A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks.
Category Archives: Advisories
CVE-2021-35939
It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
libtar-1.2.20-25.fc35
FEDORA-2022-fe1a4e3cf0
Packages in this update:
libtar-1.2.20-25.fc35
Update description:
fix memory leaks through gnu_long{name,link} (CVE-2021-33645 CVE-2021-33646)
fix out-of-bounds read in gnu_long{name,link} (CVE-2021-33643 CVE-2021-33644)
libtar-1.2.20-25.fc36
FEDORA-2022-50e8a1b51d
Packages in this update:
libtar-1.2.20-25.fc36
Update description:
fix memory leaks through gnu_long{name,link} (CVE-2021-33645 CVE-2021-33646)
fix out-of-bounds read in gnu_long{name,link} (CVE-2021-33643 CVE-2021-33644)
libtar-1.2.20-25.fc37
FEDORA-2022-44a20bba43
Packages in this update:
libtar-1.2.20-25.fc37
Update description:
fix memory leaks through gnu_long{name,link} (CVE-2021-33645 CVE-2021-33646)
fix out-of-bounds read in gnu_long{name,link} (CVE-2021-33643 CVE-2021-33644)
CVE-2020-27796
A heap-based buffer over-read was discovered in the invert_pt_dynamic function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file.
CVE-2020-27797
An invalid memory address reference was discovered in the elf_lookup function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file.
CVE-2020-27798
An invalid memory address reference was discovered in the adjABS function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file.
CVE-2020-27799
A heap-based buffer over-read was discovered in the acc_ua_get_be32 function in miniacc.h in UPX 4.0.0 via a crafted Mach-O file.
CVE-2020-27800
A heap-based buffer over-read was discovered in the get_le32 function in bele.h in UPX 4.0.0 via a crafted Mach-O file.