NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump.

Remediation

There is no fixed version for Debian:10 binutils.

References

• https://security-tracker.debian.org/tracker/CVE-2018-12699
• https://security.gentoo.org/glsa/201908-01
• https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102
• https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454
• https://sourceware.org/bugzilla/show_bug.cgi?id=23057
• http://www.securityfocus.com/bid/104540
• https://usn.ubuntu.com/4336-1/
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-12699

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat.

Remediation

There is no fixed version for Debian:10 glibc.

References

• https://security-tracker.debian.org/tracker/CVE-2019-1010022
• https://sourceware.org/bugzilla/show_bug.cgi?id=22850
• https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3
• https://ubuntu.com/security/CVE-2019-1010022

NVD Description

Note: Versions mentioned in the description apply only to the upstream imagemagick package and not the imagemagick package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured.

Remediation

There is no fixed version for Debian:10 imagemagick.

References

• https://security-tracker.debian.org/tracker/CVE-2023-34152
• https://access.redhat.com/security/cve/CVE-2023-34152
• https://bugzilla.redhat.com/show_bug.cgi?id=2210659
• https://github.com/ImageMagick/ImageMagick/issues/6339
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V2ZUHZXQ2C3JZYKPW4XHCMVVL467MA2V/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UFQJCYJ23HWHNDOVKBHZQ7HCXXL6MM3/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UFQJCYJ23HWHNDOVKBHZQ7HCXXL6MM3/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2ZUHZXQ2C3JZYKPW4XHCMVVL467MA2V/

NVD Description

Note: Versions mentioned in the description apply only to the upstream libseccomp package and not the libseccomp package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators (LT, GT, LE, GE), which might able to lead to bypassing seccomp filters and potential privilege escalations.

Remediation

There is no fixed version for Debian:10 libseccomp.

References

• https://security-tracker.debian.org/tracker/CVE-2019-9893
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9893
• https://security.gentoo.org/glsa/201904-18
• https://github.com/seccomp/libseccomp/issues/139
• https://seclists.org/oss-sec/2019/q1/179
• https://access.redhat.com/errata/RHSA-2019:3624
• http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00022.html
• http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00027.html
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-9893
• https://usn.ubuntu.com/4001-1/
• https://usn.ubuntu.com/4001-2/

NVD Description

Note: Versions mentioned in the description apply only to the upstream openjpeg2 package and not the openjpeg2 package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. The output prefix was not checked for length, which could overflow a buffer, when providing a prefix with 50 or more characters on the command line.

Remediation

There is no fixed version for Debian:10 openjpeg2.

References

• https://security-tracker.debian.org/tracker/CVE-2018-7648
• https://github.com/kbabioch/openjpeg/commit/6d8c0c06ee32dc03ba80acd48334e98728e56cf5
• https://github.com/uclouvain/openjpeg/issues/1088
• https://github.com/uclouvain/openjpeg/commit/cc3824767bde397fedb8a1ae4786a222ba860c8d

NVD Description

Note: Versions mentioned in the description apply only to the upstream openjpeg2 package and not the openjpeg2 package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtoimage function in jpwl/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.

Remediation

There is no fixed version for Debian:10 openjpeg2.

References

• https://security-tracker.debian.org/tracker/CVE-2017-17479
• https://github.com/uclouvain/openjpeg/issues/1044
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-17479

NVD Description

Note: Versions mentioned in the description apply only to the upstream python2.7 package and not the python2.7 package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.

Remediation

There is no fixed version for Debian:10 python2.7.

References

• https://security-tracker.debian.org/tracker/CVE-2020-27619
• https://security.netapp.com/advisory/ntap-20201123-0004/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RSLQD5CCM75IZGAMBDGUZEATYU5YSGJ7/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGIY6I4YS3WOXAK4SXKIEOC2G4VZKIR7/
• https://bugs.python.org/issue41944
• https://github.com/python/cpython/commit/2ef5caa58febc8968e670e39e3d37cf8eef3cab8
• https://github.com/python/cpython/commit/43e523103886af66d6c27cd72431b5d9d14cd2a9
• https://github.com/python/cpython/commit/6c6c256df3636ff6f6136820afaefa5a10a3ac33
• https://github.com/python/cpython/commit/b664a1df4ee71d3760ab937653b10997081b1794
• https://github.com/python/cpython/commit/e912e945f2960029d039d3390ea08835ad39374b
• https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
• https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
• https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
• https://www.oracle.com/security-alerts/cpujul2022.html
• https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
• https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
• https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RSLQD5CCM75IZGAMBDGUZEATYU5YSGJ7/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGIY6I4YS3WOXAK4SXKIEOC2G4VZKIR7/
• https://security.gentoo.org/glsa/202402-04

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3.7 package and not the python3.7 package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.

Remediation

There is no fixed version for Debian:10 python3.7.

References

• https://security-tracker.debian.org/tracker/CVE-2020-27619
• https://security.netapp.com/advisory/ntap-20201123-0004/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RSLQD5CCM75IZGAMBDGUZEATYU5YSGJ7/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGIY6I4YS3WOXAK4SXKIEOC2G4VZKIR7/
• https://bugs.python.org/issue41944
• https://github.com/python/cpython/commit/2ef5caa58febc8968e670e39e3d37cf8eef3cab8
• https://github.com/python/cpython/commit/43e523103886af66d6c27cd72431b5d9d14cd2a9
• https://github.com/python/cpython/commit/6c6c256df3636ff6f6136820afaefa5a10a3ac33
• https://github.com/python/cpython/commit/b664a1df4ee71d3760ab937653b10997081b1794
• https://github.com/python/cpython/commit/e912e945f2960029d039d3390ea08835ad39374b
• https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
• https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
• https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
• https://www.oracle.com/security-alerts/cpujul2022.html
• https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
• https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
• https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RSLQD5CCM75IZGAMBDGUZEATYU5YSGJ7/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGIY6I4YS3WOXAK4SXKIEOC2G4VZKIR7/
• https://security.gentoo.org/glsa/202402-04

NVD Description

Note: Versions mentioned in the description apply only to the upstream sqlite3 package and not the sqlite3 package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.

Remediation

There is no fixed version for Debian:10 sqlite3.

References

• https://security-tracker.debian.org/tracker/CVE-2020-11656
• https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc
• https://security.gentoo.org/glsa/202007-26
• https://www3.sqlite.org/cgi/src/info/b64674919f673602
• https://www.oracle.com/security-alerts/cpuApr2021.html
• https://www.oracle.com/security-alerts/cpujan2021.html
• https://www.oracle.com/security-alerts/cpujul2020.html
• https://www.oracle.com/security-alerts/cpuoct2020.html
• https://www.sqlite.org/src/info/d09f8c3621d5f7f8
• https://security.netapp.com/advisory/ntap-20200416-0001/
• https://www.tenable.com/security/tns-2021-14
• https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

NVD Description

Note: Versions mentioned in the description apply only to the upstream tar package and not the tar package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.

Remediation

There is no fixed version for Debian:10 tar.

References

• https://security-tracker.debian.org/tracker/CVE-2005-2541
• http://marc.info/?l=bugtraq&m=112327628230258&w=2
• https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E
• https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E

NVD Description

Note: Versions mentioned in the description apply only to the upstream tiff package and not the tiff package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

In LibTIFF 4.0.7, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, leading to a heap-based buffer over-read in bmp2tiff.

Remediation

There is no fixed version for Debian:10 tiff.

References

• https://security-tracker.debian.org/tracker/CVE-2017-9117
• http://bugzilla.maptools.org/show_bug.cgi?id=2690
• http://www.securityfocus.com/bid/98581
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9117
• https://usn.ubuntu.com/3606-1/

NVD Description

Note: Versions mentioned in the description apply only to the upstream unbound package and not the unbound package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited

Remediation

There is no fixed version for Debian:10 unbound.

