NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat.

Remediation

There is no fixed version for Debian:13 glibc.

References

• https://security-tracker.debian.org/tracker/CVE-2019-1010022
• https://sourceware.org/bugzilla/show_bug.cgi?id=22850
• https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3
• https://ubuntu.com/security/CVE-2019-1010022

NVD Description

Note: Versions mentioned in the description apply only to the upstream imagemagick package and not the imagemagick package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured.

Remediation

There is no fixed version for Debian:13 imagemagick.

References

• https://security-tracker.debian.org/tracker/CVE-2023-34152
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V2ZUHZXQ2C3JZYKPW4XHCMVVL467MA2V/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UFQJCYJ23HWHNDOVKBHZQ7HCXXL6MM3/
• https://access.redhat.com/security/cve/CVE-2023-34152
• https://bugzilla.redhat.com/show_bug.cgi?id=2210659
• https://github.com/ImageMagick/ImageMagick/issues/6339
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UFQJCYJ23HWHNDOVKBHZQ7HCXXL6MM3/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2ZUHZXQ2C3JZYKPW4XHCMVVL467MA2V/

NVD Description

Note: Versions mentioned in the description apply only to the upstream tar package and not the tar package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.

Remediation

There is no fixed version for Debian:13 tar.

References

• https://security-tracker.debian.org/tracker/CVE-2005-2541
• http://marc.info/?l=bugtraq&m=112327628230258&w=2
• https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E
• https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat.

Remediation

There is no fixed version for Debian:13 glibc.

References

• https://security-tracker.debian.org/tracker/CVE-2019-1010023
• https://support.f5.com/csp/article/K11932200?utm_source=f5support&utm_medium=RSS
• https://sourceware.org/bugzilla/show_bug.cgi?id=22851
• http://www.securityfocus.com/bid/109167
• https://ubuntu.com/security/CVE-2019-1010023
• https://support.f5.com/csp/article/K11932200?utm_source=f5support&amp%3Butm_medium=RSS

NVD Description

Note: Versions mentioned in the description apply only to the upstream libwmf package and not the libwmf package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information.

Remediation

There is no fixed version for Debian:13 libwmf.

References

• https://security-tracker.debian.org/tracker/CVE-2009-3546
• http://marc.info/?l=oss-security&m=125562113503923&w=2
• http://svn.php.net/viewvc?view=revision&revision=289557
• http://www.vupen.com/english/advisories/2009/2929
• http://www.vupen.com/english/advisories/2009/2930
• http://www.openwall.com/lists/oss-security/2009/11/20/5
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11199
• http://secunia.com/advisories/37069
• http://secunia.com/advisories/37080
• http://secunia.com/advisories/38055
• http://www.securityfocus.com/bid/36712
• https://access.redhat.com/errata/RHSA-2010:0003
• https://access.redhat.com/errata/RHSA-2010:0040
• https://access.redhat.com/security/cve/CVE-2009-3546
• https://bugzilla.redhat.com/show_bug.cgi?id=529213
• http://www.mandriva.com/security/advisories?name=MDVSA-2009:285
• http://www.redhat.com/support/errata/RHSA-2010-0003.html

NVD Description

Note: Versions mentioned in the description apply only to the upstream openjpeg2 package and not the openjpeg2 package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow.

Remediation

There is no fixed version for Debian:13 openjpeg2.

References

• https://security-tracker.debian.org/tracker/CVE-2016-9580
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9580
• https://security.gentoo.org/glsa/201710-26
• https://github.com/szukw000/openjpeg/commit/cadff5fb6e73398de26a92e96d3d7cac893af255
• https://github.com/uclouvain/openjpeg/issues/871
• https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9580
• http://www.securityfocus.com/bid/94822

NVD Description

Note: Versions mentioned in the description apply only to the upstream openjpeg2 package and not the openjpeg2 package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2.

Remediation

There is no fixed version for Debian:13 openjpeg2.

References

• https://security-tracker.debian.org/tracker/CVE-2016-9581
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9581
• https://security.gentoo.org/glsa/201710-26
• https://github.com/szukw000/openjpeg/commit/cadff5fb6e73398de26a92e96d3d7cac893af255
• https://github.com/uclouvain/openjpeg/issues/872
• https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9581
• http://www.securityfocus.com/bid/94822

NVD Description

Note: Versions mentioned in the description apply only to the upstream openjpeg2 package and not the openjpeg2 package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the function t2_encode_packet in lib/openmj2/t2.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact.

Remediation

There is no fixed version for Debian:13 openjpeg2.

