Canonical: >> Ubuntu Linux >> 16.04 Security Vulnerabilities
Liblouis 3.5.0 has a Segmentation fault in lou_logPrint in logging.c.
CVSS Score
8.8
EPSS Score
0.002
Published
2018-05-31
NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application crash) via a crafted file.
CVSS Score
5.5
EPSS Score
0.001
Published
2018-05-30
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-05-30
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.
CVSS Score
7.8
EPSS Score
0.397
Published
2018-05-30
Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp.
CVSS Score
9.8
EPSS Score
0.014
Published
2018-05-29
The compat_get_timex function in kernel/compat.c in the Linux kernel before 4.16.9 allows local users to obtain sensitive information from kernel memory via adjtimex.
CVSS Score
5.5
EPSS Score
0.015
Published
2018-05-28
The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kernel through 4.16.12 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact because sense buffers have different sizes at the CDROM layer and the SCSI layer, as demonstrated by a CDROMREADMODE2 ioctl call.
CVSS Score
7.8
EPSS Score
0.001
Published
2018-05-28
The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain "Private->RunningCode - 2" array index is not checked. This will lead to a denial of service or possibly unspecified other impact.
CVSS Score
8.8
EPSS Score
0.002
Published
2018-05-26
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c.
CVSS Score
8.8
EPSS Score
0.003
Published
2018-05-25
In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode.
CVSS Score
5.9
EPSS Score
0.112
Published
2018-05-24