References

• https://security-tracker.debian.org/tracker/CVE-2019-25034
• https://security.netapp.com/advisory/ntap-20210507-0007/
• https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/
• https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html

NVD Description

Note: Versions mentioned in the description apply only to the upstream unbound package and not the unbound package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited

Remediation

There is no fixed version for Debian:10 unbound.

References

• https://security-tracker.debian.org/tracker/CVE-2019-25032
• https://security.netapp.com/advisory/ntap-20210507-0007/
• https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/
• https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html

NVD Description

Note: Versions mentioned in the description apply only to the upstream unbound package and not the unbound package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited

Remediation

There is no fixed version for Debian:10 unbound.

References

• https://security-tracker.debian.org/tracker/CVE-2019-25038
• https://security.netapp.com/advisory/ntap-20210507-0007/
• https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/
• https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html

NVD Description

Note: Versions mentioned in the description apply only to the upstream unbound package and not the unbound package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited

Remediation

There is no fixed version for Debian:10 unbound.

References

• https://security-tracker.debian.org/tracker/CVE-2019-25033
• https://security.netapp.com/advisory/ntap-20210507-0007/
• https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/
• https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html

NVD Description

Note: Versions mentioned in the description apply only to the upstream unbound package and not the unbound package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited

Remediation

There is no fixed version for Debian:10 unbound.

References

• https://security-tracker.debian.org/tracker/CVE-2019-25039
• https://security.netapp.com/advisory/ntap-20210507-0007/
• https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/
• https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html

NVD Description

Note: Versions mentioned in the description apply only to the upstream unbound package and not the unbound package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited

Remediation

There is no fixed version for Debian:10 unbound.

References

• https://security-tracker.debian.org/tracker/CVE-2019-25035
• https://security.netapp.com/advisory/ntap-20210507-0007/
• https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/
• https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html

NVD Description

Note: Versions mentioned in the description apply only to the upstream unbound package and not the unbound package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited

Remediation

There is no fixed version for Debian:10 unbound.

References

• https://security-tracker.debian.org/tracker/CVE-2019-25042
• https://security.netapp.com/advisory/ntap-20210507-0007/
• https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/
• https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to system memory or cause a denial of service.

Remediation

There is no fixed version for Debian:10 binutils.

References

• https://security-tracker.debian.org/tracker/CVE-2020-19726
• https://sourceware.org/bugzilla/show_bug.cgi?id=26240
• https://sourceware.org/bugzilla/show_bug.cgi?id=26241

NVD Description

Note: Versions mentioned in the description apply only to the upstream git package and not the git package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).

Remediation

There is no fixed version for Debian:10 git.

References

• https://security-tracker.debian.org/tracker/CVE-2018-1000021
• http://www.batterystapl.es/2018/01/security-implications-of-ansi-escape.html
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-1000021

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat.

Remediation

There is no fixed version for Debian:10 glibc.

References

• https://security-tracker.debian.org/tracker/CVE-2019-1010023
• https://support.f5.com/csp/article/K11932200?utm_source=f5support&utm_medium=RSS
• https://sourceware.org/bugzilla/show_bug.cgi?id=22851
• http://www.securityfocus.com/bid/109167
• https://ubuntu.com/security/CVE-2019-1010023
• https://support.f5.com/csp/article/K11932200?utm_source=f5support&amp%3Butm_medium=RSS

NVD Description

Note: Versions mentioned in the description apply only to the upstream libheif package and not the libheif package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

Floating point exception in function Fraction in libheif 1.4.0, allows attackers to cause a Denial of Service or possibly other unspecified impacts.

Remediation

There is no fixed version for Debian:10 libheif.

References

• https://security-tracker.debian.org/tracker/CVE-2020-19498
• https://github.com/strukturag/libheif/commit/2710c930918609caaf0a664e9c7bc3dce05d5b58
• https://github.com/strukturag/libheif/issues/139

NVD Description

Note: Versions mentioned in the description apply only to the upstream libheif package and not the libheif package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

An issue was discovered in heif::Box_iref::get_references in libheif 1.4.0, allows attackers to cause a Denial of Service or possibly other unspecified impact due to an invalid memory read.

Remediation

There is no fixed version for Debian:10 libheif.

References

• https://security-tracker.debian.org/tracker/CVE-2020-19499
• https://github.com/strukturag/libheif/commit/f7399b62d7fbc596f1b2871578c1d2053bedf1dd
• https://github.com/strukturag/libheif/issues/138

NVD Description

Note: Versions mentioned in the description apply only to the upstream libjpeg-turbo package and not the libjpeg-turbo package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

Libjpeg-turbo all version have a stack-based buffer overflow in the "transform" component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary code execution or denial of service of the target service.

Remediation

There is no fixed version for Debian:10 libjpeg-turbo.

References

• https://security-tracker.debian.org/tracker/CVE-2020-17541
• https://github.com/libjpeg-turbo/libjpeg-turbo/issues/392
• https://cwe.mitre.org/data/definitions/121.html

NVD Description

Note: Versions mentioned in the description apply only to the upstream libpng1.6 package and not the libpng1.6 package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the function get_token in pnm2png.c in pnm2png.

Remediation

There is no fixed version for Debian:10 libpng1.6.

References

• https://security-tracker.debian.org/tracker/CVE-2018-14550
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14550
• https://security.gentoo.org/glsa/201908-02
• https://github.com/fouzhe/security/tree/master/libpng#stack-buffer-overflow-in-png2pnm-in-function-get_token
• https://github.com/glennrp/libpng/issues/246
• https://www.oracle.com/security-alerts/cpuApr2021.html
• https://www.oracle.com/security-alerts/cpuoct2021.html
• https://security.netapp.com/advisory/ntap-20221028-0001/

NVD Description

Note: Versions mentioned in the description apply only to the upstream libwmf package and not the libwmf package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information.

Remediation

There is no fixed version for Debian:10 libwmf.

References

• https://security-tracker.debian.org/tracker/CVE-2009-3546
• http://marc.info/?l=oss-security&m=125562113503923&w=2
• http://svn.php.net/viewvc?view=revision&revision=289557
• http://www.vupen.com/english/advisories/2009/2929
• http://www.vupen.com/english/advisories/2009/2930
• http://www.openwall.com/lists/oss-security/2009/11/20/5
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11199
• http://secunia.com/advisories/37069
• http://secunia.com/advisories/37080
• http://secunia.com/advisories/38055
• http://www.securityfocus.com/bid/36712
• http://www.mandriva.com/security/advisories?name=MDVSA-2009:285
• http://www.redhat.com/support/errata/RHSA-2010-0003.html
• https://access.redhat.com/errata/RHSA-2010:0003
• https://access.redhat.com/errata/RHSA-2010:0040
• https://access.redhat.com/security/cve/CVE-2009-3546
• https://bugzilla.redhat.com/show_bug.cgi?id=529213

NVD Description

Note: Versions mentioned in the description apply only to the upstream openjpeg2 package and not the openjpeg2 package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow.

Remediation

There is no fixed version for Debian:10 openjpeg2.

References

• https://security-tracker.debian.org/tracker/CVE-2016-9580
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9580
• https://security.gentoo.org/glsa/201710-26
• https://github.com/szukw000/openjpeg/commit/cadff5fb6e73398de26a92e96d3d7cac893af255
• https://github.com/uclouvain/openjpeg/issues/871
• https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9580
• http://www.securityfocus.com/bid/94822

NVD Description

Note: Versions mentioned in the description apply only to the upstream openjpeg2 package and not the openjpeg2 package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2.

Remediation

There is no fixed version for Debian:10 openjpeg2.

References

• https://security-tracker.debian.org/tracker/CVE-2016-9581
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9581
• https://security.gentoo.org/glsa/201710-26
• https://github.com/szukw000/openjpeg/commit/cadff5fb6e73398de26a92e96d3d7cac893af255
• https://github.com/uclouvain/openjpeg/issues/872
• https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9581
• http://www.securityfocus.com/bid/94822

NVD Description

Note: Versions mentioned in the description apply only to the upstream openjpeg2 package and not the openjpeg2 package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

An issue was discovered in OpenJPEG 2.3.0. Missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c can lead to a heap-based buffer overflow.