References

• https://security-tracker.debian.org/tracker/CVE-2018-16376
• https://github.com/uclouvain/openjpeg/issues/1127
• http://www.securityfocus.com/bid/105262
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-16376

NVD Description

Note: Versions mentioned in the description apply only to the upstream bluez package and not the bluez package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

BlueZ Audio Profile AVRCP Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device.

The specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19909.

Remediation

There is no fixed version for Debian:13 bluez.

References

• https://security-tracker.debian.org/tracker/CVE-2023-44431
• https://www.zerodayinitiative.com/advisories/ZDI-23-1900/

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The name of the patch is 41461010eb7c79fee7a9d5f6209accdaac66cc6b. It is recommended to apply a patch to fix this issue.

Remediation

There is no fixed version for Debian:13 binutils.

References

• https://security-tracker.debian.org/tracker/CVE-2025-7546
• https://sourceware.org/bugzilla/attachment.cgi?id=16118
• https://sourceware.org/bugzilla/show_bug.cgi?id=33050#c2
• https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=41461010eb7c79fee7a9d5f6209accdaac66cc6b
• https://vuldb.com/?ctiid.316244
• https://vuldb.com/?id.316244
• https://vuldb.com/?submit.614375
• https://www.gnu.org/
• https://sourceware.org/bugzilla/show_bug.cgi?id=33050

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.

Remediation

There is no fixed version for Debian:13 binutils.

References

• https://security-tracker.debian.org/tracker/CVE-2025-7545
• https://sourceware.org/bugzilla/attachment.cgi?id=16117
• https://sourceware.org/bugzilla/show_bug.cgi?id=33049
• https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944
• https://vuldb.com/?ctiid.316243
• https://vuldb.com/?id.316243
• https://vuldb.com/?submit.614355
• https://www.gnu.org/
• https://sourceware.org/bugzilla/show_bug.cgi?id=33049#c1

NVD Description

Note: Versions mentioned in the description apply only to the upstream tcl8.6 package and not the tcl8.6 package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. NOTE: multiple third parties dispute the significance of this finding

Remediation

There is no fixed version for Debian:13 tcl8.6.

References

• https://security-tracker.debian.org/tracker/CVE-2021-35331
• https://core.tcl-lang.org/tcl/info/28ef6c0c741408a2
• https://core.tcl-lang.org/tcl/info/bad6cc213dfe8280
• https://github.com/tcltk/tcl/commit/4705dbdde2f32ff90420765cd93e7ac71d81a222
• https://sqlite.org/forum/info/7dcd751996c93ec9

NVD Description

Note: Versions mentioned in the description apply only to the upstream tiff package and not the tiff package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function get_histogram of the file tools/tiffmedian.c. The manipulation leads to use after free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as fe10872e53efba9cc36c66ac4ab3b41a839d5172. It is recommended to apply a patch to fix this issue.

Remediation

There is no fixed version for Debian:13 tiff.

References

• https://security-tracker.debian.org/tracker/CVE-2025-8176
• http://www.libtiff.org/
• https://gitlab.com/libtiff/libtiff/-/commit/fe10872e53efba9cc36c66ac4ab3b41a839d5172
• https://gitlab.com/libtiff/libtiff/-/issues/707
• https://gitlab.com/libtiff/libtiff/-/merge_requests/727
• https://vuldb.com/?ctiid.317590
• https://vuldb.com/?id.317590
• https://vuldb.com/?submit.621796

NVD Description

Note: Versions mentioned in the description apply only to the upstream tiff package and not the tiff package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

A vulnerability was found in LibTIFF up to 4.7.0. It has been rated as critical. This issue affects the function setrow of the file tools/thumbnail.c. The manipulation leads to buffer overflow. An attack has to be approached locally. The patch is named e8c9d6c616b19438695fd829e58ae4fde5bfbc22. It is recommended to apply a patch to fix this issue. This vulnerability only affects products that are no longer supported by the maintainer.

Remediation

There is no fixed version for Debian:13 tiff.

References

• https://security-tracker.debian.org/tracker/CVE-2025-8177
• http://www.libtiff.org/
• https://gitlab.com/libtiff/libtiff/-/commit/e8c9d6c616b19438695fd829e58ae4fde5bfbc22
• https://gitlab.com/libtiff/libtiff/-/merge_requests/737
• https://vuldb.com/?ctiid.317591
• https://vuldb.com/?id.317591
• https://gitlab.com/libtiff/libtiff/-/issues/715
• https://vuldb.com/?submit.621797

NVD Description

Note: Versions mentioned in the description apply only to the upstream bluez package and not the bluez package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

In BlueZ 5.42, a buffer overflow was observed in "read_n" function in "tools/hcidump.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.

