.aquasec.com/nvd/cve-2022-44268 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-1289 | | | 8:6.9.11.60+dfsg-1.3+deb11u3 | ImageMagick: Specially crafted | | | | | | | SVG leads to segmentation fault | | | | | | | and generate trash files... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-1289 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-1906 | | | | ImageMagick: heap-based | | | | | | | buffer overflow in | | | | | | | ImportMultiSpectralQuantum() | | | | | | | in MagickCore/quantum-import.c | | | | | | | -->avd.aquasec.com/nvd/cve-2023-1906 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-34151 | | | | ImageMagick: Undefined | | | | | | | behaviors of casting double | | | | | | | to size_t in svg, mvg and... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-34151 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-3428 | | | | ImageMagick: heap-buffer-overflow | | | | | | | in coders/tiff.c | | | | | | | -->avd.aquasec.com/nvd/cve-2023-3428 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-5341 | | | | ImageMagick: Heap | | | | | | | use-after-free in coders/bmp.c | | | | | | | -->avd.aquasec.com/nvd/cve-2023-5341 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2005-0406 | LOW | | | A design flaw in image | | | | | | | processing software that | | | | | | | modifies JPEG images m... | | | | | | | -->avd.aquasec.com/nvd/cve-2005-0406 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2008-3134 | | | | GraphicsMagick/ImageMagick: | | | | | | | multiple crash or DoS issues | | | | | | | -->avd.aquasec.com/nvd/cve-2008-3134 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2016-8678 | | | | ImageMagick: Heap-buffer | | | | | | | overflow in IsPixelMonochrome | | | | | | | -->avd.aquasec.com/nvd/cve-2016-8678 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2017-11754 | | | | ImageMagick: Memory leak | | | | | | | in WritePICONImage function | | | | | | | -->avd.aquasec.com/nvd/cve-2017-11754 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2017-11755 | | | | ImageMagick: Memory leak in | | | | | | | WritePICONImage function via | | | | | | | mishandled AcquireSemaphoreInfo call | | | | | | | -->avd.aquasec.com/nvd/cve-2017-11755 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2017-7275 | | | | ImageMagick: Memory allocation | | | | | | | failure in AcquireMagickMemory | | | | | | | (incomplete fix for CVE-2016-8866) | | | | | | | -->avd.aquasec.com/nvd/cve-2017-7275 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2018-15607 | | | | ImageMagick: CPU Exhaustion | | | | | | | via crafted input file | | | | | | | -->avd.aquasec.com/nvd/cve-2018-15607 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-20311 | | | | ImageMagick: Division by | | | | | | | zero in sRGBTransformImage() | | | | | | | in MagickCore/colorspace.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20311 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-3574 | | | 8:6.9.11.60+dfsg-1.3+deb11u2 | ImageMagick: memory leaks | | | | | | | with convert command | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3574 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-39212 | | | | ImageMagick: possible read | | | | | | | or write in postscript files | | | | | | | -->avd.aquasec.com/nvd/cve-2021-39212 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-34152 | | | | ImageMagick: RCE (shell command | | | | | | | injection) vulnerability in OpenBlob | | | | | | | with --enable-pipes configured | | | | | | | -->avd.aquasec.com/nvd/cve-2023-34152 | +------------------------------+---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | libmagickwand-6.q16-6 | CVE-2021-20309 | HIGH | | 8:6.9.11.60+dfsg-1.3+deb11u2 | ImagemMagick: Division | | | | | | | by zero in WaveImage() of | | | | | | | MagickCore/visual-effects.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20309 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-20312 | | | | ImageMagick: Integer overflow | | | | | | | in WriteTHUMBNAILImage | | | | | | | of coders/thumbnail.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20312 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-20313 | | | | ImageMagick: Cipher leak when | | | | | | | the calculating signatures | | | | | | | in TransformSignatureof | | | | | | | MagickCore/signature.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20313 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-3610 | | | 8:6.9.11.60+dfsg-1.3+deb11u3 | ImageMagick: heap-based | | | | | | | buffer overflow in | | | | | | | ReadTIFFImage() in coders/tiff.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3610 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-40211 | | | | ImageMagick: Division by zero | | | | | | | in ReadEnhMetaFile lead to DoS | | | | | | | -->avd.aquasec.com/nvd/cve-2021-40211 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-1114 | | | 8:6.9.11.60+dfsg-1.3+deb11u2 | ImageMagick: heap-use-after-free | | | | | | | in RelinquishDCMInfo of dcm.