Remediation

There is no fixed version for Debian:10 openjpeg2.

References

• https://security-tracker.debian.org/tracker/CVE-2018-16375
• https://github.com/uclouvain/openjpeg/issues/1126
• http://www.securityfocus.com/bid/105266
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-16375

NVD Description

Note: Versions mentioned in the description apply only to the upstream openjpeg2 package and not the openjpeg2 package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the function t2_encode_packet in lib/openmj2/t2.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact.

Remediation

There is no fixed version for Debian:10 openjpeg2.

References

• https://security-tracker.debian.org/tracker/CVE-2018-16376
• https://github.com/uclouvain/openjpeg/issues/1127
• http://www.securityfocus.com/bid/105262
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-16376

NVD Description

Note: Versions mentioned in the description apply only to the upstream python2.7 package and not the python2.7 package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that exploitation is impossible because the code relies on subprocess.Popen and the default shell=False setting

Remediation

There is no fixed version for Debian:10 python2.7.

References

• https://security-tracker.debian.org/tracker/CVE-2017-17522
• https://bugs.python.org/issue32367
• http://www.securityfocus.com/bid/102207

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3.7 package and not the python3.7 package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that exploitation is impossible because the code relies on subprocess.Popen and the default shell=False setting

Remediation

There is no fixed version for Debian:10 python3.7.

References

• https://security-tracker.debian.org/tracker/CVE-2017-17522
• https://bugs.python.org/issue32367
• http://www.securityfocus.com/bid/102207

NVD Description

Note: Versions mentioned in the description apply only to the upstream tiff package and not the tiff package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in DoS or code execution via a crafted bmp image to tools/bmp2tiff.

Remediation

There is no fixed version for Debian:10 tiff.

References

• https://security-tracker.debian.org/tracker/CVE-2017-5563
• https://security.gentoo.org/glsa/201709-27
• http://bugzilla.maptools.org/show_bug.cgi?id=2664
• http://www.securityfocus.com/bid/95705
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-5563
• https://usn.ubuntu.com/3606-1/

NVD Description

Note: Versions mentioned in the description apply only to the upstream tiff package and not the tiff package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-party report of inability to reproduce this issue

Remediation

There is no fixed version for Debian:10 tiff.

References

• https://security-tracker.debian.org/tracker/CVE-2017-17973
• http://bugzilla.maptools.org/show_bug.cgi?id=2769
• https://bugzilla.novell.com/show_bug.cgi?id=1074318
• https://bugzilla.redhat.com/show_bug.cgi?id=1530912
• http://www.securityfocus.com/bid/102331

NVD Description

Note: Versions mentioned in the description apply only to the upstream python-defaults package and not the python-defaults package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) in Python 2.4.5 might allow local users to overwrite arbitrary files via a symlink attack on a tmp$RANDOM.tmp temporary file. NOTE: there may not be common usage scenarios in which tmp$RANDOM.tmp is located in an untrusted directory.

Remediation

There is no fixed version for Debian:10 python-defaults.

References

• http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498899
• https://security-tracker.debian.org/tracker/CVE-2008-4108
• http://marc.info/?l=oss-security&m=122148330903513&w=2
• http://marc.info/?l=oss-security&m=122152861617434&w=2
• http://securityreason.com/securityalert/4274
• http://www.vupen.com/english/advisories/2008/2659
• http://xforce.iss.net/xforce/xfdb/45161
• https://bugzilla.redhat.com/show_bug.cgi?id=462326
• http://www.securityfocus.com/bid/31184
• http://www.securitytracker.com/id?1020904
• https://exchange.xforce.ibmcloud.com/vulnerabilities/45161

NVD Description

Note: Versions mentioned in the description apply only to the upstream libheif package and not the libheif package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

Buffer overflow vulnerability in function convert_colorspace in heif_colorconversion.cc in libheif v1.6.2, allows attackers to cause a denial of service and disclose sensitive information, via a crafted HEIF file.

Remediation

There is no fixed version for Debian:10 libheif.

References

• https://security-tracker.debian.org/tracker/CVE-2020-23109
• https://github.com/strukturag/libheif/issues/207

NVD Description

Note: Versions mentioned in the description apply only to the upstream lz4 package and not the lz4 package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states "only a few specific / uncommon usages of the API are at risk."

Remediation

There is no fixed version for Debian:10 lz4.

References

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17543
• https://security-tracker.debian.org/tracker/CVE-2019-17543
• https://lists.apache.org/thread.html/25015588b770d67470b7ba7ea49a305d6735dd7f00eabe7d50ec1e17@%3Cissues.arrow.apache.org%3E
• https://lists.apache.org/thread.html/793012683dc0fa6819b7c2560e6cf990811014c40c7d75412099c357@%3Cissues.arrow.apache.org%3E
• https://lists.apache.org/thread.html/9ff0606d16be2ab6a81619e1c9e23c3e251756638e36272c8c8b7fa3@%3Cissues.arrow.apache.org%3E
• https://lists.apache.org/thread.html/f0038c4fab2ee25aee849ebeff6b33b3aa89e07ccfb06b5c87b36316@%3Cissues.arrow.apache.org%3E
• https://lists.apache.org/thread.html/f506bc371d4a068d5d84d7361293568f61167d3a1c3e91f0def2d7d3@%3Cdev.arrow.apache.org%3E
• https://github.com/lz4/lz4/compare/v1.9.1...v1.9.2
• https://github.com/lz4/lz4/issues/801
• https://github.com/lz4/lz4/pull/756
• https://github.com/lz4/lz4/pull/760
• https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15941
• https://lists.apache.org/thread.html/r0fb226357e7988a241b06b93bab065bcea2eb38658b382e485960e26@%3Cissues.kudu.apache.org%3E
• https://www.oracle.com/security-alerts/cpuoct2020.html
• https://lists.apache.org/thread.html/543302d55e2d2da4311994e9b0debdc676bf3fd05e1a2be3407aa2d6@%3Cissues.arrow.apache.org%3E
• https://lists.apache.org/thread.html/r4068ba81066792f2b4d208b39c4c4713c5d4c79bd8cb6c1904af5720@%3Cissues.kudu.apache.org%3E
• https://lists.apache.org/thread.html/r7bc72200f94298bc9a0e35637f388deb53467ca4b2e2ad1ff66d8960@%3Cissues.kudu.apache.org%3E
• https://www.oracle.com//security-alerts/cpujul2021.html
• http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00069.html
• http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00070.html
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-17543
• https://security.netapp.com/advisory/ntap-20210723-0001/
• https://lists.apache.org/thread.html/25015588b770d67470b7ba7ea49a305d6735dd7f00eabe7d50ec1e17%40%3Cissues.arrow.apache.org%3E
• https://lists.apache.org/thread.html/543302d55e2d2da4311994e9b0debdc676bf3fd05e1a2be3407aa2d6%40%3Cissues.arrow.apache.org%3E
• https://lists.apache.org/thread.html/793012683dc0fa6819b7c2560e6cf990811014c40c7d75412099c357%40%3Cissues.arrow.apache.org%3E
• https://lists.apache.org/thread.html/9ff0606d16be2ab6a81619e1c9e23c3e251756638e36272c8c8b7fa3%40%3Cissues.arrow.apache.org%3E
• https://lists.apache.org/thread.html/f0038c4fab2ee25aee849ebeff6b33b3aa89e07ccfb06b5c87b36316%40%3Cissues.arrow.apache.org%3E
• https://lists.apache.org/thread.html/f506bc371d4a068d5d84d7361293568f61167d3a1c3e91f0def2d7d3%40%3Cdev.arrow.apache.org%3E
• https://lists.apache.org/thread.html/r0fb226357e7988a241b06b93bab065bcea2eb38658b382e485960e26%40%3Cissues.kudu.apache.org%3E
• https://lists.apache.org/thread.html/r4068ba81066792f2b4d208b39c4c4713c5d4c79bd8cb6c1904af5720%40%3Cissues.kudu.apache.org%3E
• https://lists.apache.org/thread.html/r7bc72200f94298bc9a0e35637f388deb53467ca4b2e2ad1ff66d8960%40%3Cissues.kudu.apache.org%3E

NVD Description

Note: Versions mentioned in the description apply only to the upstream perl package and not the perl package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.

