Ren Kimura

#14264de 53,635
18.8CVSS total
Vulnerabilidades · 3
Média
2
Alta
1
PT-2019-13559
5.5
2019-07-24
Mpg321 · Mpg321 · CVE-2019-14247
**Name of the Vulnerable Software and Affected Versions** mpg321 version 0.3.2 **Description** The issue allows remote attackers to trigger an out-of-bounds write via a zero bitrate in an MP3 file, specifically through the `scan()` function in mad.c. **Recommendations** For mpg321 version 0.3.2, consider avoiding the use of the `scan()` function until a patch is available, or refrain from processing MP3 files with a zero bitrate to minimize the risk of exploitation.
PT-2019-2955
5.5
2019-06-18
Netwide · Netwide Assembler · CVE-2019-14248
**Name of the Vulnerable Software and Affected Versions** Netwide Assembler (NASM) versions 2.14.xx **Description** The issue is related to a NULL pointer dereference in the libnasm.a component of the Netwide Assembler (NASM). This can be triggered when the "%pragma limit" is mishandled, specifically in the process pragma, search pragma list, and nasm set limit functions. Exploitation of this issue may allow an attacker to cause a denial of service. **Recommendations** For Netwide Assembler (NASM) versions 2.14.xx, consider avoiding the use of the "%pragma limit" directive until a patch is available. As a temporary workaround, restrict the use of the affected functions process pragma, search pragma list, and nasm set limit to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2019-6394
7.8
2019-06-18
Gnu · Gnu Binutils · CVE-2019-14250
**Name of the Vulnerable Software and Affected Versions** GNU Binutils version 2.32 **Description** The issue is related to an integer overflow in the simple object elf match function of the libiberty component in simple-object-elf.c. This can lead to a heap-based buffer overflow. The exploitation of this issue allows a remote attacker to cause a denial of service. **Recommendations** For GNU Binutils version 2.32, consider updating to a newer version that contains a fix for this issue, as the current version is affected by an integer overflow in the `simple object elf match` function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.