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-1114 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-28463 | | | | ImageMagick: heap-buffer-overflow in | | | | | | | PushLongPixel() of quantum-private.h | | | | | | | -->avd.aquasec.com/nvd/cve-2022-28463 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-32545 | | | | ImageMagick: outside the range | | | | | | | of representable values of | | | | | | | type 'unsigned char' at... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-32545 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-32546 | | | | ImageMagick: outside the range | | | | | | | of representable values of | | | | | | | type 'unsigned long' at... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-32546 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-32547 | | | | ImageMagick: load of misaligned | | | | | | | address at MagickCore/property.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-32547 | + +---------------------+----------+ + +--------------------------------------------------------------------+ | | CVE-2021-20241 | MEDIUM | | | ImageMagick: Division by zero in | | | | | | | WriteJP2Image() in coders/jp2.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20241 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-20243 | | | | ImageMagick: Division by | | | | | | | zero in GetResizeFilterWeight | | | | | | | in MagickCore/resize.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20243 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-20244 | | | | ImageMagick: Division by | | | | | | | zero in ImplodeImage in | | | | | | | MagickCore/visual-effects.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20244 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-20245 | | | | ImageMagick: Division by zero | | | | | | | in WriteAnimatedWEBPImage() | | | | | | | in coders/webp.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20245 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-20246 | | | | ImageMagick: Division by | | | | | | | zero in ScaleResampleFilter | | | | | | | in MagickCore/resample.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20246 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-4219 | | | | imagemagick: remote | | | | | | | DoS in MagicCore/draw.c | | | | | | | via crafted SVG file | | | | | | | -->avd.aquasec.com/nvd/cve-2021-4219 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-1115 | | | 8:6.9.11.60+dfsg-1.3+deb11u3 | ImageMagick: heap-buffer-overflow in | | | | | | | PushShortPixel of quantum-private.h | | | | | | | -->avd.aquasec.com/nvd/cve-2022-1115 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-3213 | | | | ImageMagick: heap buffer | | | | | | | overflow while processing | | | | | | | a malformed TIFF file | | | | | | | -->avd.aquasec.com/nvd/cve-2022-3213 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-44267 | | | 8:6.9.11.60+dfsg-1.3+deb11u1 | ImageMagick: Denial of Service | | | | | | | when it parses a PNG image | | | | | | | -->avd.aquasec.com/nvd/cve-2022-44267 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-44268 | | | | ImageMagick: vulnerable | | | | | | | to Information Disclosure | | | | | | | when it parses a PNG image | | | | | | | -->avd.aquasec.com/nvd/cve-2022-44268 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-1289 | | | 8:6.9.11.60+dfsg-1.3+deb11u3 | ImageMagick: Specially crafted | | | | | | | SVG leads to segmentation fault | | | | | | | and generate trash files... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-1289 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-1906 | | | | ImageMagick: heap-based | | | | | | | buffer overflow in | | | | | | | ImportMultiSpectralQuantum() | | | | | | | in MagickCore/quantum-import.c | | | | | | | -->avd.aquasec.com/nvd/cve-2023-1906 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-34151 | | | | ImageMagick: Undefined | | | | | | | behaviors of casting double | | | | | | | to size_t in svg, mvg and... