Skip to content

GitLab

Open
Created by Administrator@rootMaintainer

Findings for Container Security, High, [TheRedHatter/javagoof:exploits/tomcat-rce/Dockerfile]:Out-of-bounds Write

Created by: armorcodegithubpreprod[bot]

Findings for Container Security, High, [TheRedHatter/javagoof:exploits/tomcat-rce/Dockerfile]:Out-of-bounds Write

Component Details

  • Exploit Maturity: no-known-exploit
  • Vulnerable Package: -
  • Current Version: -
  • Vulnerable Version(s): >*
  • Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream libde265 package.

libde265 v1.0.4 contains a heap buffer overflow in the mc_luma function, which can be exploited via a crafted a file.

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

  • Exploit Maturity: no-known-exploit
  • Vulnerable Package: -
  • Current Version: -
  • Vulnerable Version(s): >*
  • Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream libde265 package.

libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma function, which can be exploited via a crafted a file.

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

  • Exploit Maturity: no-known-exploit
  • Vulnerable Package: -
  • Current Version: -
  • Vulnerable Version(s): >*
  • Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream openjpeg2 package.

An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the function t2_encode_packet in lib/openmj2/t2.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact.

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

  • Exploit Maturity: no-known-exploit
  • Vulnerable Package: -
  • Current Version: -
  • Vulnerable Version(s): >*
  • Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream libde265 package.

libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_pred_avg_16_fallback function, which can be exploited via a crafted a file.

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

  • Exploit Maturity: no-known-exploit
  • Vulnerable Package: -
  • Current Version: -
  • Vulnerable Version(s): >*
  • Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream libde265 package.

libde265 v1.0.4 contains a heap buffer overflow in the de265_image::available_zscan function, which can be exploited via a crafted a file.

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

  • Exploit Maturity: no-known-exploit
  • Vulnerable Package: -
  • Current Version: -
  • Vulnerable Version(s): >*
  • Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream libde265 package.

libde265 v1.0.4 contains a heap buffer overflow fault in the put_epel_16_fallback function, which can be exploited via a crafted a file.

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

  • Exploit Maturity: no-known-exploit
  • Vulnerable Package: -
  • Current Version: -
  • Vulnerable Version(s): >*
  • Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream openjpeg2 package.

In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtoimage function in jpwl/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

  • Exploit Maturity: no-known-exploit
  • Vulnerable Package: -
  • Current Version: -
  • Vulnerable Version(s): >*
  • Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream binutils package.

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c.

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

  • Exploit Maturity: no-known-exploit
  • Vulnerable Package: -
  • Current Version: -
  • Vulnerable Version(s): >*
  • Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream libde265 package.

libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unweighted_pred_8_sse function, which can be exploited via a crafted a file.

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

  • Exploit Maturity: no-known-exploit
  • Vulnerable Package: -
  • Current Version: -
  • Vulnerable Version(s): >*
  • Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream libde265 package.

libde265 v1.0.4 contains a heap buffer overflow in the put_epel_hv_fallback function, which can be exploited via a crafted a file.

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

  • Exploit Maturity: no-known-exploit
  • Vulnerable Package: -
  • Current Version: -
  • Vulnerable Version(s): >*
  • Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream binutils package.

The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for "Create an array for saving the template argument values") that can trigger a heap-based buffer overflow, as demonstrated by nm.

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

  • Exploit Maturity: no-known-exploit
  • Vulnerable Package: -
  • Current Version: -
  • Vulnerable Version(s): >*
  • Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream libde265 package.

libde265 v1.0.4 contains a heap buffer overflow in the put_qpel_0_0_fallback_16 function, which can be exploited via a crafted a file.

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

  • Exploit Maturity: no-known-exploit
  • Vulnerable Package: -
  • Current Version: -
  • Vulnerable Version(s): >*
  • Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream libde265 package.

libde265 v1.0.4 contains a heap buffer overflow fault in the _mm_loadl_epi64 function, which can be exploited via a crafted a file.

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

  • Exploit Maturity: no-known-exploit
  • Vulnerable Package: -
  • Current Version: -
  • Vulnerable Version(s): >*
  • Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream libde265 package.

libde265 v1.0.4 contains a stack buffer overflow in the put_qpel_fallback function, which can be exploited via a crafted a file.

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

  • Exploit Maturity: no-known-exploit
  • Vulnerable Package: -
  • Current Version: -
  • Vulnerable Version(s): >*
  • Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream libde265 package.

libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_bipred_16_fallback function, which can be exploited via a crafted a file.

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

  • Exploit Maturity: no-known-exploit
  • Vulnerable Package: -
  • Current Version: -
  • Vulnerable Version(s): >*
  • Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream openjpeg2 package.

An issue was discovered in OpenJPEG 2.3.0. Missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c can lead to a heap-based buffer overflow.

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

  • Exploit Maturity: no-known-exploit
  • Vulnerable Package: -
  • Current Version: -
  • Vulnerable Version(s): >*
  • Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream ncurses package.

An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

  • Exploit Maturity: no-known-exploit
  • Vulnerable Package: -
  • Current Version: -
  • Vulnerable Version(s): >*
  • Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream cairo package.

cairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c (the generate and render_rows functions) and cairo-image-compositor.c (the _cairo_image_spans_and_zero function).

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active