Remediation

There is no fixed version for Debian:13 bluez.

References

• https://security-tracker.debian.org/tracker/CVE-2016-9917
• https://www.spinics.net/lists/linux-bluetooth/msg68892.html
• http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00069.html
• http://www.securityfocus.com/bid/95013
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9917

NVD Description

Note: Versions mentioned in the description apply only to the upstream bluez package and not the bluez package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

In BlueZ 5.42, an out-of-bounds read was identified in "packet_hexdump" function in "monitor/packet.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash.

Remediation

There is no fixed version for Debian:13 bluez.

References

• https://security-tracker.debian.org/tracker/CVE-2016-9918
• https://www.spinics.net/lists/linux-bluetooth/msg68898.html
• http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00054.html
• http://www.securityfocus.com/bid/95013
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9918

NVD Description

Note: Versions mentioned in the description apply only to the upstream git package and not the git package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

The --mirror documentation for Git through 2.35.1 does not mention the availability of deleted content, aka the "GitBleed" issue. This could present a security risk if information-disclosure auditing processes rely on a clone operation without the --mirror option. Note: This has been disputed by multiple 3rd parties who believe this is an intended feature of the git binary and does not pose a security risk.

Remediation

There is no fixed version for Debian:13 git.

References

• https://security-tracker.debian.org/tracker/CVE-2022-24975
• https://lore.kernel.org/git/xmqq4k14qe9g.fsf%40gitster.g/
• https://github.com/git/git/blob/2dc94da3744bfbbf145eca587a0f5ff480cc5867/Documentation/git-clone.txt#L185-L191
• https://www.aquasec.com/blog/undetected-hard-code-secrets-expose-corporations/
• https://wwws.nightwatchcybersecurity.com/2022/02/11/gitbleed/

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\1\1|t1|\\2537)+' in grep.

Remediation

There is no fixed version for Debian:13 glibc.

References

• https://security-tracker.debian.org/tracker/CVE-2018-20796
• https://support.f5.com/csp/article/K26346590?utm_source=f5support&utm_medium=RSS
• https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141
• https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html
• https://security.netapp.com/advisory/ntap-20190315-0002/
• http://www.securityfocus.com/bid/107160
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-20796
• https://support.f5.com/csp/article/K26346590?utm_source=f5support&amp%3Butm_medium=RSS

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\1\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern

Remediation

There is no fixed version for Debian:13 glibc.

References

• https://security-tracker.debian.org/tracker/CVE-2019-9192
• https://support.f5.com/csp/article/K26346590?utm_source=f5support&utm_medium=RSS
• https://sourceware.org/bugzilla/show_bug.cgi?id=24269
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-9192
• https://support.f5.com/csp/article/K26346590?utm_source=f5support&amp%3Butm_medium=RSS

NVD Description

Note: Versions mentioned in the description apply only to the upstream jansson package and not the jansson package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

An issue was discovered in Jansson through 2.13.1. Due to a parsing error in json_loads, there's an out-of-bounds read-access bug. NOTE: the vendor reports that this only occurs when a programmer fails to follow the API specification

Remediation

There is no fixed version for Debian:13 jansson.

References

• https://security-tracker.debian.org/tracker/CVE-2020-36325
• https://github.com/akheron/jansson/issues/548

NVD Description

Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.

Remediation

There is no fixed version for Debian:13 krb5.

References

• https://security-tracker.debian.org/tracker/CVE-2018-5709
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709
• https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow
• https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-5709
• https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E

NVD Description

Note: Versions mentioned in the description apply only to the upstream libgcrypt20 package and not the libgcrypt20 package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.

Remediation

There is no fixed version for Debian:13 libgcrypt20.

References

• https://security-tracker.debian.org/tracker/CVE-2018-6829
• https://github.com/weikengchen/attack-on-libgcrypt-elgamal
• https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki
• https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html
• https://www.oracle.com/security-alerts/cpujan2020.html

NVD Description

Note: Versions mentioned in the description apply only to the upstream openjpeg2 package and not the openjpeg2 package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

There is a NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) of OpenJPEG 2.1.2. image->comps[compno].data is not assigned a value after initialization(NULL). Impact is Denial of Service.

Remediation

There is no fixed version for Debian:13 openjpeg2.

References

• https://security-tracker.debian.org/tracker/CVE-2016-9114
• https://security.gentoo.org/glsa/201710-26
• https://github.com/uclouvain/openjpeg/issues/857
• http://www.securityfocus.com/bid/93979
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9114

NVD Description

Note: Versions mentioned in the description apply only to the upstream openjpeg2 package and not the openjpeg2 package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

There is a NULL pointer dereference in function imagetobmp of convertbmp.c:980 of OpenJPEG 2.1.2. image->comps[0].data is not assigned a value after initialization(NULL). Impact is Denial of Service.

Remediation

There is no fixed version for Debian:13 openjpeg2.

References

• https://security-tracker.debian.org/tracker/CVE-2016-9113
• https://security.gentoo.org/glsa/201710-26
• https://github.com/uclouvain/openjpeg/issues/856
• http://www.securityfocus.com/bid/93980
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9113

NVD Description

Note: Versions mentioned in the description apply only to the upstream openldap package and not the openldap package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.

Remediation

There is no fixed version for Debian:13 openldap.

References

• https://security-tracker.debian.org/tracker/CVE-2015-3276
• http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
• https://bugzilla.redhat.com/show_bug.cgi?id=1238322
• http://rhn.redhat.com/errata/RHSA-2015-2131.html
• http://www.securitytracker.com/id/1034221
• https://access.redhat.com/errata/RHSA-2015:2131
• https://access.redhat.com/security/cve/CVE-2015-3276

NVD Description

Note: Versions mentioned in the description apply only to the upstream openldap package and not the openldap package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.

Remediation

There is no fixed version for Debian:13 openldap.

References

• https://security-tracker.debian.org/tracker/CVE-2017-17740
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17740
• http://www.openldap.org/its/index.cgi/Incoming?id=8759
• http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html
• http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html
• https://kc.mcafee.com/corporate/index?page=content&id=SB10365
• https://www.oracle.com/security-alerts/cpuapr2022.html

NVD Description

Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.

Remediation

There is no fixed version for Debian:13 patch.

References

• https://security-tracker.debian.org/tracker/CVE-2018-6952
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6952
• https://security.gentoo.org/glsa/201904-17
• https://savannah.gnu.org/bugs/index.php?53133
• https://access.redhat.com/errata/RHSA-2019:2033
• http://www.securityfocus.com/bid/103047
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-6952

NVD Description

Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a "mangled rename" issue.

Remediation

There is no fixed version for Debian:13 patch.

References

• https://security-tracker.debian.org/tracker/CVE-2018-6951
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6951
• https://security.gentoo.org/glsa/201904-17
• https://git.savannah.gnu.org/cgit/patch.git/commit/?id=f290f48a621867084884bfff87f8093c15195e6a
• https://savannah.gnu.org/bugs/index.php?53132
• http://www.securityfocus.com/bid/103044
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-6951
• https://usn.ubuntu.com/3624-1/

NVD Description

Note: Versions mentioned in the description apply only to the upstream tiff package and not the tiff package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue

Remediation

There is no fixed version for Debian:13 tiff.

References

• https://security-tracker.debian.org/tracker/CVE-2017-16232
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16232
• http://packetstormsecurity.com/files/150896/LibTIFF-4.0.8-Memory-Leak.html
• http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00036.html
• http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00041.html
• http://www.openwall.com/lists/oss-security/2017/11/01/11
• http://www.openwall.com/lists/oss-security/2017/11/01/3
• http://www.openwall.com/lists/oss-security/2017/11/01/7
• http://www.openwall.com/lists/oss-security/2017/11/01/8
• http://seclists.org/fulldisclosure/2018/Dec/32
• http://seclists.org/fulldisclosure/2018/Dec/47
• http://www.securityfocus.com/bid/101696

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."

Remediation

There is no fixed version for Debian:13 openssh.

References

• https://security-tracker.debian.org/tracker/CVE-2020-15778
• https://security.netapp.com/advisory/ntap-20200731-0007/
• https://github.com/cpandya2909/CVE-2020-15778/
• https://news.ycombinator.com/item?id=25005567
• https://www.openssh.com/security.html
• https://github.com/cpandya2909/CVE-2020-15778#example
• https://access.redhat.com/errata/RHSA-2024:3166
• https://security.gentoo.org/glsa/202212-06
• https://github.com/Neko-chanQwQ/CVE-2020-15778-Exploit

NVD Description

Note: Versions mentioned in the description apply only to the upstream m4 package and not the m4 package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

The (1) maketemp and (2) mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion, leading to unspecified use of an incorrect filename.

Remediation

There is no fixed version for Debian:13 m4.

