GitLab

Created by: armorcodegithubpreprod[bot]

Findings for Container Security, Low, [TheRedHatter/javagoof:Dockerfile]:NULL Pointer Dereference

Component Details

• Exploit Maturity: no-known-exploit
• Vulnerable Package: -
• Current Version: -
• Vulnerable Version(s): >*
• Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream tiff package.

An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c.

References

• CVE Details
• Debian Security Tracker
• MISC
• MLIST
• RHSA Security Advisory
• Security Focus
• Ubuntu CVE Tracker
• Ubuntu Security Advisory

Origin : null Type : null Image Id : null

Snyk Project Status: Active

---

---

Component Details

• Exploit Maturity: no-known-exploit
• Vulnerable Package: -
• Current Version: -
• Vulnerable Version(s): >*
• Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream libxkbcommon package.

Unchecked NULL pointer usage in LookupModMask in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with invalid virtual modifiers.

References

• Debian Security Tracker
• Gentoo Security Advisory
• GitHub Commit
• MISC
• RHSA Security Advisory
• Ubuntu CVE Tracker
• Ubuntu Security Advisory
• Ubuntu Security Advisory

Origin : null Type : null Image Id : null

Snyk Project Status: Active

---

---

Component Details

• Exploit Maturity: no-known-exploit
• Vulnerable Package: -
• Current Version: -
• Vulnerable Version(s): >*
• Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream libxkbcommon package.

Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because geometry tokens were desupported incorrectly.

References

• Debian Security Tracker
• Gentoo Security Advisory
• GitHub Commit
• MISC
• RHSA Security Advisory
• Ubuntu CVE Tracker
• Ubuntu Security Advisory
• Ubuntu Security Advisory

Origin : null Type : null Image Id : null

Snyk Project Status: Active

---

---

Component Details

• Exploit Maturity: no-known-exploit
• Vulnerable Package: -
• Current Version: -
• Vulnerable Version(s): >*
• Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream libxkbcommon package.

Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because the XkbFile for an xkb_geometry section was mishandled.

References

• Debian Security Tracker
• Gentoo Security Advisory
• GitHub Commit
• MISC
• RHSA Security Advisory
• Ubuntu CVE Tracker
• Ubuntu Security Advisory
• Ubuntu Security Advisory

Origin : null Type : null Image Id : null

Snyk Project Status: Active

---

---

Component Details

• Exploit Maturity: no-known-exploit
• Vulnerable Package: -
• Current Version: -
• Vulnerable Version(s): >*
• Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream cairo package.

Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.

References

• Debian Security Tracker
• https://bugs.freedesktop.org/show_bug.cgi?id=100763
• MLIST
• Oss-Sec Mailing List
• RedHat Bugzilla Bug
• Ubuntu CVE Tracker

Origin : null Type : null Image Id : null

Snyk Project Status: Active

---

---

Component Details

• Exploit Maturity: no-known-exploit
• Vulnerable Package: -
• Current Version: -
• Vulnerable Version(s): >*
• Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream libxkbcommon package.

Unchecked NULL pointer usage when handling invalid aliases in CopyKeyAliasesToKeymap in xkbcomp/keycodes.c in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file.

References

• Debian Security Tracker
• Gentoo Security Advisory
• GitHub Commit
• MISC
• Ubuntu CVE Tracker
• Ubuntu Security Advisory
• Ubuntu Security Advisory

Origin : null Type : null Image Id : null

Snyk Project Status: Active

---

---

Component Details

• Exploit Maturity: no-known-exploit
• Vulnerable Package: -
• Current Version: -
• Vulnerable Version(s): >*
• Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream tiff package.

LibTIFF 4.0.9 has a NULL pointer dereference in the jpeg_fdct_16x16 function in jfdctint.c.

References

• Debian Security Tracker
• MISC
• MLIST
• Ubuntu CVE Tracker

Origin : null Type : null Image Id : null

Snyk Project Status: Active

---

---

Component Details

• Exploit Maturity: no-known-exploit
• Vulnerable Package: -
• Current Version: -
• Vulnerable Version(s): >*
• Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream ncurses package.

In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a "dubious character `*' in name or alias field" detection.

References

• Debian Security Tracker
• RedHat Bugzilla Bug

Origin : null Type : null Image Id : null

Snyk Project Status: Active

---

---

Component Details

• Exploit Maturity: no-known-exploit
• Vulnerable Package: -
• Current Version: -
• Vulnerable Version(s): >*
• Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream libxkbcommon package.

