Created
August 24, 2023 03:18
-
-
Save huanglei3/ec9090096aa92445cf0a8baa8e929084 to your computer and use it in GitHub Desktop.
Notify CVE about a publication
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[CVE ID] | |
CVE-2023-39741 | |
[Vulnerability Type] | |
> Buffer Overflow | |
> | |
> ------------------------------------------ | |
> | |
> [Vendor of Product] | |
> the development group | |
> | |
> ------------------------------------------ | |
> | |
> [Affected Product Code Base] | |
> lrzip - 0.651 | |
> | |
> ------------------------------------------ | |
> | |
> [Affected Component] | |
> lrzip 0.651 | |
> | |
> ------------------------------------------ | |
> | |
> [Impact Denial of Service] | |
> true | |
> | |
> ------------------------------------------ | |
> | |
> [Attack Vectors] | |
> a crafted file | |
> [Suggested description] | |
>lrzip v0.651 was discovered to contain a heap overflow via the libzpaq::PostProcessor::write(int) function at /libzpaq/libzpaq.cpp. | |
This vulnerability allows attackers to cause a Denial of Service (DoS)> via a crafted file. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
>[CVE ID] | |
>CVE-2023-39742 | |
> ------------------------------------------ | |
> | |
> [Vulnerability Type] | |
> Buffer Overflow | |
> | |
> ------------------------------------------ | |
> | |
> [Vendor of Product] | |
> the development group | |
> | |
> ------------------------------------------ | |
> | |
> [Affected Product Code Base] | |
> giflib - 5.2.1 | |
> | |
> ------------------------------------------ | |
> | |
> [Affected Component] | |
> giflib | |
> | |
> ------------------------------------------ | |
> | |
> [Attack Type] | |
> Local | |
> | |
> ------------------------------------------ | |
> | |
> [Impact Denial of Service] | |
> true | |
> | |
> ------------------------------------------ | |
> | |
> [Attack Vectors] | |
> invalid args | |
> | |
> ------------------------------------------ | |
> | |
> [Reference] | |
> https://sourceforge.net/p/giflib/bugs/166/ | |
> | |
> ------------------------------------------ | |
> [Suggested description] | |
> giflib v5.2.1 was discovered to contain a segmentation fault via the component getarg.c. | |
> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[CVE ID] | |
CVE-2023-39743 | |
> ------------------------------------------ | |
> | |
> [VulnerabilityType Other] | |
> Access Violation | |
> | |
> ------------------------------------------ | |
> | |
> [Vendor of Product] | |
> the development group | |
> | |
> ------------------------------------------ | |
> | |
> [Affected Product Code Base] | |
> lrzip-next - LZMA 23.01 | |
> | |
> ------------------------------------------ | |
> | |
> [Affected Component] | |
> lrzip-next | |
> | |
> ------------------------------------------ | |
> | |
> [Impact Denial of Service] | |
> true | |
> | |
> ------------------------------------------ | |
> | |
> [Attack Vectors] | |
> a crafted lrz file | |
> | |
> ------------------------------------------ | |
> | |
> [Reference] | |
> https://github.com/huanglei3/lrzip-next-poc/tree/main | |
> https://github.com/pete4abw/lrzip-next/issues/132 | |
> | |
> ------------------------------------------ | |
> [Suggested description] | |
> lrzip-next LZMA v23.01 was discovered to contain an access violation via the component /bz3_decode_block src/libbz3.c. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment