Security Vulnerabilities - CVEs Published In August 2022
In Splunk Enterprise and Universal Forwarder versions in the following table, indexing a specially crafted ZIP file using the file monitoring input can result in a crash of the application. Attempts to restart the application would result in a crash and would require manually removing the malformed file.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-08-16
fdkaac v1.0.3 was discovered to contain a heap buffer overflow via __interceptor_memcpy.part.46 at /sanitizer_common/sanitizer_common_interceptors.inc.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-08-16
XPDF commit ffaf11c was discovered to contain a stack overflow via __asan_memcpy at asan_interceptors_memintrinsics.cpp.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-08-16
XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::transformDataUnit at /xpdf/Stream.cc.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-08-16
XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::readHuffSym(DCTHuffTable*) at /xpdf/Stream.cc.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-08-16
XPDF commit ffaf11c was discovered to contain a floating point exception (FPE) via DCTStream::decodeImage() at /xpdf/Stream.cc.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-08-16
XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::getChar() at /xpdf/Stream.cc.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-08-16
XPDF commit ffaf11c was discovered to contain a segmentation violation via DCTStream::readMCURow() at /xpdf/Stream.cc.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-08-16
XPDF commit ffaf11c was discovered to contain a segmentation violation via Lexer::getObj(Object*) at /xpdf/Lexer.cc.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-08-16
OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6c0a32.
CVSS Score
6.5
EPSS Score
0.003
Published
2022-08-16