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-34151 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-3428 | | | | ImageMagick: heap-buffer-overflow | | | | | | | in coders/tiff.c | | | | | | | -->avd.aquasec.com/nvd/cve-2023-3428 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-5341 | | | | ImageMagick: Heap | | | | | | | use-after-free in coders/bmp.c | | | | | | | -->avd.aquasec.com/nvd/cve-2023-5341 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2005-0406 | LOW | | | A design flaw in image | | | | | | | processing software that | | | | | | | modifies JPEG images m... | | | | | | | -->avd.aquasec.com/nvd/cve-2005-0406 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2008-3134 | | | | GraphicsMagick/ImageMagick: | | | | | | | multiple crash or DoS issues | | | | | | | -->avd.aquasec.com/nvd/cve-2008-3134 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2016-8678 | | | | ImageMagick: Heap-buffer | | | | | | | overflow in IsPixelMonochrome | | | | | | | -->avd.aquasec.com/nvd/cve-2016-8678 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2017-11754 | | | | ImageMagick: Memory leak | | | | | | | in WritePICONImage function | | | | | | | -->avd.aquasec.com/nvd/cve-2017-11754 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2017-11755 | | | | ImageMagick: Memory leak in | | | | | | | WritePICONImage function via | | | | | | | mishandled AcquireSemaphoreInfo call | | | | | | | -->avd.aquasec.com/nvd/cve-2017-11755 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2017-7275 | | | | ImageMagick: Memory allocation | | | | | | | failure in AcquireMagickMemory | | | | | | | (incomplete fix for CVE-2016-8866) | | | | | | | -->avd.aquasec.com/nvd/cve-2017-7275 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2018-15607 | | | | ImageMagick: CPU Exhaustion | | | | | | | via crafted input file | | | | | | | -->avd.aquasec.com/nvd/cve-2018-15607 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-20311 | | | | ImageMagick: Division by | | | | | | | zero in sRGBTransformImage() | | | | | | | in MagickCore/colorspace.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20311 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-3574 | | | 8:6.9.11.60+dfsg-1.3+deb11u2 | ImageMagick: memory leaks | | | | | | | with convert command | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3574 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-39212 | | | | ImageMagick: possible read | | | | | | | or write in postscript files | | | | | | | -->avd.aquasec.com/nvd/cve-2021-39212 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-34152 | | | | ImageMagick: RCE (shell command | | | | | | | injection) vulnerability in OpenBlob | | | | | | | with --enable-pipes configured | | | | | | | -->avd.aquasec.com/nvd/cve-2023-34152 | +------------------------------+---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | libmagickwand-6.q16-dev | CVE-2021-20309 | HIGH | | 8:6.9.11.60+dfsg-1.3+deb11u2 | ImagemMagick: Division | | | | | | | by zero in WaveImage() of | | | | | | | MagickCore/visual-effects.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20309 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-20312 | | | | ImageMagick: Integer overflow | | | | | | | in WriteTHUMBNAILImage | | | | | | | of coders/thumbnail.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20312 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-20313 | | | | ImageMagick: Cipher leak when | | | | | | | the calculating signatures | | | | | | | in TransformSignatureof | | | | | | | MagickCore/signature.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20313 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-3610 | | | 8:6.9.11.60+dfsg-1.3+deb11u3 | ImageMagick: heap-based | | | | | | | buffer overflow in | | | | | | | ReadTIFFImage() in coders/tiff.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3610 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-40211 | | | | ImageMagick: Division by zero | | | | | | | in ReadEnhMetaFile lead to DoS | | | | | | | -->avd.aquasec.com/nvd/cve-2021-40211 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-1114 | | | 8:6.9.11.60+dfsg-1.3+deb11u2 | ImageMagick: heap-use-after-free | | | | | | | in RelinquishDCMInfo of dcm.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-1114 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-28463 | | | | ImageMagick: heap-buffer-overflow in | | | | | | | PushLongPixel() of quantum-private.h | | | | | | | -->avd.aquasec.com/nvd/cve-2022-28463 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-32545 | | | | ImageMagick: outside the range | | | | | | | of representable values of | | | | | | | type 'unsigned char' at... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-32545 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-32546 | | | | ImageMagick: outside the range | | | | | | | of representable values of | | | | | | | type 'unsigned long' at... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-32546 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-32547 | | | | ImageMagick: load of misaligned | | | | | | | address at MagickCore/property.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-32547 | + +---------------------+----------+ + +--------------------------------------------------------------------+ | | CVE-2021-20241 | MEDIUM | | | ImageMagick: Division by zero in | | | | | | | WriteJP2Image() in coders/jp2.