References

• https://security-tracker.debian.org/tracker/CVE-2008-1687
• http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.510612
• http://www.vupen.com/english/advisories/2008/1151/references
• http://xforce.iss.net/xforce/xfdb/41706
• http://www.openwall.com/lists/oss-security/2008/04/07/1
• http://www.openwall.com/lists/oss-security/2008/04/07/12
• http://www.openwall.com/lists/oss-security/2008/04/07/3
• http://www.openwall.com/lists/oss-security/2008/04/07/4
• http://secunia.com/advisories/29671
• http://secunia.com/advisories/29729
• http://www.securityfocus.com/bid/28688
• https://exchange.xforce.ibmcloud.com/vulnerabilities/41706

NVD Description

Note: Versions mentioned in the description apply only to the upstream m4 package and not the m4 package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

Unspecified vulnerability in GNU m4 before 1.4.11 might allow context-dependent attackers to execute arbitrary code, related to improper handling of filenames specified with the -F option. NOTE: it is not clear when this issue crosses privilege boundaries.

Remediation

There is no fixed version for Debian:13 m4.

References

• https://security-tracker.debian.org/tracker/CVE-2008-1688
• http://osvdb.org/44272
• http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.510612
• http://www.vupen.com/english/advisories/2008/1151/references
• http://xforce.iss.net/xforce/xfdb/41704
• http://www.openwall.com/lists/oss-security/2008/04/07/1
• http://www.openwall.com/lists/oss-security/2008/04/07/3
• http://secunia.com/advisories/29671
• http://secunia.com/advisories/29729
• http://www.securityfocus.com/bid/28688
• https://exchange.xforce.ibmcloud.com/vulnerabilities/41704

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.

Remediation

There is no fixed version for Debian:13 openssh.

References

• https://security-tracker.debian.org/tracker/CVE-2019-6110
• https://www.exploit-db.com/exploits/46193/
• https://security.gentoo.org/glsa/201903-16
• https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c
• https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c
• https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt
• https://security.netapp.com/advisory/ntap-20190213-0001/
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-6110
• https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
• https://www.exploit-db.com/exploits/46516

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt.

Remediation

There is no fixed version for Debian:13 binutils.

References

• https://security-tracker.debian.org/tracker/CVE-2018-20712
• https://support.f5.com/csp/article/K38336243
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20712
• https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88629
• https://sourceware.org/bugzilla/show_bug.cgi?id=24043
• http://www.securityfocus.com/bid/106563
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-20712

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangle_type in rust-demangle.c.

Remediation

There is no fixed version for Debian:13 binutils.

References

• https://security-tracker.debian.org/tracker/CVE-2021-32256
• https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1927070
• https://security.netapp.com/advisory/ntap-20230824-0013/

NVD Description

Note: Versions mentioned in the description apply only to the upstream cairo package and not the cairo package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

cairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c (the generate and render_rows functions) and cairo-image-compositor.c (the _cairo_image_spans_and_zero function).

Remediation

There is no fixed version for Debian:13 cairo.

References

• https://security-tracker.debian.org/tracker/CVE-2018-18064
• https://gitlab.freedesktop.org/cairo/cairo/issues/341
• https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-18064
• https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E

NVD Description

Note: Versions mentioned in the description apply only to the upstream imagemagick package and not the imagemagick package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an OpenPixelCache call.

Remediation

There is no fixed version for Debian:13 imagemagick.

References

• https://security-tracker.debian.org/tracker/CVE-2017-11754
• https://github.com/ImageMagick/ImageMagick/issues/633

NVD Description

Note: Versions mentioned in the description apply only to the upstream imagemagick package and not the imagemagick package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an AcquireSemaphoreInfo call.

Remediation

There is no fixed version for Debian:13 imagemagick.

References

• https://security-tracker.debian.org/tracker/CVE-2017-11755
• https://github.com/ImageMagick/ImageMagick/issues/634

NVD Description

Note: Versions mentioned in the description apply only to the upstream imagemagick package and not the imagemagick package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.

Remediation

There is no fixed version for Debian:13 imagemagick.

References

• https://security-tracker.debian.org/tracker/CVE-2018-15607
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15607
• https://github.com/ImageMagick/ImageMagick/issues/1255
• http://www.securityfocus.com/bid/105137
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-15607
• https://usn.ubuntu.com/4034-1/

NVD Description

Note: Versions mentioned in the description apply only to the upstream jbigkit package and not the jbigkit package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted TIFF document can lead to an abort resulting in a remote denial of service attack.

Remediation

There is no fixed version for Debian:13 jbigkit.