Remediation

There is no fixed version for Debian:10 perl.

References

• https://security-tracker.debian.org/tracker/CVE-2023-31484
• https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/
• https://github.com/andk/cpanpm/pull/175
• https://metacpan.org/dist/CPAN/changes
• https://www.openwall.com/lists/oss-security/2023/04/18/14
• http://www.openwall.com/lists/oss-security/2023/04/29/1
• http://www.openwall.com/lists/oss-security/2023/05/03/3
• http://www.openwall.com/lists/oss-security/2023/05/03/5
• http://www.openwall.com/lists/oss-security/2023/05/07/2
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BM6UW55CNFUTNGD5ZRKGUKKKFDJGMFHL/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LEGCEOKFJVBJ2QQ6S2H4NAEWTUERC7SB/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BM6UW55CNFUTNGD5ZRKGUKKKFDJGMFHL/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LEGCEOKFJVBJ2QQ6S2H4NAEWTUERC7SB/

NVD Description

Note: Versions mentioned in the description apply only to the upstream perl package and not the perl package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.

Remediation

There is no fixed version for Debian:10 perl.

References

• https://security-tracker.debian.org/tracker/CVE-2023-31486
• https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/
• https://hackeriet.github.io/cpan-http-tiny-overview/
• https://www.openwall.com/lists/oss-security/2023/04/18/14
• https://www.reddit.com/r/perl/comments/111tadi/psa_httptiny_disabled_ssl_verification_by_default/
• http://www.openwall.com/lists/oss-security/2023/04/29/1
• http://www.openwall.com/lists/oss-security/2023/05/03/3
• http://www.openwall.com/lists/oss-security/2023/05/03/5
• https://www.openwall.com/lists/oss-security/2023/05/03/4
• http://www.openwall.com/lists/oss-security/2023/05/07/2
• https://github.com/chansen/p5-http-tiny/pull/153

NVD Description

Note: Versions mentioned in the description apply only to the upstream bash package and not the bash package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support "saved UID" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use "enable -f" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected.

Remediation

There is no fixed version for Debian:10 bash.

References

• https://security-tracker.debian.org/tracker/CVE-2019-18276
• https://security.netapp.com/advisory/ntap-20200430-0003/
• https://security.gentoo.org/glsa/202105-34
• https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
• http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
• https://www.youtube.com/watch?v=-wGtxJ8opa8
• https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-18276
• https://www.oracle.com/security-alerts/cpuapr2022.html
• https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E
• https://www.exploit-db.com/exploits/47726

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function bfd_mach_o_get_synthetic_symtab in match-o.c.

Remediation

There is no fixed version for Debian:10 binutils.

References

• https://security-tracker.debian.org/tracker/CVE-2022-47695
• https://sourceware.org/bugzilla/show_bug.cgi?id=29846

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function compare_symbols.

Remediation

There is no fixed version for Debian:10 binutils.

References

• https://security-tracker.debian.org/tracker/CVE-2022-47696
• https://sourceware.org/bugzilla/show_bug.cgi?id=29677

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt.

Remediation

There is no fixed version for Debian:10 binutils.

References

• https://security-tracker.debian.org/tracker/CVE-2018-18483
• https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87602
• https://sourceware.org/bugzilla/show_bug.cgi?id=23767
• http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html
• http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html
• http://www.securityfocus.com/bid/105689
• https://usn.ubuntu.com/4326-1/
• https://usn.ubuntu.com/4336-1/
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-18483

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confidentiality, integrity, and availability.

Remediation

There is no fixed version for Debian:10 binutils.

References

• https://security-tracker.debian.org/tracker/CVE-2021-20294
• https://bugzilla.redhat.com/show_bug.cgi?id=1943533
• https://sourceware.org/bugzilla/show_bug.cgi?id=26929
• https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
• https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
• https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=372dd157272e0674d13372655cc60eaca9c06926
• https://security.gentoo.org/glsa/202208-30
• https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
• https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
• https://sourceware.org/git/?p=binutils-gdb.git%3Ba=patch%3Bh=372dd157272e0674d13372655cc60eaca9c06926

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet.

Remediation

There is no fixed version for Debian:10 binutils.

References

• https://security-tracker.debian.org/tracker/CVE-2019-1010180
• https://security.gentoo.org/glsa/202003-31
• https://sourceware.org/bugzilla/show_bug.cgi?id=23657
• http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html
• http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html
• http://www.securityfocus.com/bid/109367
• http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00028.html
• http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00029.html
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-1010180

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c after many recursive calls.

Remediation

There is no fixed version for Debian:10 binutils.

References

• https://security-tracker.debian.org/tracker/CVE-2019-9070
• https://support.f5.com/csp/article/K13534168
• https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89395
• https://sourceware.org/bugzilla/show_bug.cgi?id=24229
• https://security.netapp.com/advisory/ntap-20190314-0003/
• http://www.securityfocus.com/bid/107147
• https://usn.ubuntu.com/4326-1/
• https://usn.ubuntu.com/4336-1/
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-9070
• https://security.gentoo.org/glsa/202107-24

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

An issue was discovered in Binutils addr2line before 2.39.3, function parse_module contains multiple out of bound reads which may cause a denial of service or other unspecified impacts.

Remediation

There is no fixed version for Debian:10 binutils.

References

• https://security-tracker.debian.org/tracker/CVE-2022-47673
• https://sourceware.org/bugzilla/show_bug.cgi?id=29876

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.

Remediation

There is no fixed version for Debian:10 binutils.

References

• https://security-tracker.debian.org/tracker/CVE-2021-45078
• https://sourceware.org/bugzilla/show_bug.cgi?id=28694
• https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=161e87d12167b1e36193385485c1f6ce92f74f02
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQBH244M5PV6S6UMHUTCVCWFZDX7Y4M6/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UUHLDDT3HH7YEY6TX7IJRGPJUTNNVEL3/
• https://security.netapp.com/advisory/ntap-20220107-0002/
• https://security.gentoo.org/glsa/202208-30
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQBH244M5PV6S6UMHUTCVCWFZDX7Y4M6/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UUHLDDT3HH7YEY6TX7IJRGPJUTNNVEL3/
• https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=161e87d12167b1e36193385485c1f6ce92f74f02

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c.

Remediation

There is no fixed version for Debian:10 binutils.

References

• https://security-tracker.debian.org/tracker/CVE-2019-9075
• https://support.f5.com/csp/article/K42059040
• https://sourceware.org/bugzilla/show_bug.cgi?id=24236
• https://security.netapp.com/advisory/ntap-20190314-0003/
• http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00078.html
• http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00004.html
• https://usn.ubuntu.com/4336-1/
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-9075
• https://security.gentoo.org/glsa/202107-24

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section.

Remediation

There is no fixed version for Debian:10 binutils.

References

• https://security-tracker.debian.org/tracker/CVE-2019-9077
• https://support.f5.com/csp/article/K00056379
• https://sourceware.org/bugzilla/show_bug.cgi?id=24243
• https://security.netapp.com/advisory/ntap-20190314-0003/
• http://www.securityfocus.com/bid/107139
• http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00078.html
• http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00004.html
• https://usn.ubuntu.com/4336-1/
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-9077
• https://security.gentoo.org/glsa/202107-24

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f.

Remediation

There is no fixed version for Debian:10 binutils.

References

• https://security-tracker.debian.org/tracker/CVE-2018-1000876
• https://sourceware.org/bugzilla/show_bug.cgi?id=23994
• https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=3a551c7a1b80fca579461774860574eabfd7f18f
• https://access.redhat.com/errata/RHSA-2019:2075
• http://www.securityfocus.com/bid/106304
• http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html
• http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html
• https://usn.ubuntu.com/4336-1/
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-1000876
• https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=3a551c7a1b80fca579461774860574eabfd7f18f

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h because the number of program headers is not restricted.