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20241 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-20243 | | | | ImageMagick: Division by | | | | | | | zero in GetResizeFilterWeight | | | | | | | in MagickCore/resize.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20243 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-20244 | | | | ImageMagick: Division by | | | | | | | zero in ImplodeImage in | | | | | | | MagickCore/visual-effects.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20244 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-20245 | | | | ImageMagick: Division by zero | | | | | | | in WriteAnimatedWEBPImage() | | | | | | | in coders/webp.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20245 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-20246 | | | | ImageMagick: Division by | | | | | | | zero in ScaleResampleFilter | | | | | | | in MagickCore/resample.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20246 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-4219 | | | | imagemagick: remote | | | | | | | DoS in MagicCore/draw.c | | | | | | | via crafted SVG file | | | | | | | -->avd.aquasec.com/nvd/cve-2021-4219 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-1115 | | | 8:6.9.11.60+dfsg-1.3+deb11u3 | ImageMagick: heap-buffer-overflow in | | | | | | | PushShortPixel of quantum-private.h | | | | | | | -->avd.aquasec.com/nvd/cve-2022-1115 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-3213 | | | | ImageMagick: heap buffer | | | | | | | overflow while processing | | | | | | | a malformed TIFF file | | | | | | | -->avd.aquasec.com/nvd/cve-2022-3213 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-44267 | | | 8:6.9.11.60+dfsg-1.3+deb11u1 | ImageMagick: Denial of Service | | | | | | | when it parses a PNG image | | | | | | | -->avd.aquasec.com/nvd/cve-2022-44267 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-44268 | | | | ImageMagick: vulnerable | | | | | | | to Information Disclosure | | | | | | | when it parses a PNG image | | | | | | | -->avd.aquasec.com/nvd/cve-2022-44268 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-1289 | | | 8:6.9.11.60+dfsg-1.3+deb11u3 | ImageMagick: Specially crafted | | | | | | | SVG leads to segmentation fault | | | | | | | and generate trash files... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-1289 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-1906 | | | | ImageMagick: heap-based | | | | | | | buffer overflow in | | | | | | | ImportMultiSpectralQuantum() | | | | | | | in MagickCore/quantum-import.c | | | | | | | -->avd.aquasec.com/nvd/cve-2023-1906 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-34151 | | | | ImageMagick: Undefined | | | | | | | behaviors of casting double | | | | | | | to size_t in svg, mvg and... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-34151 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-3428 | | | | ImageMagick: heap-buffer-overflow | | | | | | | in coders/tiff.c | | | | | | | -->avd.aquasec.com/nvd/cve-2023-3428 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-5341 | | | | ImageMagick: Heap | | | | | | | use-after-free in coders/bmp.c | | | | | | | -->avd.aquasec.com/nvd/cve-2023-5341 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2005-0406 | LOW | | | A design flaw in image | | | | | | | processing software that | | | | | | | modifies JPEG images m... | | | | | | | -->avd.aquasec.com/nvd/cve-2005-0406 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2008-3134 | | | | GraphicsMagick/ImageMagick: | | | | | | | multiple crash or DoS issues | | | | | | | -->avd.aquasec.com/nvd/cve-2008-3134 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2016-8678 | | | | ImageMagick: Heap-buffer | | | | | | | overflow in IsPixelMonochrome | | | | | | | -->avd.aquasec.com/nvd/cve-2016-8678 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2017-11754 | | | | ImageMagick: Memory leak | | | | | | | in WritePICONImage function | | | | | | | -->avd.aquasec.com/nvd/cve-2017-11754 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2017-11755 | | | | ImageMagick: Memory leak in | | | | | | | WritePICONImage function via | | | | | | | mishandled AcquireSemaphoreInfo call | | | | | | | -->avd.aquasec.com/nvd/cve-2017-11755 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2017-7275 | | | | ImageMagick: Memory allocation | | | | | | | failure in AcquireMagickMemory | | | | | | | (incomplete fix for CVE-2016-8866) | | | | | | | -->avd.aquasec.com/nvd/cve-2017-7275 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2018-15607 | | | | ImageMagick: CPU Exhaustion | | | | | | | via crafted input file | | | | | | | -->avd.aquasec.com/nvd/cve-2018-15607 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-20311 | | | | ImageMagick: Division by | | | | | | | zero in sRGBTransformImage() | | | | | | | in MagickCore/colorspace.