References

• https://security-tracker.debian.org/tracker/CVE-2017-9937
• http://bugzilla.maptools.org/show_bug.cgi?id=2707
• https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
• http://www.securityfocus.com/bid/99304
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9937
• https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E

NVD Description

Note: Versions mentioned in the description apply only to the upstream openjpeg2 package and not the openjpeg2 package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a denial of service (attempted excessive memory allocation) in opj_calloc in openjp2/opj_malloc.c, when called from opj_tcd_init_tile in openjp2/tcd.c, as demonstrated by the 64-bit opj_decompress.

Remediation

There is no fixed version for Debian:13 openjpeg2.

References

• https://security-tracker.debian.org/tracker/CVE-2019-6988
• https://github.com/uclouvain/openjpeg/issues/1178
• http://www.securityfocus.com/bid/106785
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-6988

NVD Description

Note: Versions mentioned in the description apply only to the upstream openjpeg2 package and not the openjpeg2 package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.

Remediation

There is no fixed version for Debian:13 openjpeg2.

References

• https://security-tracker.debian.org/tracker/CVE-2016-10505
• https://security.gentoo.org/glsa/201710-26
• https://github.com/uclouvain/openjpeg/issues/776
• https://github.com/uclouvain/openjpeg/issues/784
• https://github.com/uclouvain/openjpeg/issues/785
• https://github.com/uclouvain/openjpeg/issues/792

NVD Description

Note: Versions mentioned in the description apply only to the upstream openjpeg2 package and not the openjpeg2 package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.

Remediation

There is no fixed version for Debian:13 openjpeg2.

References

• https://security-tracker.debian.org/tracker/CVE-2016-9116
• https://security.gentoo.org/glsa/201710-26
• https://github.com/uclouvain/openjpeg/issues/859
• http://www.securityfocus.com/bid/93975
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9116

NVD Description

Note: Versions mentioned in the description apply only to the upstream openjpeg2 package and not the openjpeg2 package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.

Remediation

There is no fixed version for Debian:13 openjpeg2.

References

• https://security-tracker.debian.org/tracker/CVE-2016-9117
• https://security.gentoo.org/glsa/201710-26
• https://github.com/uclouvain/openjpeg/issues/860
• http://www.securityfocus.com/bid/93783
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9117

NVD Description

Note: Versions mentioned in the description apply only to the upstream openjpeg2 package and not the openjpeg2 package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.

Remediation

There is no fixed version for Debian:13 openjpeg2.

References

• https://security-tracker.debian.org/tracker/CVE-2016-9115
• https://security.gentoo.org/glsa/201710-26
• https://github.com/uclouvain/openjpeg/issues/858
• http://www.securityfocus.com/bid/93977
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9115

NVD Description

Note: Versions mentioned in the description apply only to the upstream pixman package and not the pixman package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

stress-test master commit e4c878 was discovered to contain a FPE vulnerability via the component combine_inner at /pixman-combine-float.c.

Remediation

There is no fixed version for Debian:13 pixman.

References

• https://security-tracker.debian.org/tracker/CVE-2023-37769
• https://gitlab.freedesktop.org/pixman/pixman/-/issues/76

NVD Description

Note: Versions mentioned in the description apply only to the upstream tiff package and not the tiff package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

A vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interaction. The exploit has been disclosed to the public and may be used.

Remediation

There is no fixed version for Debian:13 tiff.

References

• https://security-tracker.debian.org/tracker/CVE-2022-1210
• https://gitlab.com/libtiff/libtiff/-/issues/402
• https://gitlab.com/libtiff/libtiff/uploads/c3da94e53cf1e1e8e6d4d3780dc8c42f/example.tiff
• https://security.gentoo.org/glsa/202210-10
• https://security.netapp.com/advisory/ntap-20220513-0005/
• https://vuldb.com/?id.196363

NVD Description

Note: Versions mentioned in the description apply only to the upstream tiff package and not the tiff package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

ijg-libjpeg before 9d, as used in tiff2pdf (from LibTIFF) and other products, does not check for a NULL pointer at a certain place in jpeg_fdct_16x16 in jfdctint.c.

Remediation

There is no fixed version for Debian:13 tiff.

References

• https://security-tracker.debian.org/tracker/CVE-2018-10126
• http://bugzilla.maptools.org/show_bug.cgi?id=2786
• https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-10126
• https://gitlab.com/libtiff/libtiff/-/issues/128
• https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E

NVD Description

Note: Versions mentioned in the description apply only to the upstream libwmf package and not the libwmf package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH value to the (a) gdImageCopyResized function, or a large (3) sy (height) or (4) sx (width) value to the (b) gdImageCreate or the (c) gdImageCreateTrueColor function.