Remediation

There is no fixed version for Debian:10 binutils.

References

• https://security-tracker.debian.org/tracker/CVE-2018-19931
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19931
• https://security.gentoo.org/glsa/201908-01
• https://sourceware.org/bugzilla/show_bug.cgi?id=23942
• https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5f60af5d24d181371d67534fa273dd221df20c07
• https://security.netapp.com/advisory/ntap-20190221-0004/
• http://www.securityfocus.com/bid/106144
• http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html
• http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html
• https://usn.ubuntu.com/4336-1/
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-19931
• https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=5f60af5d24d181371d67534fa273dd221df20c07

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64.

Remediation

There is no fixed version for Debian:10 binutils.

References

• https://security-tracker.debian.org/tracker/CVE-2023-1579
• https://sourceware.org/bugzilla/show_bug.cgi?id=29988
• https://security.netapp.com/advisory/ntap-20230511-0009/
• https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=11d171f1910b508a81d21faa087ad1af573407d8
• https://security.gentoo.org/glsa/202309-15
• https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=11d171f1910b508a81d21faa087ad1af573407d8

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

Heap buffer overflow vulnerability in binutils readelf before 2.40 via function display_debug_section in file readelf.c.

Remediation

There is no fixed version for Debian:10 binutils.

References

• https://security-tracker.debian.org/tracker/CVE-2022-45703
• https://sourceware.org/bugzilla/show_bug.cgi?id=29799
• https://security.netapp.com/advisory/ntap-20231006-0003/

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

Heap buffer overflow vulnerability in binutils readelf before 2.40 via function find_section_in_set in file readelf.c.

Remediation

There is no fixed version for Debian:10 binutils.

References

• https://security-tracker.debian.org/tracker/CVE-2022-44840
• https://sourceware.org/bugzilla/show_bug.cgi?id=29732

NVD Description

Note: Versions mentioned in the description apply only to the upstream e2fsprogs package and not the e2fsprogs package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.

Remediation

There is no fixed version for Debian:10 e2fsprogs.

References

• https://security-tracker.debian.org/tracker/CVE-2022-1304
• https://bugzilla.redhat.com/show_bug.cgi?id=2069726
• https://access.redhat.com/errata/RHSA-2022:7720
• https://access.redhat.com/errata/RHSA-2022:8361
• https://access.redhat.com/security/cve/CVE-2022-1304

NVD Description

Note: Versions mentioned in the description apply only to the upstream freetype package and not the freetype package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based buffer overflow.

Remediation

There is no fixed version for Debian:10 freetype.

References

• https://security-tracker.debian.org/tracker/CVE-2022-31782
• https://gitlab.freedesktop.org/freetype/freetype-demos/-/issues/8

NVD Description

Note: Versions mentioned in the description apply only to the upstream gdk-pixbuf package and not the gdk-pixbuf package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk in io-ani.c) when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a denial of service or code execution attack. This occurs in gdk_pixbuf_set_option() in gdk-pixbuf.c.

Remediation

There is no fixed version for Debian:10 gdk-pixbuf.

References

• https://security-tracker.debian.org/tracker/CVE-2022-48622
• https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/202

NVD Description

Note: Versions mentioned in the description apply only to the upstream git package and not the git package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted .gitmodules file with submodule URLs that are longer than 1024 characters can used to exploit a bug in config.c::git_config_copy_or_rename_section_in_file(). This bug can be used to inject arbitrary configuration into a user's $GIT_DIR/config when attempting to remove the configuration section associated with that submodule. When the attacker injects configuration values which specify executables to run (such as core.pager, core.editor, core.sshCommand, etc.) this can lead to a remote code execution. A fix A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running git submodule deinit on untrusted repositories or without prior inspection of any submodule sections in $GIT_DIR/config.

Remediation

There is no fixed version for Debian:10 git.

References

• https://security-tracker.debian.org/tracker/CVE-2023-29007
• https://github.com/git/git/blob/9ce9dea4e1c2419cca126d29fa7730baa078a11b/Documentation/RelNotes/2.30.9.txt
• https://github.com/git/git/commit/528290f8c61222433a8cf02fb7cfffa8438432b4
• https://github.com/git/git/security/advisories/GHSA-v48j-4xgg-4844
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PI7FZ4NNR5S5J5K6AMVQBH2JFP6NE4L7/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YFZWGQKB6MM5MNF2DLFTD7KS2KWPICKL/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RKOXOAZ42HLXHXTW6JZI4L5DAIYDTYCU/
• https://security.gentoo.org/glsa/202312-15

NVD Description

Note: Versions mentioned in the description apply only to the upstream glib2.0 package and not the glib2.0 package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in g_option_group_add_entries. NOTE: the vendor's position is "Realistically this is not a security issue. The standard pattern is for callers to provide a static list of option entries in a fixed number of calls to g_option_group_add_entries()." The researcher states that this pattern is undocumented

Remediation

There is no fixed version for Debian:10 glib2.0.

References

• https://security-tracker.debian.org/tracker/CVE-2020-35457
• https://gitlab.gnome.org/GNOME/glib/-/commit/63c5b62f0a984fac9a9700b12f54fe878e016a5d
• https://gitlab.gnome.org/GNOME/glib/-/issues/2197
• https://gitlab.gnome.org/GNOME/glib/-/releases/2.65.3

NVD Description

Note: Versions mentioned in the description apply only to the upstream libheif package and not the libheif package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

There is a vulnerability in the strided image data parsing code in the emscripten wrapper for libheif. An attacker could exploit this through a crafted image file to cause a buffer overflow in linear memory during a memcpy call.

Remediation

There is no fixed version for Debian:10 libheif.

References

• https://security-tracker.debian.org/tracker/CVE-2023-0996
• https://github.com/strukturag/libheif/pull/759
• https://govtech-csg.github.io/security-advisories/2023/02/24/CVE-2023-0996.html

NVD Description

Note: Versions mentioned in the description apply only to the upstream openjpeg2 package and not the openjpeg2 package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg.

Remediation

There is no fixed version for Debian:10 openjpeg2.

References

• https://security-tracker.debian.org/tracker/CVE-2021-3575
• https://bugzilla.redhat.com/show_bug.cgi?id=1957616
• https://github.com/uclouvain/openjpeg/issues/1347
• https://ubuntu.com/security/CVE-2021-3575
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QB6AI7CWXWMEDZIQY4LQ6DMIEXMDOHUP/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZ54FGM2IGAP4AWSJ22JKHOPHCR3FGYU/
• https://access.redhat.com/errata/RHSA-2021:4251
• https://access.redhat.com/security/cve/CVE-2021-3575
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ54FGM2IGAP4AWSJ22JKHOPHCR3FGYU/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QB6AI7CWXWMEDZIQY4LQ6DMIEXMDOHUP/

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and local code execution because of an error in the XMSS key parsing algorithm. NOTE: the XMSS implementation is considered experimental in all released OpenSSH versions, and there is no supported way to enable it when building portable OpenSSH.

Remediation

There is no fixed version for Debian:10 openssh.

References

• https://security-tracker.debian.org/tracker/CVE-2019-16905
• https://www.openssh.com/releasenotes.html
• https://security.gentoo.org/glsa/201911-01
• https://0day.life/exploits/0day-1009.html
• https://bugzilla.suse.com/show_bug.cgi?id=1153537
• https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshkey-xmss.c
• https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshkey-xmss.c.diff?r1=1.5&r2=1.6&f=h
• https://ssd-disclosure.com/archives/4033/ssd-advisory-openssh-pre-auth-xmss-integer-overflow
• https://security.netapp.com/advisory/ntap-20191024-0003/
• https://www.openwall.com/lists/oss-security/2019/10/09/1
• https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."

