CVE-2019-19004

Beschreibung:
A biWidth*biBitCnt integer overflow in input-bmp.c in autotrace 0.31.1 allows attackers to provide an unexpected input value to malloc via a malformed bitmap image.

CWE: CWE-190

CVSS-Bewertung
CVSS 2: MEDIUM – 4.3 (Version: 2.0)
CVSS 3: LOW – 3.3 (Version: 3.1)

Links:

NVD – CVE-2019-19004
CVE – CVE-2019-19004

Link (max. 20) Quelle Tags
https://github.com/autotrace/autotrace/commits/master MISC Patch Third Party Advisory
https://github.com/autotrace/autotrace/commits/master/src/input-bmp.c MISC Patch Third Party Advisory Third Party Advisory
https://github.com/autotrace/autotrace/pull/40 CONFIRM Patch Third Party Advisory
FEDORA-2021-cb871c9e6c FEDORA Mailing List Vendor Advisory
[hbase-issues] 20210215 [GitHub] [hbase] pankaj72981 commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 MLIST Mailing List Vendor Advisory
[hbase-issues] 20210215 [GitHub] [hbase] pankaj72981 edited a comment on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 MLIST Mailing List Vendor Advisory
[hbase-issues] 20210215 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949 MLIST Mailing List Vendor Advisory
[hbase-issues] 20210215 [GitHub] [hbase] apurtell edited a comment on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 MLIST Mailing List Vendor Advisory
[hbase-issues] 20210215 [GitHub] [hbase] apurtell commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 MLIST Mailing List Vendor Advisory
[hbase-issues] 20210216 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949 MLIST Mailing List Vendor Advisory
[thrift-user] 20210217 Apache Thrift 0.14.0 Release not on Maven central MLIST Mailing List Vendor Advisory
[thrift-user] 20210224 Re: [SECURITY] CVE-2020-13949 Announcement MLIST Mailing List Vendor Advisory
[hbase-issues] 20210301 [GitHub] [hbase] Apache-HBase commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 MLIST Exploit Mailing List Vendor Advisory
[hbase-issues] 20210302 [GitHub] [hbase] Apache-HBase commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 MLIST Exploit Mailing List Vendor Advisory
[hbase-issues] 20210302 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949 MLIST Mailing List Vendor Advisory
[hbase-issues] 20210302 [jira] [Updated] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949 MLIST Mailing List Vendor Advisory
[hbase-issues] 20210302 [GitHub] [hbase] Apache9 commented on a change in pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 MLIST Mailing List Vendor Advisory
[hbase-issues] 20210302 [GitHub] [hbase] pankaj72981 commented on a change in pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 MLIST Mailing List Vendor Advisory
[hbase-issues] 20210303 [GitHub] [hbase] Apache-HBase commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 MLIST Mailing List Vendor Advisory
[hbase-issues] 20210308 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949 MLIST Mailing List Vendor Advisory

Quelle: NVD – CVE-2019-19004
Datum Veröffentlichung: 2021-02-11T21:15Z, Datum letzte Änderung: 2021-05-10T03:15Z