Remediation

There is no fixed version for Debian:13 libwmf.

References

• https://security-tracker.debian.org/tracker/CVE-2007-3996
• http://www.debian.org/security/2008/dsa-1613
• http://security.gentoo.org/glsa/glsa-200712-13.xml
• http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml
• http://bugs.gentoo.org/show_bug.cgi?id=201546
• http://securityreason.com/securityalert/3103
• http://secweb.se/en/advisories/php-imagecopyresized-integer-overflow/
• http://secweb.se/en/advisories/php-imagecreatetruecolor-integer-overflow/
• https://issues.rpath.com/browse/RPL-1693
• https://issues.rpath.com/browse/RPL-1702
• http://support.avaya.com/elmodocs2/security/ASA-2007-449.htm
• https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00354.html
• http://www.php.net/ChangeLog-5.php#5.2.4
• http://www.php.net/releases/5_2_4.php
• http://www.trustix.org/errata/2007/0026/
• http://www.vupen.com/english/advisories/2007/3023
• http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11147
• http://rhn.redhat.com/errata/RHSA-2007-0889.html
• http://secunia.com/advisories/26642
• http://secunia.com/advisories/26822
• http://secunia.com/advisories/26838
• http://secunia.com/advisories/26871
• http://secunia.com/advisories/26895
• http://secunia.com/advisories/26930
• http://secunia.com/advisories/26967
• http://secunia.com/advisories/27102
• http://secunia.com/advisories/27351
• http://secunia.com/advisories/27377
• http://secunia.com/advisories/27545
• http://secunia.com/advisories/28009
• http://secunia.com/advisories/28147
• http://secunia.com/advisories/28658
• http://secunia.com/advisories/31168
• http://www.ubuntu.com/usn/usn-557-1
• https://exchange.xforce.ibmcloud.com/vulnerabilities/36382
• https://exchange.xforce.ibmcloud.com/vulnerabilities/36383
• http://www.mandriva.com/security/advisories?name=MDKSA-2007:187
• http://www.redhat.com/support/errata/RHSA-2007-0888.html
• http://www.redhat.com/support/errata/RHSA-2007-0890.html
• http://www.redhat.com/support/errata/RHSA-2007-0891.html

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username.

Remediation

There is no fixed version for Debian:13 openssh.

References

• https://security-tracker.debian.org/tracker/CVE-2008-3234
• https://www.exploit-db.com/exploits/6094
• http://www.securityfocus.com/bid/30276
• https://exchange.xforce.ibmcloud.com/vulnerabilities/44037

NVD Description

Note: Versions mentioned in the description apply only to the upstream shadow package and not the shadow package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.

Remediation

There is no fixed version for Debian:13 shadow.

References

• https://security-tracker.debian.org/tracker/CVE-2007-5686
• http://www.securityfocus.com/archive/1/482129/100/100/threaded
• http://www.securityfocus.com/archive/1/482857/100/0/threaded
• https://issues.rpath.com/browse/RPL-1825
• http://secunia.com/advisories/27215
• http://www.securityfocus.com/bid/26048
• http://www.vupen.com/english/advisories/2007/3474

NVD Description

Note: Versions mentioned in the description apply only to the upstream wget package and not the wget package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.

Remediation

There is no fixed version for Debian:13 wget.

References

• https://security-tracker.debian.org/tracker/CVE-2021-31879
• https://security.netapp.com/advisory/ntap-20210618-0002/
• https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

A vulnerability classified as problematic was found in GNU Binutils 2.43/2.44. Affected by this vulnerability is the function bfd_set_format of the file format.c. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 2.45 is able to address this issue. The identifier of the patch is 8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150. It is recommended to upgrade the affected component.

Remediation

There is no fixed version for Debian:13 binutils.

References

• https://security-tracker.debian.org/tracker/CVE-2025-1153
• https://sourceware.org/bugzilla/show_bug.cgi?id=32603
• https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150
• https://vuldb.com/?ctiid.295057
• https://vuldb.com/?id.295057
• https://vuldb.com/?submit.489991
• https://www.gnu.org/
• https://security.netapp.com/advisory/ntap-20250404-0005/

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.

Remediation

There is no fixed version for Debian:13 openssh.