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20311 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-3574 | | | 8:6.9.11.60+dfsg-1.3+deb11u2 | ImageMagick: memory leaks | | | | | | | with convert command | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3574 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-39212 | | | | ImageMagick: possible read | | | | | | | or write in postscript files | | | | | | | -->avd.aquasec.com/nvd/cve-2021-39212 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-34152 | | | | ImageMagick: RCE (shell command | | | | | | | injection) vulnerability in OpenBlob | | | | | | | with --enable-pipes configured | | | | | | | -->avd.aquasec.com/nvd/cve-2023-34152 | +------------------------------+---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | libmagickwand-dev | CVE-2021-20309 | HIGH | | 8:6.9.11.60+dfsg-1.3+deb11u2 | ImagemMagick: Division | | | | | | | by zero in WaveImage() of | | | | | | | MagickCore/visual-effects.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20309 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-20312 | | | | ImageMagick: Integer overflow | | | | | | | in WriteTHUMBNAILImage | | | | | | | of coders/thumbnail.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20312 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-20313 | | | | ImageMagick: Cipher leak when | | | | | | | the calculating signatures | | | | | | | in TransformSignatureof | | | | | | | MagickCore/signature.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20313 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-3610 | | | 8:6.9.11.60+dfsg-1.3+deb11u3 | ImageMagick: heap-based | | | | | | | buffer overflow in | | | | | | | ReadTIFFImage() in coders/tiff.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3610 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-40211 | | | | ImageMagick: Division by zero | | | | | | | in ReadEnhMetaFile lead to DoS | | | | | | | -->avd.aquasec.com/nvd/cve-2021-40211 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-1114 | | | 8:6.9.11.60+dfsg-1.3+deb11u2 | ImageMagick: heap-use-after-free | | | | | | | in RelinquishDCMInfo of dcm.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-1114 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-28463 | | | | ImageMagick: heap-buffer-overflow in | | | | | | | PushLongPixel() of quantum-private.h | | | | | | | -->avd.aquasec.com/nvd/cve-2022-28463 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-32545 | | | | ImageMagick: outside the range | | | | | | | of representable values of | | | | | | | type 'unsigned char' at... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-32545 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-32546 | | | | ImageMagick: outside the range | | | | | | | of representable values of | | | | | | | type 'unsigned long' at... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-32546 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-32547 | | | | ImageMagick: load of misaligned | | | | | | | address at MagickCore/property.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-32547 | + +---------------------+----------+ + +--------------------------------------------------------------------+ | | CVE-2021-20241 | MEDIUM | | | ImageMagick: Division by zero in | | | | | | | WriteJP2Image() in coders/jp2.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20241 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-20243 | | | | ImageMagick: Division by | | | | | | | zero in GetResizeFilterWeight | | | | | | | in MagickCore/resize.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20243 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-20244 | | | | ImageMagick: Division by | | | | | | | zero in ImplodeImage in | | | | | | | MagickCore/visual-effects.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20244 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-20245 | | | | ImageMagick: Division by zero | | | | | | | in WriteAnimatedWEBPImage() | | | | | | | in coders/webp.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20245 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-20246 | | | | ImageMagick: Division by | | | | | | | zero in ScaleResampleFilter | | | | | | | in MagickCore/resample.