Remediation

There is no fixed version for Debian:10 openssh.

References

• https://security-tracker.debian.org/tracker/CVE-2020-15778
• https://security.netapp.com/advisory/ntap-20200731-0007/
• https://github.com/cpandya2909/CVE-2020-15778/
• https://news.ycombinator.com/item?id=25005567
• https://www.openssh.com/security.html
• https://github.com/cpandya2909/CVE-2020-15778#example
• https://security.gentoo.org/glsa/202212-06

NVD Description

Note: Versions mentioned in the description apply only to the upstream pcre3 package and not the pcre3 package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.

Remediation

There is no fixed version for Debian:10 pcre3.

References

• https://security-tracker.debian.org/tracker/CVE-2017-7245
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7245
• https://security.gentoo.org/glsa/201710-25
• https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/
• https://access.redhat.com/errata/RHSA-2018:2486
• http://www.securityfocus.com/bid/97067
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7245

NVD Description

Note: Versions mentioned in the description apply only to the upstream pcre3 package and not the pcre3 package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.

Remediation

There is no fixed version for Debian:10 pcre3.

References

• https://security-tracker.debian.org/tracker/CVE-2017-7246
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7246
• https://security.gentoo.org/glsa/201710-25
• https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/
• https://access.redhat.com/errata/RHSA-2018:2486
• http://www.securityfocus.com/bid/97067
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7246

NVD Description

Note: Versions mentioned in the description apply only to the upstream perl package and not the perl package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

CPAN 2.28 allows Signature Verification Bypass.

Remediation

There is no fixed version for Debian:10 perl.

References

• https://security-tracker.debian.org/tracker/CVE-2020-16156
• https://metacpan.org/pod/distribution/CPAN/scripts/cpan
• https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
• http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SZ32AJIV4RHJMLWLU5QULGKMMIHYOMDC/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SD6RYOJII7HRJ6WVORFNVTYNOFY5JDXN/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SD6RYOJII7HRJ6WVORFNVTYNOFY5JDXN/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SZ32AJIV4RHJMLWLU5QULGKMMIHYOMDC/

NVD Description

Note: Versions mentioned in the description apply only to the upstream shadow package and not the shadow package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affects shadow 4.8 when compiled using --with-libpam but without explicitly passing --disable-account-tools-setuid, and without a PAM configuration suitable for use with setuid account management tools. This combination leads to account management tools (groupadd, groupdel, groupmod, useradd, userdel, usermod) that can easily be used by unprivileged local users to escalate privileges to root in multiple ways. This issue became much more relevant in approximately December 2019 when an unrelated bug was fixed (i.e., the chmod calls to suidusbins were fixed in the upstream Makefile which is now included in the release version 4.8).

Remediation

There is no fixed version for Debian:10 shadow.

References

• https://security-tracker.debian.org/tracker/CVE-2019-19882
• https://security.gentoo.org/glsa/202008-09
• https://github.com/shadow-maint/shadow/commit/edf7547ad5aa650be868cf2dac58944773c12d75
• https://github.com/shadow-maint/shadow/pull/199
• https://github.com/void-linux/void-packages/pull/17580
• https://bugs.archlinux.org/task/64836
• https://bugs.gentoo.org/702252

NVD Description

Note: Versions mentioned in the description apply only to the upstream systemd package and not the systemd package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled.

Remediation

There is no fixed version for Debian:10 systemd.

References

• https://security-tracker.debian.org/tracker/CVE-2019-3843
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5JXQAKSTMABZ46EVCRMW62DHWYHTTFES/
• https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
• https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
• https://security.netapp.com/advisory/ntap-20190619-0002/
• https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3843
• http://www.securityfocus.com/bid/108116
• https://usn.ubuntu.com/4269-1/
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-3843
• https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
• https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5JXQAKSTMABZ46EVCRMW62DHWYHTTFES/

NVD Description

Note: Versions mentioned in the description apply only to the upstream systemd package and not the systemd package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.

Remediation

There is no fixed version for Debian:10 systemd.

References

• https://security-tracker.debian.org/tracker/CVE-2019-3844
• https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
• https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
• https://security.netapp.com/advisory/ntap-20190619-0002/
• https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3844
• http://www.securityfocus.com/bid/108096
• https://usn.ubuntu.com/4269-1/
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-3844
• https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
• https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt.

Remediation

There is no fixed version for Debian:10 binutils.

References

• https://security-tracker.debian.org/tracker/CVE-2018-12934
• https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763101
• https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85453
• https://sourceware.org/bugzilla/show_bug.cgi?id=23059
• https://usn.ubuntu.com/4336-1/
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-12934
• https://usn.ubuntu.com/4326-1/

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the "Create an array for saving the template argument values" XNEWVEC call. This can occur during execution of objdump.

Remediation

There is no fixed version for Debian:10 binutils.

References

• https://security-tracker.debian.org/tracker/CVE-2018-12698
• https://security.gentoo.org/glsa/201908-01
• https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102
• https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454
• https://sourceware.org/bugzilla/show_bug.cgi?id=23057
• http://www.securityfocus.com/bid/104539
• https://usn.ubuntu.com/4326-1/
• https://usn.ubuntu.com/4336-1/
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-12698

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

GNU Binutils before 2.34 has an uninitialized-heap vulnerability in function tic4x_print_cond (file opcodes/tic4x-dis.c) which could allow attackers to make an information leak.

Remediation

There is no fixed version for Debian:10 binutils.

References

• https://security-tracker.debian.org/tracker/CVE-2020-35342
• https://sourceware.org/bugzilla/show_bug.cgi?id=25319
• https://security.netapp.com/advisory/ntap-20231006-0009/

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump.

Remediation

There is no fixed version for Debian:10 binutils.

References

• https://security-tracker.debian.org/tracker/CVE-2018-12697
• https://security.gentoo.org/glsa/201908-01
• https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102
• https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454
• https://sourceware.org/bugzilla/show_bug.cgi?id=23057
• https://access.redhat.com/errata/RHSA-2019:2075
• http://www.securityfocus.com/bid/104538
• https://usn.ubuntu.com/4326-1/
• https://usn.ubuntu.com/4336-1/
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-12697

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

Heap-based Buffer Overflow in function bfd_getl32 in Binutils objdump 3.37.

Remediation

There is no fixed version for Debian:10 binutils.

References

• https://security-tracker.debian.org/tracker/CVE-2021-46174
• https://sourceware.org/bugzilla/show_bug.cgi?id=28753

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash.

Remediation

There is no fixed version for Debian:10 binutils.

References

• https://security-tracker.debian.org/tracker/CVE-2021-3530
• https://security.netapp.com/advisory/ntap-20210716-0006/
• https://bugzilla.redhat.com/show_bug.cgi?id=1956423
• https://src.fedoraproject.org/rpms/binutils/blob/rawhide/f/binutils-CVE-2021-3530.patch
• https://security.gentoo.org/glsa/202208-30

NVD Description

Note: Versions mentioned in the description apply only to the upstream gcc-8 package and not the gcc-8 package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same.

Remediation

There is no fixed version for Debian:10 gcc-8.

References

• https://security-tracker.debian.org/tracker/CVE-2019-15847
• https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91481
• http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00056.html
• http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00057.html
• http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00058.html

NVD Description

Note: Versions mentioned in the description apply only to the upstream git package and not the git package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to git apply --reject, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using git apply with --reject when applying patches from an untrusted source. Use git apply --stat to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the *.rej file exists.

Remediation

There is no fixed version for Debian:10 git.