Unchecked NULL pointer usage in resolve_keysym in xkbcomp/parser.y in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because a map access attempt can occur for a map that was never created.

References

• Debian Security Tracker
• Gentoo Security Advisory
• GitHub Commit
• MISC
• RHSA Security Advisory
• Ubuntu CVE Tracker
• Ubuntu Security Advisory
• Ubuntu Security Advisory

Origin : null Type : null Image Id : null

Snyk Project Status: Active

---

---

Component Details

• Exploit Maturity: no-known-exploit
• Vulnerable Package: -
• Current Version: -
• Vulnerable Version(s): >*
• Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream libxkbcommon package.

Unchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file that triggers an xkb_intern_atom failure.

References

• Debian Security Tracker
• Gentoo Security Advisory
• GitHub Commit
• MISC
• RHSA Security Advisory
• Ubuntu CVE Tracker
• Ubuntu Security Advisory
• Ubuntu Security Advisory

Origin : null Type : null Image Id : null

Snyk Project Status: Active

---

---

Component Details

• Exploit Maturity: no-known-exploit
• Vulnerable Package: -
• Current Version: -
• Vulnerable Version(s): >*
• Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream libsndfile package.

An issue was discovered in libsndfile 1.0.28. There is a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a denial of service.

References

• Debian Security Announcement
• Debian Security Tracker
• GitHub Issue
• Security Focus
• Ubuntu CVE Tracker
• Ubuntu Security Advisory

Origin : null Type : null Image Id : null

Snyk Project Status: Active

---

---

Component Details

• Exploit Maturity: no-known-exploit
• Vulnerable Package: -
• Current Version: -
• Vulnerable Version(s): >*
• Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream libjpeg-turbo package.

libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file.

References

• CVE Details
• Debian Security Tracker
• GitHub Issue
• GitHub PR
• Ubuntu CVE Tracker
• Ubuntu Security Advisory

Origin : null Type : null Image Id : null

Snyk Project Status: Active

---

---

Component Details

• Exploit Maturity: no-known-exploit
• Vulnerable Package: -
• Current Version: -
• Vulnerable Version(s): >*
• Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream tar package.

pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.

References

• Debian Security Tracker
• MISC
• MISC
• MISC
• MLIST
• MLIST
• OpenSuse Security Announcement
• Ubuntu CVE Tracker

Origin : null Type : null Image Id : null

Snyk Project Status: Active

---

---

Component Details

• Exploit Maturity: no-known-exploit
• Vulnerable Package: -
• Current Version: -
• Vulnerable Version(s): >*
• Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream libxkbcommon package.

Unchecked NULL pointer usage in ResolveStateAndPredicate in xkbcomp/compat.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with a no-op modmask expression.

References

• Debian Security Tracker
• Gentoo Security Advisory
• GitHub Commit
• MISC
• RHSA Security Advisory
• Ubuntu CVE Tracker
• Ubuntu Security Advisory
• Ubuntu Security Advisory

Origin : null Type : null Image Id : null

Snyk Project Status: Active

---

---

Component Details

• Exploit Maturity: no-known-exploit
• Vulnerable Package: -
• Current Version: -
• Vulnerable Version(s): >*
• Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream gdk-pixbuf package.

gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to printing an error message.

References

• CVE Details
• Debian Security Tracker
• FEDORA
• FEDORA
• Gentoo Security Advisory
• http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html
• https://bugzilla.gnome.org/show_bug.cgi?id=778204
• OSS security Advisory
• OSS security Advisory
• Security Focus
• Ubuntu CVE Tracker

Origin : null Type : null Image Id : null

Snyk Project Status: Active

---

---

Component Details

• Exploit Maturity: no-known-exploit
• Vulnerable Package: -
• Current Version: -
• Vulnerable Version(s): >*
• Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream libxkbcommon package.

Unchecked NULL pointer usage when parsing invalid atoms in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because lookup failures are mishandled.

References

• Debian Security Tracker
• Gentoo Security Advisory
• GitHub Commit
• MISC
• RHSA Security Advisory
• Ubuntu CVE Tracker
• Ubuntu Security Advisory
• Ubuntu Security Advisory

Origin : null Type : null Image Id : null

Snyk Project Status: Active

---

---