Category Archives: Advisories

null pointer deference in tex-live via a crafted cmr10.pfb

Read Time:22 Second

Posted by Meng Ruijie on Jan 26

[Vulnerability description]
A null pointer deference occurred in tex-live 944e257 via a crafted cmr10.pfb config file.

[VulnerabilityType Other]
null pointer deference

[Vendor of Product]
tex-live

[Affected Product Code Base]
tex-live – 944e257

[Reference]
https://tug.org/pipermail/tex-live/2023-August/049400.html

[CVE Reference]
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2023-46048 to this…

Read More

null pointer deference in Sane via a crafted config file

Read Time:23 Second

Posted by Meng Ruijie on Jan 26

[Vulnerability description]
A null pointer deference occurred in Sane v.1.2.1 via a crafted config file to the sanei_configure_attach() function.

[VulnerabilityType Other]
null pointer deference

[Vendor of Product]
sane

[Affected Product Code Base]
sane – 1.2.1

[Reference]
https://gitlab.com/sane-project/backends/-/issues/708

[CVE Reference]
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2023-46047…

Read More

null pointer deference in MiniZinc via a crafted .mzn file

Read Time:21 Second

Posted by Meng Ruijie on Jan 26

[Vulnerability description]
Null pointer deference happens in MiniZinc v.2.7.6 via a crafted .mzn file.

[VulnerabilityType Other]
null pointer deference

[Vendor of Product]
MiniZinc

[Affected Product Code Base]
MiniZinc – 2.7.6

[Reference]
https://github.com/MiniZinc/libminizinc/issues/730

[CVE Reference]
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2023-46046 to this
vulnerability.

Read More

Buffer Overflow in graphviz via via a crafted config6a file

Read Time:21 Second

Posted by Meng Ruijie on Jan 26

[Vulnerability description]
Buffer Overflow vulnerability in graphviz v.2.43.0 allows a remote attacker to execute arbitrary code via a crafted
config6a file.

[Vulnerability Type]
Buffer Overflow

[Vendor of Product]
graphviz

[Affected Product Code Base]
graphviz – 2.43.0

[Reference]
https://gitlab.com/graphviz/graphviz/-/issues/2441

[CVE Reference]
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name…

Read More

NULL pointer dereference in QT via the function QXcbConnection::initializeAllAtoms()

Read Time:22 Second

Posted by Meng Ruijie on Jan 26

[Vulnerability description]
QT v6.2, v6.5, and v6.6 was discovered to contain a NULL pointer dereference via the function
QXcbConnection::initializeAllAtoms().

[VulnerabilityType Other]
null pointer deference

[Vendor of Product]
qt

[Affected Product Code Base]
qt – 6.6, 6.5, 6.2

[Reference]
https://bugreports.qt.io/browse/QTBUG-115599

[CVE Reference]
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name…

Read More

null pointer deference in nano via read_the_list()

Read Time:21 Second

Posted by Meng Ruijie on Jan 26

[Vulnerability description]
Nano v6.2 was discovered to contain a segmentation violation via the function read_the_list().

[VulnerabilityType Other]
null pointer deference

[Vendor of Product]
nano

[Affected Product Code Base]
nano – 6.2

[Reference]
https://savannah.gnu.org/bugs/index.php?64465

[CVE Reference]
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2023-45932 to this
vulnerability.

Read More

NULL pointer dereference in freedesktop Mesa via check_xshm()

Read Time:22 Second

Posted by Meng Ruijie on Jan 26

[Vulnerability description]
freedesktop Mesa v23.0.4 was discovered to contain a NULL pointer dereference via the function check_xshm().

[Vulnerability Type]
NULL pointer dereference

[Vendor of Product]
freedesktop

[Affected Product Code Base]
Mesa – 23.0.4

[Reference]
https://gitlab.freedesktop.org/mesa/mesa/-/issues/9859

[CVE Reference]
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2023-45931 to…

Read More

null pointer deference in gnome gtk via parse_settings() at xsettings-client.c

Read Time:20 Second

Posted by Meng Ruijie on Jan 26

[Vulnerability description]
gnome gtk ac60bc60 was discovered to contain a segmentation violation via the function parse_settings() at
xsettings-client.c.

[VulnerabilityType Other]
null pointer deference

[Vendor of Product]
gnome

[Affected Product Code Base]
gtk – ac60bc60

[Reference]
https://gitlab.gnome.org/GNOME/gtk/-/issues/5983

[CVE Reference]
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name…

Read More

SEGV in S-Lang via fixup_tgetstr()

Read Time:22 Second

Posted by Meng Ruijie on Jan 26

[Vulnerability description]
S-Lang v2.3.2 was discovered to contain a SEGV via the function fixup_tgetstr().

[VulnerabilityType Other]
SEGV

[Vendor of Product]
S-Lang

[Affected Product Code Base]
S-Lang – 2.3.2

[Reference]
http://lists.jedsoft.org/lists/slang-users/2023/0000002.html

[CVE Reference]
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2023-45929 to this
vulnerability.

Read More

null pointer deference in gnome gtk via init_randr15() at gdkscreen-x11.c

Read Time:20 Second

Posted by Meng Ruijie on Jan 26

[Vulnerability description]
gnome gtk f2a28891 was discovered to contain a segmentation violation via the function init_randr15() at
gdkscreen-x11.c.

[VulnerabilityType Other]
null pointer deference

[Vendor of Product]
gnome

[Affected Product Code Base]
gtk – f2a28891

[Reference]
https://gitlab.gnome.org/GNOME/gtk/-/issues/5984

[CVE Reference]
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name…

Read More