Ukraine’s security services said that the IT specialist from Kharkiv targeted government websites and provided intelligence to Russia to carry out missile strikes
Monthly Archives: January 2024
Buffer overflow in Sane
Posted by Meng Ruijie on Jan 26
[Vulnerability description]
A buffer overflow existed in Sane v.1.2.1 via a crafted config file to the init_options() function.
[Vulnerability Type]
Buffer Overflow
[Vendor of Product]
sane
[Affected Product Code Base]
sane – 1.2.1
[Reference]
https://gitlab.com/sane-project/backends/-/issues/709
[CVE Reference]
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2023-46052 to this
vulnerability.
null pointer deference in tex-live
Posted by Meng Ruijie on Jan 26
[Vulnerability description]
A null pointer deference existed in tex-live v.944e257 via a crafted file to the texk/web2c/pdftexdir/tounicode.c
function.
[VulnerabilityType Other]
null pointer deference
[Vendor of Product]
tex-live
[Affected Product Code Base]
tex-live – 944e257
[Reference]
https://tug.org/pipermail/tex-live/2023-August/049406.html
[CVE Reference]
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned…
null pointer deference in MiniZinc via a crafted Preferences.json file
Posted by Meng Ruijie on Jan 26
[Vulnerability description]
A null pointer deference existed in MiniZinc v.2.7.6 via a crafted Preferences.json file.
[VulnerabilityType Other]
null pointer deference
[Vendor of Product]
MiniZinc
[Affected Product Code Base]
MiniZinc – 2.7.6
[Reference]
https://github.com/MiniZinc/libminizinc/issues/729
[CVE Reference]
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2023-46050 to this…
null pointer deference in LLVM
Posted by Meng Ruijie on Jan 26
[Vulnerability description]
A null pointer deference existed in LLVM v.15.0.0 via a crafted pdflatex.fmt file.
[VulnerabilityType Other]
null pointer deference
[Vendor of Product]
llvm
[Affected Product Code Base]
llvm – LLVM-15
[Reference]
https://github.com/llvm/llvm-project/issues/67388
[CVE Reference]
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2023-46049 to this
vulnerability.
null pointer deference in tex-live via a crafted cmr10.pfb
Posted by Meng Ruijie on Jan 26
[Vulnerability description]
A null pointer deference occurred in tex-live 944e257 via a crafted cmr10.pfb config file.
[VulnerabilityType Other]
null pointer deference
[Vendor of Product]
tex-live
[Affected Product Code Base]
tex-live – 944e257
[Reference]
https://tug.org/pipermail/tex-live/2023-August/049400.html
[CVE Reference]
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2023-46048 to this…
null pointer deference in Sane via a crafted config file
Posted by Meng Ruijie on Jan 26
[Vulnerability description]
A null pointer deference occurred in Sane v.1.2.1 via a crafted config file to the sanei_configure_attach() function.
[VulnerabilityType Other]
null pointer deference
[Vendor of Product]
sane
[Affected Product Code Base]
sane – 1.2.1
[Reference]
https://gitlab.com/sane-project/backends/-/issues/708
[CVE Reference]
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2023-46047…
null pointer deference in MiniZinc via a crafted .mzn file
Posted by Meng Ruijie on Jan 26
[Vulnerability description]
Null pointer deference happens in MiniZinc v.2.7.6 via a crafted .mzn file.
[VulnerabilityType Other]
null pointer deference
[Vendor of Product]
MiniZinc
[Affected Product Code Base]
MiniZinc – 2.7.6
[Reference]
https://github.com/MiniZinc/libminizinc/issues/730
[CVE Reference]
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2023-46046 to this
vulnerability.
Buffer Overflow in graphviz via via a crafted config6a file
Posted by Meng Ruijie on Jan 26
[Vulnerability description]
Buffer Overflow vulnerability in graphviz v.2.43.0 allows a remote attacker to execute arbitrary code via a crafted
config6a file.
[Vulnerability Type]
Buffer Overflow
[Vendor of Product]
graphviz
[Affected Product Code Base]
graphviz – 2.43.0
[Reference]
https://gitlab.com/graphviz/graphviz/-/issues/2441
[CVE Reference]
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name…
NULL pointer dereference in QT via the function QXcbConnection::initializeAllAtoms()
Posted by Meng Ruijie on Jan 26
[Vulnerability description]
QT v6.2, v6.5, and v6.6 was discovered to contain a NULL pointer dereference via the function
QXcbConnection::initializeAllAtoms().
[VulnerabilityType Other]
null pointer deference
[Vendor of Product]
qt
[Affected Product Code Base]
qt – 6.6, 6.5, 6.2
[Reference]
https://bugreports.qt.io/browse/QTBUG-115599
[CVE Reference]
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name…