Opensuse: Security Vulnerabilities
Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.
CVSS Score
7.5
EPSS Score
0.01
Published
2020-01-08
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in read_pages_map in decode_r2007.c.
CVSS Score
8.8
EPSS Score
0.006
Published
2020-01-08
GNU LibreDWG 0.9.3.2564 has an attempted excessive memory allocation in read_sections_map in decode_r2007.c.
CVSS Score
6.5
EPSS Score
0.005
Published
2020-01-08
GNU LibreDWG 0.9.3.2564 has a NULL pointer dereference in get_next_owned_entity in dwg.c.
CVSS Score
6.5
EPSS Score
0.006
Published
2020-01-08
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in copy_compressed_bytes in decode_r2007.c.
CVSS Score
8.1
EPSS Score
0.006
Published
2020-01-08
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bit_search_sentinel in bits.c.
CVSS Score
8.1
EPSS Score
0.006
Published
2020-01-08
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bfr_read in decode.c.
CVSS Score
8.1
EPSS Score
0.006
Published
2020-01-08
GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dynapi_entity_value in dynapi.c (dynapi.c is generated by gen-dynapi.pl).
CVSS Score
6.5
EPSS Score
0.007
Published
2020-01-08
When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.
CVSS Score
8.8
EPSS Score
0.006
Published
2020-01-08
nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a comparison for a symbol name from the string table (strtab).
CVSS Score
9.1
EPSS Score
0.024
Published
2020-01-08