References

• https://security-tracker.debian.org/tracker/CVE-2023-25652
• https://github.com/git/git/commit/18e2b1cfc80990719275d7b08e6e50f3e8cbc902
• https://github.com/git/git/commit/668f2d53613ac8fd373926ebe219f2c29112d93e
• https://github.com/git/git/security/advisories/GHSA-2hvf-7c8p-28fx
• http://www.openwall.com/lists/oss-security/2023/04/25/2
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PI7FZ4NNR5S5J5K6AMVQBH2JFP6NE4L7/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YFZWGQKB6MM5MNF2DLFTD7KS2KWPICKL/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RKOXOAZ42HLXHXTW6JZI4L5DAIYDTYCU/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BSXOGVVBJLYX26IAYX6PJSYQB36BREWH/
• https://security.gentoo.org/glsa/202312-15

NVD Description

Note: Versions mentioned in the description apply only to the upstream git package and not the git package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

The --mirror documentation for Git through 2.35.1 does not mention the availability of deleted content, aka the "GitBleed" issue. This could present a security risk if information-disclosure auditing processes rely on a clone operation without the --mirror option.

Remediation

There is no fixed version for Debian:10 git.

References

• https://security-tracker.debian.org/tracker/CVE-2022-24975
• https://wwws.nightwatchcybersecurity.com/2022/02/11/gitbleed/
• https://github.com/git/git/blob/2dc94da3744bfbbf145eca587a0f5ff480cc5867/Documentation/git-clone.txt#L185-L191

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\1\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern

Remediation

There is no fixed version for Debian:10 glibc.

References

• https://security-tracker.debian.org/tracker/CVE-2019-9192
• https://support.f5.com/csp/article/K26346590?utm_source=f5support&utm_medium=RSS
• https://sourceware.org/bugzilla/show_bug.cgi?id=24269
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-9192
• https://support.f5.com/csp/article/K26346590?utm_source=f5support&amp%3Butm_medium=RSS

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\1\1|t1|\\2537)+' in grep.

Remediation

There is no fixed version for Debian:10 glibc.

References

• https://security-tracker.debian.org/tracker/CVE-2018-20796
• https://support.f5.com/csp/article/K26346590?utm_source=f5support&utm_medium=RSS
• https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141
• https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html
• https://security.netapp.com/advisory/ntap-20190315-0002/
• http://www.securityfocus.com/bid/107160
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-20796
• https://support.f5.com/csp/article/K26346590?utm_source=f5support&amp%3Butm_medium=RSS

NVD Description

Note: Versions mentioned in the description apply only to the upstream gnupg2 package and not the gnupg2 package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18.

Remediation

There is no fixed version for Debian:10 gnupg2.

References

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14855
• https://security-tracker.debian.org/tracker/CVE-2019-14855
• https://dev.gnupg.org/T4755
• https://lists.gnupg.org/pipermail/gnupg-announce/2019q4/000442.html
• https://rwc.iacr.org/2020/slides/Leurent.pdf
• https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14855
• https://usn.ubuntu.com/4516-1/
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-14855

NVD Description

Note: Versions mentioned in the description apply only to the upstream harfbuzz package and not the harfbuzz package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.

Remediation

There is no fixed version for Debian:10 harfbuzz.

References

• https://security-tracker.debian.org/tracker/CVE-2023-25193
• https://chromium.googlesource.com/chromium/src/+/e1f324aa681af54101c1f2d173d92adb80e37088/DEPS#361
• https://github.com/harfbuzz/harfbuzz/blob/2822b589bc837fae6f66233e2cf2eef0f6ce8470/src/hb-ot-layout-gsubgpos.hh
• https://github.com/harfbuzz/harfbuzz/commit/85be877925ddbf34f74a1229f3ca1716bb6170dc
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWCHWSICWVZSAXP2YAXM65JC2GR53547/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZ5M2GSAIHFPLHYJXUPQ2QDJCLWXUGO3/
• https://security.netapp.com/advisory/ntap-20230725-0006/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWCHWSICWVZSAXP2YAXM65JC2GR53547/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZ5M2GSAIHFPLHYJXUPQ2QDJCLWXUGO3/

NVD Description

Note: Versions mentioned in the description apply only to the upstream imagemagick package and not the imagemagick package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.

Remediation

There is no fixed version for Debian:10 imagemagick.

References

• https://security-tracker.debian.org/tracker/CVE-2021-20311
• https://bugzilla.redhat.com/show_bug.cgi?id=1946739

NVD Description

Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.

Remediation

There is no fixed version for Debian:10 krb5.

References

• https://security-tracker.debian.org/tracker/CVE-2018-5709
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709
• https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow
• https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-5709
• https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E

NVD Description

Note: Versions mentioned in the description apply only to the upstream libgcrypt20 package and not the libgcrypt20 package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP.

Remediation

There is no fixed version for Debian:10 libgcrypt20.

References

• https://security-tracker.debian.org/tracker/CVE-2021-33560
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BKKTOIGFW2SGN3DO2UHHVZ7MJSYN4AAB/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7OAPCUGPF3VLA7QAJUQSL255D4ITVTL/
• https://dev.gnupg.org/rCe8b7f10be275bcedb5fc05ed4837a89bfd605c61
• https://dev.gnupg.org/T5305
• https://dev.gnupg.org/T5328
• https://dev.gnupg.org/T5466
• https://www.oracle.com/security-alerts/cpuoct2021.html
• https://lists.debian.org/debian-lts-announce/2021/06/msg00021.html
• https://www.oracle.com/security-alerts/cpujan2022.html
• https://www.oracle.com/security-alerts/cpuapr2022.html
• https://www.oracle.com/security-alerts/cpujul2022.html
• https://security.gentoo.org/glsa/202210-13
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BKKTOIGFW2SGN3DO2UHHVZ7MJSYN4AAB/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7OAPCUGPF3VLA7QAJUQSL255D4ITVTL/

NVD Description

Note: Versions mentioned in the description apply only to the upstream libgcrypt20 package and not the libgcrypt20 package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.

Remediation

There is no fixed version for Debian:10 libgcrypt20.

References

• https://security-tracker.debian.org/tracker/CVE-2018-6829
• https://github.com/weikengchen/attack-on-libgcrypt-elgamal
• https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki
• https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html
• https://www.oracle.com/security-alerts/cpujan2020.html

NVD Description

Note: Versions mentioned in the description apply only to the upstream libidn2 package and not the libidn2 package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the inclusion of certain punycoded Unicode characters (that would be discarded when converted first to a Unicode label and then back to an ASCII label), arbitrary domains can be impersonated.

Remediation

There is no fixed version for Debian:10 libidn2.

References

• https://security-tracker.debian.org/tracker/CVE-2019-12290
• https://gitlab.com/libidn/libidn2/commit/614117ef6e4c60e1950d742e3edf0a0ef8d389de
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UFT76Y7OSGPZV3EBEHD6ISVUM3DLARM/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXDKYWFV6N2HHVSE67FFDM7G3FEL2ZNE/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ONG3GJRRJO35COPGVJXXSZLU4J5Y42AT/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RSI4TI2JTQWQ3YEUX5X36GTVGKO4QKZ5/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6ZXL2RDNQRAHCMKWPOMJFKYJ344X4HL/
• https://security.gentoo.org/glsa/202003-63
• https://gitlab.com/libidn/libidn2/commit/241e8f486134793cb0f4a5b0e5817a97883401f5
• https://gitlab.com/libidn/libidn2/merge_requests/71
• http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00008.html
• http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00009.html
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-12290
• https://usn.ubuntu.com/4168-1/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFT76Y7OSGPZV3EBEHD6ISVUM3DLARM/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KXDKYWFV6N2HHVSE67FFDM7G3FEL2ZNE/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ONG3GJRRJO35COPGVJXXSZLU4J5Y42AT/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RSI4TI2JTQWQ3YEUX5X36GTVGKO4QKZ5/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6ZXL2RDNQRAHCMKWPOMJFKYJ344X4HL/

NVD Description

Note: Versions mentioned in the description apply only to the upstream libjpeg-turbo package and not the libjpeg-turbo package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF.

Remediation

There is no fixed version for Debian:10 libjpeg-turbo.

