Security Vulnerabilities, CVEs, Published In March 2019 (Memory corruption)
BWA (aka Burrow-Wheeler Aligner) before 2019-01-23 has a stack-based buffer overflow in the bns_restore function in bntseq.c via a long sequence name in a .alt file.
Max CVSS
10.0
EPSS Score
0.43%
Published
2019-03-29
Updated
2023-02-28
An issue was discovered in aio_poll() in fs/aio.c in the Linux kernel through 5.0.4. A file may be released by aio_poll_wake() if an expected event is triggered immediately (e.g., by the close of a pair of pipes) after the return of vfs_poll(), and this will cause a use-after-free.
Max CVSS
10.0
EPSS Score
7.12%
Published
2019-03-27
Updated
2021-06-02
An issue was discovered in Xpdf 4.01.01. There is a NULL pointer dereference in the function Gfx::opSetExtGState in Gfx.cc.
Max CVSS
5.5
EPSS Score
0.07%
Published
2019-03-25
Updated
2019-03-25
In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file.
Max CVSS
8.8
EPSS Score
0.99%
Published
2019-03-24
Updated
2020-08-24
In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.
Max CVSS
7.5
EPSS Score
4.59%
Published
2019-03-22
Updated
2020-08-23
pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.
Max CVSS
7.5
EPSS Score
1.09%
Published
2019-03-22
Updated
2021-06-29
PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary.
Max CVSS
6.5
EPSS Score
0.85%
Published
2019-03-21
Updated
2023-02-11
There is an invalid memory access in the function GfxIndexedColorSpace::mapColorToBase() located in GfxState.cc in Xpdf 4.0.0, as used in pdfalto 0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
Max CVSS
7.8
EPSS Score
0.07%
Published
2019-03-21
Updated
2021-07-21
There is an invalid memory access vulnerability in the function TextPage::findGaps() located at TextOutputDev.c in Xpdf 4.01, which can (for example) be triggered by sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
Max CVSS
7.8
EPSS Score
0.08%
Published
2019-03-21
Updated
2021-07-21
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LTYPE at dwg.spec (earlier than CVE-2019-9776).
Max CVSS
7.5
EPSS Score
0.65%
Published
2019-03-14
Updated
2022-05-25
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LTYPE at dwg.spec (later than CVE-2019-9779).
Max CVSS
7.5
EPSS Score
0.65%
Published
2019-03-14
Updated
2022-05-25
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer overflow in the function dwg_decode_eed_data at decode.c for the z dimension.
Max CVSS
7.5
EPSS Score
6.98%
Published
2019-03-14
Updated
2022-05-25
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LEADER at dwg.spec.
Max CVSS
7.5
EPSS Score
11.45%
Published
2019-03-14
Updated
2022-05-25
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function bit_convert_TU at bits.c.
Max CVSS
7.5
EPSS Score
0.77%
Published
2019-03-14
Updated
2022-05-25
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer overflow in the function dwg_decode_eed_data at decode.c for the y dimension.
Max CVSS
7.5
EPSS Score
0.32%
Published
2019-03-14
Updated
2022-05-25
Stack-based buffer overflow in Free MP3 CD Ripper 2.6, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted .wma file.
Max CVSS
7.8
EPSS Score
3.99%
Published
2019-03-14
Updated
2020-11-20
Stack-based buffer overflow in Free MP3 CD Ripper 2.6, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted .mp3 file.
Max CVSS
7.8
EPSS Score
0.41%
Published
2019-03-14
Updated
2020-08-24
FTPGetter Standard v.5.97.0.177 allows remote code execution when a user initiates an FTP connection to an attacker-controlled machine that sends crafted responses. Long responses can also crash the FTP client with memory corruption.
Max CVSS
9.8
EPSS Score
17.50%
Published
2019-03-14
Updated
2021-07-21
An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source file leads to an 1 byte out of bounds write in the end_macro function in tccpp.c.
Max CVSS
5.5
EPSS Score
0.05%
Published
2019-03-13
Updated
2019-03-14
In tinysvcmdns through 2018-01-16, an mDNS server processing a crafted packet can perform arbitrary data read operations up to 16383 bytes from the start of the buffer. This can lead to a segmentation fault in uncompress_nlabel in mdns.c and a crash of the server (depending on the memory protection of the CPU and the operating system), or disclosure of memory content via error messages or a server response. NOTE: the product's web site states "This project is un-maintained, and has been since 2013. ... There are known vulnerabilities ... You are advised to NOT use this library for any new projects / products."
Max CVSS
9.4
EPSS Score
0.24%
Published
2019-03-13
Updated
2019-03-15
In libwebm before 2019-03-08, a NULL pointer dereference caused by the functions OutputCluster and OutputTracks in webm_info.cc will trigger an abort, which allows a DoS attack, a similar issue to CVE-2018-19212.
Max CVSS
7.5
EPSS Score
0.08%
Published
2019-03-13
Updated
2019-03-14
In Shanda MapleStory Online V160, the SdoKeyCrypt.sys driver allows privilege escalation to NT AUTHORITY\SYSTEM because of not validating the IOCtl 0x8000c01c input value, leading to an integer signedness error and a heap-based buffer underflow.
Max CVSS
7.8
EPSS Score
0.05%
Published
2019-03-12
Updated
2020-08-24
Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (use-after-free and daemon crash) because of a force_rescan_user error.
Max CVSS
5.5
EPSS Score
0.04%
Published
2019-03-12
Updated
2021-11-30
PoDoFo 0.9.6 has a heap-based buffer overflow in PdfString::ConvertUTF16toUTF8 in base/PdfString.cpp.
Max CVSS
9.8
EPSS Score
0.35%
Published
2019-03-11
Updated
2020-08-24
An issue was discovered in LibOFX 0.9.14. There is a NULL pointer dereference in the function OFXApplication::startElement in the file lib/ofx_sgml.cpp, as demonstrated by ofxdump.
Max CVSS
8.8
EPSS Score
0.48%
Published
2019-03-11
Updated
2023-01-20