Gnu: Security Vulnerabilities
GNU LibreDWG 0.12.3.4163 through 0.12.3.4191 has a double-free in bit_chain_free (called from dwg_encode_MTEXT and dwg_encode_add_object).
CVSS Score
8.8
EPSS Score
0.013
Published
2021-07-01
A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash.
CVSS Score
7.5
EPSS Score
0.024
Published
2021-06-02
A NULL-pointer deference issue was discovered in GNU_gama::set() in ellipsoid.h in Gama 2.04 which can lead to a denial of service (DOS) via segment faults caused by crafted inputs.
CVSS Score
7.5
EPSS Score
0.013
Published
2021-05-28
An out of bounds flaw was found in GNU binutils objdump utility version 2.36. An attacker could use this flaw and pass a large section to avr_elf32_load_records_from_section() probably resulting in a crash or in some cases memory corruption. The highest threat from this vulnerability is to integrity as well as system availability.
CVSS Score
7.1
EPSS Score
0.01
Published
2021-05-26
The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact.
CVSS Score
9.8
EPSS Score
0.029
Published
2021-05-25
A heap-based buffer overflow vulnerability exists in LibreDWG 0.10.1 via the read_system_page function at libredwg-0.10.1/src/decode_r2007.c:666:5, which causes a denial of service by submitting a dwg file.
CVSS Score
5.5
EPSS Score
0.006
Published
2021-05-18
Use-after-Free vulnerability in cflow 1.6 in the void call(char *name, int line) function at src/parser.c, which could cause a denial of service via the pointer variable caller->callee.
CVSS Score
5.5
EPSS Score
0.004
Published
2021-05-18
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_handles ../../src/decode.c:2637.
CVSS Score
8.8
EPSS Score
0.012
Published
2021-05-17
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_revhistory ../../src/decode.c:3051.
CVSS Score
8.8
EPSS Score
0.012
Published
2021-05-17
A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_read_RC ../../src/bits.c:318.
CVSS Score
8.8
EPSS Score
0.012
Published
2021-05-17