Opensuse : Security Vulnerabilities, CVEs, Published In 2019 CVSS score >= 3
GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet.
Max CVSS
7.8
EPSS Score
0.09%
Published
2019-07-24
Updated
2021-07-21
Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attack vector is: Victim must open a crafted PDF file. The issue occurs because of an incorrect integer overflow protection mechanism in tiff_document_render and tiff_document_get_thumbnail.
Max CVSS
7.8
EPSS Score
0.20%
Published
2019-07-15
Updated
2024-02-02
libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS by infinite loop. This attack appears to be exploitable via the victim opening a specially crafted ISO9660 file.
Max CVSS
6.5
EPSS Score
1.63%
Published
2019-02-04
Updated
2020-08-24
libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to be exploitable via the victim opening a specially crafted 7zip file.
Max CVSS
6.5
EPSS Score
0.33%
Published
2019-02-04
Updated
2019-11-06
mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. This will cause a memory leak and denial of service.
Max CVSS
5.5
EPSS Score
0.04%
Published
2019-12-30
Updated
2022-04-18
An invalid memory address dereference was discovered in the canUnpack function in p_mach.cpp in UPX 3.95 via a crafted Mach-O file.
Max CVSS
5.5
EPSS Score
0.06%
Published
2019-12-27
Updated
2022-01-01
An issue was discovered in GNU LibreDWG 0.92. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_LWPOLYLINE_private in dwg.spec.
Max CVSS
6.5
EPSS Score
0.12%
Published
2019-12-27
Updated
2020-08-24
An issue was discovered in GNU LibreDWG before 0.93. There is a double-free in dwg_free in free.c.
Max CVSS
8.8
EPSS Score
0.14%
Published
2019-12-27
Updated
2020-05-22
An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessive memory allocation in decode_3dsolid in dwg.spec.
Max CVSS
6.5
EPSS Score
0.14%
Published
2019-12-27
Updated
2020-08-24
An issue was discovered in GNU LibreDWG 0.92. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_HATCH_private in dwg.spec.
Max CVSS
6.5
EPSS Score
0.12%
Published
2019-12-27
Updated
2020-08-24
An issue was discovered in GNU LibreDWG 0.92. There is a heap-based buffer over-read in decode_R13_R2000 in decode.c.
Max CVSS
8.8
EPSS Score
0.27%
Published
2019-12-27
Updated
2020-05-22
An issue was discovered in GNU LibreDWG 0.92. There is a use-after-free in resolve_objectref_vector in decode.c.
Max CVSS
8.8
EPSS Score
0.27%
Published
2019-12-27
Updated
2020-05-22
An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_SPLINE_private in dwg.spec.
Max CVSS
6.5
EPSS Score
0.12%
Published
2019-12-27
Updated
2020-08-24
In the Linux kernel before 5.1.6, there is a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service, aka CID-dea37a972655.
Max CVSS
4.6
EPSS Score
0.09%
Published
2019-12-25
Updated
2022-12-20
In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5.
Max CVSS
4.7
EPSS Score
0.06%
Published
2019-12-25
Updated
2022-03-31
In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c.
Max CVSS
9.1
EPSS Score
0.31%
Published
2019-12-24
Updated
2022-10-31
In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buffer overflow in the function ImportRLEPixels of coders/miff.c.
Max CVSS
9.8
EPSS Score
1.21%
Published
2019-12-24
Updated
2022-10-31
In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free in ThrowException and ThrowLoggedException of magick/error.c.
Max CVSS
9.8
EPSS Score
0.71%
Published
2019-12-24
Updated
2022-10-31
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare.
Max CVSS
9.1
EPSS Score
0.33%
Published
2019-12-24
Updated
2022-10-31
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c.
Max CVSS
9.8
EPSS Score
0.93%
Published
2019-12-24
Updated
2022-10-31
In the Linux kernel 5.0.0-rc7 (as distributed in ubuntu/linux.git on kernel.ubuntu.com), mounting a crafted f2fs filesystem image and performing some operations can lead to slab-out-of-bounds read access in ttm_put_pages in drivers/gpu/drm/ttm/ttm_page_alloc.c. This is related to the vmwgfx or ttm module.
Max CVSS
6.0
EPSS Score
0.09%
Published
2019-12-31
Updated
2020-05-14
multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.
Max CVSS
7.5
EPSS Score
1.38%
Published
2019-12-23
Updated
2022-04-15
zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.
Max CVSS
7.5
EPSS Score
1.06%
Published
2019-12-24
Updated
2022-04-15
flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).
Max CVSS
7.5
EPSS Score
1.06%
Published
2019-12-24
Updated
2022-04-15
Lout 3.40 has a heap-based buffer overflow in the srcnext() function in z02.c.
Max CVSS
7.8
EPSS Score
0.15%
Published
2019-12-20
Updated
2022-12-14