Fedoraproject: >> Fedora >> 30 Security Vulnerabilities
OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation.
CVSS Score
7.5
EPSS Score
0.012
Published
2020-01-13
Use after free in audio in Google Chrome prior to 79.0.3945.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS Score
8.8
EPSS Score
0.029
Published
2020-01-10
Use after free in media picker in Google Chrome prior to 79.0.3945.88 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
CVSS Score
8.8
EPSS Score
0.074
Published
2020-01-10
GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxy_addr field is mishandled. This bug is timing-dependent and may occur only sporadically depending on network delays. The greatest security relevance is in use cases where a proxy is used to help with privacy/anonymity, even though there is no technical barrier to a direct connection. NOTE: versions before 2.60 are unaffected.
CVSS Score
5.9
EPSS Score
0.006
Published
2020-01-09
A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-01-08
There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows running 32-bit Python, this results in an OverflowError or MemoryError due to the 2 GB limit. However, on Linux running 64-bit Python this results in the process being terminated by the OOM killer.
CVSS Score
7.5
EPSS Score
0.01
Published
2020-01-05
libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc.
CVSS Score
8.8
EPSS Score
0.006
Published
2020-01-03
libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow.
CVSS Score
9.8
EPSS Score
0.013
Published
2020-01-03
libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow.
CVSS Score
9.8
EPSS Score
0.017
Published
2020-01-03
libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow.
CVSS Score
7.1
EPSS Score
0.006
Published
2020-01-03