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20246 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-4219 | | | | imagemagick: remote | | | | | | | DoS in MagicCore/draw.c | | | | | | | via crafted SVG file | | | | | | | -->avd.aquasec.com/nvd/cve-2021-4219 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-1115 | | | 8:6.9.11.60+dfsg-1.3+deb11u3 | ImageMagick: heap-buffer-overflow in | | | | | | | PushShortPixel of quantum-private.h | | | | | | | -->avd.aquasec.com/nvd/cve-2022-1115 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-3213 | | | | ImageMagick: heap buffer | | | | | | | overflow while processing | | | | | | | a malformed TIFF file | | | | | | | -->avd.aquasec.com/nvd/cve-2022-3213 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2022-44267 | | | 8:6.9.11.60+dfsg-1.3+deb11u1 | ImageMagick: Denial of Service | | | | | | | when it parses a PNG image | | | | | | | -->avd.aquasec.com/nvd/cve-2022-44267 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-44268 | | | | ImageMagick: vulnerable | | | | | | | to Information Disclosure | | | | | | | when it parses a PNG image | | | | | | | -->avd.aquasec.com/nvd/cve-2022-44268 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-1289 | | | 8:6.9.11.60+dfsg-1.3+deb11u3 | ImageMagick: Specially crafted | | | | | | | SVG leads to segmentation fault | | | | | | | and generate trash files... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-1289 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-1906 | | | | ImageMagick: heap-based | | | | | | | buffer overflow in | | | | | | | ImportMultiSpectralQuantum() | | | | | | | in MagickCore/quantum-import.c | | | | | | | -->avd.aquasec.com/nvd/cve-2023-1906 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-34151 | | | | ImageMagick: Undefined | | | | | | | behaviors of casting double | | | | | | | to size_t in svg, mvg and... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-34151 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-3428 | | | | ImageMagick: heap-buffer-overflow | | | | | | | in coders/tiff.c | | | | | | | -->avd.aquasec.com/nvd/cve-2023-3428 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2023-5341 | | | | ImageMagick: Heap | | | | | | | use-after-free in coders/bmp.c | | | | | | | -->avd.aquasec.com/nvd/cve-2023-5341 | + +---------------------+----------+ +------------------------------+--------------------------------------------------------------------+ | | CVE-2005-0406 | LOW | | | A design flaw in image | | | | | | | processing software that | | | | | | | modifies JPEG images m... | | | | | | | -->avd.aquasec.com/nvd/cve-2005-0406 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2008-3134 | | | | GraphicsMagick/ImageMagick: | | | | | | | multiple crash or DoS issues | | | | | | | -->avd.aquasec.com/nvd/cve-2008-3134 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2016-8678 | | | | ImageMagick: Heap-buffer | | | | | | | overflow in IsPixelMonochrome | | | | | | | -->avd.aquasec.com/nvd/cve-2016-8678 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2017-11754 | | | | ImageMagick: Memory leak | | | | | | | in WritePICONImage function | | | | | | | -->avd.aquasec.com/nvd/cve-2017-11754 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2017-11755 | | | | ImageMagick: Memory leak in | | | | | | | WritePICONImage function via | | | | | | | mishandled AcquireSemaphoreInfo call | | | | | | | -->avd.aquasec.com/nvd/cve-2017-11755 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2017-7275 | | | | ImageMagick: Memory allocation | | | | | | | failure in AcquireMagickMemory | | | | | | | (incomplete fix for CVE-2016-8866) | | | | | | | -->avd.aquasec.com/nvd/cve-2017-7275 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2018-15607 | | | | ImageMagick: CPU Exhaustion | | | | | | | via crafted input file | | | | | | | -->avd.aquasec.com/nvd/cve-2018-15607 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-20311 | | | | ImageMagick: Division by | | | | | | | zero in sRGBTransformImage() | | | | | | | in MagickCore/colorspace.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20311 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2021-3574 | | | 8:6.9.11.60+dfsg-1.3+deb11u2 | ImageMagick: memory leaks | | | | | | | with convert command | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3574 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2021-39212 | | | | ImageMagick: possible read | | | | | | | or write in postscript files | | | | | | | -->avd.aquasec.com/nvd/cve-2021-39212 | + +---------------------+ + +------------------------------+--------------------------------------------------------------------+ | | CVE-2023-34152 | | | | ImageMagick: RCE (shell command | | | | | | | injection) vulnerability in OpenBlob | | | | | | | with --enable-pipes configured | | | | | | | -->avd.aquasec.com/nvd/cve-2023-34152 | +------------------------------+---------------------+----------+-------------------------+------------------------------+--------------------------------------------------------------------+ | libmariadb-dev | CVE-2021-46669 | HIGH | 1:10.5.15-0+deb11u1 | 1:10.5.18-0+deb11u1 | mariadb: MariaDB through | | | | | | | 10.5.9 allows attackers to | | | | | | | trigger a convert_const_to_int | | | | | | | use-after-free when... