CVE-2019-19451

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions GNOME Dia versions prior to 2019-11-27

Description The issue occurs when GNOME Dia is launched with a filename argument that is not a valid codepoint in the current encoding, causing it to enter an endless loop and write text to stdout. If launched from a thumbnailer service, this output can be written to disk via the system's logging facility, potentially with elevated privileges, leading to disk fill-up and system unavailability. The filename can be for a nonexistent file.

Recommendations For versions prior to 2019-11-27, update to a version released after 2019-11-27 to resolve the issue.

Fix

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-835

Related Identifiers

ALT-PU-2020-2915

ALT-PU-2020-2924

ALT-PU-2022-1933

CVE-2019-19451

MGASA-2020-0022

OPENSUSE-SU-2020:0021-1

OPENSUSE-SU-2020_0021-1

SUSE-SU-2019:3390-1

SUSE-SU-2019:3391-1

SUSE-SU-2019_3390-1

Affected Products

Alt Linux

Debian

Gnome Dia

Suse

CVE-2019-19451

Weakness Enumeration

Related Identifiers

Affected Products

References · 23