References

• https://security-tracker.debian.org/tracker/CVE-2018-11813
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11813
• https://github.com/ChijinZ/security_advisories/tree/master/libjpeg-v9c
• https://bugs.gentoo.org/727908
• https://github.com/ChijinZ/security_advisories/blob/master/libjpeg-v9c/mail.pdf
• http://www.ijg.org/files/jpegsrc.v9d.tar.gz
• http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00015.html
• http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00015.html
• https://access.redhat.com/errata/RHSA-2019:2052

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2 package and not the libxml2 package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.

Remediation

There is no fixed version for Debian:10 libxml2.

References

• https://security-tracker.debian.org/tracker/CVE-2017-16932
• https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html
• https://bugzilla.gnome.org/show_bug.cgi?id=759579
• http://xmlsoft.org/news.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16932
• https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html
• https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961
• https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
• https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-16932
• https://usn.ubuntu.com/3739-1/
• https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html
• https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
• https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2 package and not the libxml2 package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code sequence in the application. The vulnerability is caused by the iterwalk function (also used by the canonicalize function). Such code shouldn't be in wide-spread use, given that parsing + iterwalk would usually be replaced with the more efficient iterparse function. However, an XML converter that serialises to C14N would also be vulnerable, for example, and there are legitimate use cases for this code sequence. If untrusted input is received (also remotely) and processed via iterwalk function, a crash can be triggered.

Remediation

There is no fixed version for Debian:10 libxml2.

References

• https://security-tracker.debian.org/tracker/CVE-2022-2309
• https://huntr.dev/bounties/8264e74f-edda-4c40-9956-49de635105ba
• https://github.com/lxml/lxml/commit/86368e9cf70a0ad23cccd5ee32de847149af0c6f
• https://security.gentoo.org/glsa/202208-06
• https://security.netapp.com/advisory/ntap-20220915-0006/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/URHHSIBTPTALXMECRLAC2EVDNAFSR5NO/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HGYC6L7ENH5VEGN3YWFBYMGKX6WNS7HZ/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HGYC6L7ENH5VEGN3YWFBYMGKX6WNS7HZ/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/URHHSIBTPTALXMECRLAC2EVDNAFSR5NO/

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2 package and not the libxml2 package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.

Remediation

There is no fixed version for Debian:10 libxml2.

References

• https://security-tracker.debian.org/tracker/CVE-2024-25062
• https://gitlab.gnome.org/GNOME/libxml2/-/issues/604
• https://gitlab.gnome.org/GNOME/libxml2/-/tags

NVD Description

Note: Versions mentioned in the description apply only to the upstream openexr package and not the openexr package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

A flaw was found in OpenEXR's hufDecode functionality. This flaw allows an attacker who can pass a crafted file to be processed by OpenEXR, to trigger an undefined right shift error. The highest threat from this vulnerability is to system availability.

Remediation

There is no fixed version for Debian:10 openexr.

References

• https://security-tracker.debian.org/tracker/CVE-2021-20304
• https://access.redhat.com/security/cve/CVE-2021-20304
• https://github.com/AcademySoftwareFoundation/openexr/pull/849
• https://github.com/AcademySoftwareFoundation/openexr/commit/51a92d67f53c08230734e74564c807043cbfe41e
• https://bugzilla.redhat.com/show_bug.cgi?id=1939157
• https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26229
• https://security.gentoo.org/glsa/202210-31

NVD Description

Note: Versions mentioned in the description apply only to the upstream openjpeg2 package and not the openjpeg2 package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

There is a NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) of OpenJPEG 2.1.2. image->comps[compno].data is not assigned a value after initialization(NULL). Impact is Denial of Service.

Remediation

There is no fixed version for Debian:10 openjpeg2.

References

• https://security-tracker.debian.org/tracker/CVE-2016-9114
• https://security.gentoo.org/glsa/201710-26
• https://github.com/uclouvain/openjpeg/issues/857
• http://www.securityfocus.com/bid/93979
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9114

NVD Description

Note: Versions mentioned in the description apply only to the upstream openjpeg2 package and not the openjpeg2 package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

There is a NULL pointer dereference in function imagetobmp of convertbmp.c:980 of OpenJPEG 2.1.2. image->comps[0].data is not assigned a value after initialization(NULL). Impact is Denial of Service.

Remediation

There is no fixed version for Debian:10 openjpeg2.

References

• https://security-tracker.debian.org/tracker/CVE-2016-9113
• https://security.gentoo.org/glsa/201710-26
• https://github.com/uclouvain/openjpeg/issues/856
• http://www.securityfocus.com/bid/93980
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9113

NVD Description

Note: Versions mentioned in the description apply only to the upstream openldap package and not the openldap package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.

Remediation

There is no fixed version for Debian:10 openldap.

References

• https://security-tracker.debian.org/tracker/CVE-2015-3276
• http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
• https://bugzilla.redhat.com/show_bug.cgi?id=1238322
• http://rhn.redhat.com/errata/RHSA-2015-2131.html
• http://www.securitytracker.com/id/1034221
• https://access.redhat.com/errata/RHSA-2015:2131
• https://access.redhat.com/security/cve/CVE-2015-3276

NVD Description

Note: Versions mentioned in the description apply only to the upstream openldap package and not the openldap package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.

Remediation

There is no fixed version for Debian:10 openldap.

References

• https://security-tracker.debian.org/tracker/CVE-2023-2953
• https://access.redhat.com/security/cve/CVE-2023-2953
• https://bugs.openldap.org/show_bug.cgi?id=9904
• https://security.netapp.com/advisory/ntap-20230703-0005/
• https://support.apple.com/kb/HT213843
• https://support.apple.com/kb/HT213844
• https://support.apple.com/kb/HT213845
• http://seclists.org/fulldisclosure/2023/Jul/47
• http://seclists.org/fulldisclosure/2023/Jul/48
• http://seclists.org/fulldisclosure/2023/Jul/52

NVD Description

Note: Versions mentioned in the description apply only to the upstream openldap package and not the openldap package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.

Remediation

There is no fixed version for Debian:10 openldap.

References

• https://security-tracker.debian.org/tracker/CVE-2017-17740
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17740
• http://www.openldap.org/its/index.cgi/Incoming?id=8759
• http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html
• http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html
• https://kc.mcafee.com/corporate/index?page=content&id=SB10365
• https://www.oracle.com/security-alerts/cpuapr2022.html

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client's download directory by creating a crafted subdirectory anywhere on the remote server. The victim must use the command scp -rp to download a file hierarchy containing, anywhere inside, this crafted subdirectory. NOTE: the vendor points out that "this attack can achieve no more than a hostile peer is already able to achieve within the scp protocol" and "utimes does not fail under normal circumstances.

Remediation

There is no fixed version for Debian:10 openssh.

References

• https://security-tracker.debian.org/tracker/CVE-2020-12062
• https://github.com/openssh/openssh-portable/commit/955854cafca88e0cdcd3d09ca1ad4ada465364a1
• https://github.com/openssh/openssh-portable/commit/aad87b88fc2536b1ea023213729aaf4eaabe1894
• https://www.openssh.com/txt/release-8.3
• https://www.openwall.com/lists/oss-security/2020/05/27/1

NVD Description

Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.

Remediation

There is no fixed version for Debian:10 patch.

References

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6952
• https://security-tracker.debian.org/tracker/CVE-2018-6952
• https://security.gentoo.org/glsa/201904-17
• https://savannah.gnu.org/bugs/index.php?53133
• https://access.redhat.com/errata/RHSA-2019:2033
• http://www.securityfocus.com/bid/103047
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-6952

NVD Description

Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a "mangled rename" issue.

Remediation

There is no fixed version for Debian:10 patch.

References

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6951
• https://security-tracker.debian.org/tracker/CVE-2018-6951
• https://security.gentoo.org/glsa/201904-17
• https://git.savannah.gnu.org/cgit/patch.git/commit/?id=f290f48a621867084884bfff87f8093c15195e6a
• https://savannah.gnu.org/bugs/index.php?53132
• http://www.securityfocus.com/bid/103044
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-6951
• https://usn.ubuntu.com/3624-1/

NVD Description

Note: Versions mentioned in the description apply only to the upstream pcre2 package and not the pcre2 package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.