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-46669 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-27376 | | | | mariadb: assertion failure | | | | | | | in Item_args::walk_arg | | | | | | | -->avd.aquasec.com/nvd/cve-2022-27376 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-27377 | | | | mariadb: use-after-poison | | | | | | | when complex conversion | | | | | | | is involved in blob | | | | | | | -->avd.aquasec.com/nvd/cve-2022-27377 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-27378 | | | | mariadb: server crash in | | | | | | | create_tmp_table::finalize | | | | | | | -->avd.aquasec.com/nvd/cve-2022-27378 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-27379 | | | | mariadb: server crash in component | | | | | | | arg_comparator::compare_real_fixed | | | | | | | -->avd.aquasec.com/nvd/cve-2022-27379 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-27380 | | | | mariadb: server crash | | | | | | | at my_decimal::operator= | | | | | | | -->avd.aquasec.com/nvd/cve-2022-27380 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-27381 | | | | mariadb: server crash at | | | | | | | Field::set_default via | | | | | | | specially crafted SQL statements | | | | | | | -->avd.aquasec.com/nvd/cve-2022-27381 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-27382 | | | | mariadb: assertion failure via component | | | | | | | Item_field::used_tables/update_depend_map_for_order | | | | | | | -->avd.aquasec.com/nvd/cve-2022-27382 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-27383 | | | | mariadb: use-after-poison | | | | | | | in my_strcasecmp_8bit() | | | | | | | of ctype-simple.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-27383 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-27384 | | | | mariadb: crash via component | | | | | | | Item_subselect::init_expr_cache_tracker | | | | | | | -->avd.aquasec.com/nvd/cve-2022-27384 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-27386 | | | | mariadb: server crashes in | | | | | | | query_arena::set_query_arena | | | | | | | upon SELECT from view | | | | | | | -->avd.aquasec.com/nvd/cve-2022-27386 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-27387 | | | | mariadb: assertion failures | | | | | | | in decimal_bin_size | | | | | | | -->avd.aquasec.com/nvd/cve-2022-27387 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-27444 | | | | mariadb: crash when using HAVING with | | | | | | | NOT EXIST predicate in an equality... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-27444 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-27445 | | | | mariadb: assertion failure | | | | | | | in compare_order_elements | | | | | | | -->avd.aquasec.com/nvd/cve-2022-27445 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-27446 | | | | mariadb: crash when using HAVING with | | | | | | | IS NULL predicate in an equality... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-27446 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-27447 | | | | mariadb: use-after-poison in | | | | | | | Binary_string::free_buffer | | | | | | | -->avd.aquasec.com/nvd/cve-2022-27447 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-27448 | | | | mariadb: crash in multi-update | | | | | | | and implicit grouping | | | | | | | -->avd.aquasec.com/nvd/cve-2022-27448 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-27449 | | | | mariadb: assertion failure | | | | | | | in sql/item_func.cc | | | | | | | -->avd.aquasec.com/nvd/cve-2022-27449 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-27451 | | | | mariadb: crash via window | | | | | | | function in expression in ORDER BY | | | | | | | -->avd.aquasec.com/nvd/cve-2022-27451 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-27452 | | | | mariadb: assertion failure | | | | | | | in sql/item_cmpfunc.cc | | | | | | | -->avd.aquasec.com/nvd/cve-2022-27452 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-27455 | | | | mariadb: use-after-free when | | | | | | | WHERE has subquery with an | | | | | | | outer reference in HAVING... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-27455 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-27456 | | | | mariadb: assertion failure in | | | | | | | VDec::VDec at /sql/sql_type.cc | | | | | | | -->avd.aquasec.com/nvd/cve-2022-27456 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-27457 | | | | mariadb: incorrect key in "dup | | | | | | | value" error after long unique | | | | | | | -->avd.aquasec.com/nvd/cve-2022-27457 | + +---------------------+ + + +--------------------------------------------------------------------+ | | CVE-2022-27458 | | | | mariadb: use-after-poison in | | | | | | | Binary_string::free_buffer | | | | | | | -->avd.aquasec.com/nvd/cve-2022-27458 | + +-------