References

• https://security-tracker.debian.org/tracker/CVE-2020-14145
• https://security.netapp.com/advisory/ntap-20200709-0004/
• https://security.gentoo.org/glsa/202105-35
• https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d
• https://docs.ssh-mitm.at/CVE-2020-14145.html
• https://github.com/openssh/openssh-portable/compare/V_8_3_P1...V_8_4_P1
• https://github.com/ssh-mitm/ssh-mitm/blob/master/ssh_proxy_server/plugins/session/cve202014145.py
• https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/
• http://www.openwall.com/lists/oss-security/2020/12/02/1

NVD Description

Note: Versions mentioned in the description apply only to the upstream bluez package and not the bluez package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

BlueZ Audio Profile AVRCP avrcp_parse_attribute_list Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device.

The specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20852.

Remediation

There is no fixed version for Debian:13 bluez.

References

• https://security-tracker.debian.org/tracker/CVE-2023-51580
• https://www.zerodayinitiative.com/advisories/ZDI-23-1903/

NVD Description

Note: Versions mentioned in the description apply only to the upstream bluez package and not the bluez package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

BlueZ Audio Profile AVRCP parse_media_element Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device.

The specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20853.

Remediation

There is no fixed version for Debian:13 bluez.

References

• https://security-tracker.debian.org/tracker/CVE-2023-51589
• https://www.zerodayinitiative.com/advisories/ZDI-23-1904/

NVD Description

Note: Versions mentioned in the description apply only to the upstream bluez package and not the bluez package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

BlueZ Audio Profile AVRCP parse_media_folder Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device.

The specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20854.

Remediation

There is no fixed version for Debian:13 bluez.

References

• https://security-tracker.debian.org/tracker/CVE-2023-51592
• https://www.zerodayinitiative.com/advisories/ZDI-23-1905/

NVD Description

Note: Versions mentioned in the description apply only to the upstream bluez package and not the bluez package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

BlueZ OBEX Library Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device.

The specific flaw exists within the handling of OBEX protocol parameters. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20937.

Remediation

There is no fixed version for Debian:13 bluez.

References

• https://security-tracker.debian.org/tracker/CVE-2023-51594
• https://www.zerodayinitiative.com/advisories/ZDI-23-1901/

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. Affected by this vulnerability is the function bfd_putl64 of the file libbfd.c of the component ld. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 75086e9de1707281172cc77f178e7949a4414ed0. It is recommended to apply a patch to fix this issue.

Remediation

There is no fixed version for Debian:13 binutils.

References

• https://security-tracker.debian.org/tracker/CVE-2025-1178
• https://sourceware.org/bugzilla/attachment.cgi?id=15914
• https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=75086e9de1707281172cc77f178e7949a4414ed0
• https://vuldb.com/?ctiid.295081
• https://vuldb.com/?id.295081
• https://vuldb.com/?submit.495369
• https://www.gnu.org/
• https://security.netapp.com/advisory/ntap-20250411-0008/
• https://sourceware.org/bugzilla/show_bug.cgi?id=32638

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).

Remediation

There is no fixed version for Debian:13 binutils.

References

• https://security-tracker.debian.org/tracker/CVE-2017-13716
• https://sourceware.org/bugzilla/show_bug.cgi?id=22009
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-13716

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.

Remediation

There is no fixed version for Debian:13 binutils.

References

• https://security-tracker.debian.org/tracker/CVE-2025-3198
• https://sourceware.org/bugzilla/show_bug.cgi?id=32716#c0
• https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ba6ad3a18cb26b79e0e3b84c39f707535bbc344d
• https://vuldb.com/?ctiid.303151
• https://vuldb.com/?id.303151
• https://vuldb.com/?submit.545773
• https://www.gnu.org/
• https://sourceware.org/bugzilla/show_bug.cgi?id=32716

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for "Create an array for saving the template argument values") that can trigger a heap-based buffer overflow, as demonstrated by nm.

Remediation

There is no fixed version for Debian:13 binutils.

References

• https://security-tracker.debian.org/tracker/CVE-2018-20673
• https://sourceware.org/bugzilla/show_bug.cgi?id=24039
• http://www.securityfocus.com/bid/106454
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-20673

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_template_value_parm, demangle_integral_value, and demangle_expression.

Remediation

There is no fixed version for Debian:13 binutils.

References

• https://security-tracker.debian.org/tracker/CVE-2018-9996
• https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85304
• http://www.securityfocus.com/bid/103733
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-9996

NVD Description

Note: Versions mentioned in the description apply only to the upstream cairo package and not the cairo package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.

Remediation

There is no fixed version for Debian:13 cairo.

References

• https://security-tracker.debian.org/tracker/CVE-2017-7475
• https://bugs.freedesktop.org/show_bug.cgi?id=100763
• https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
• http://seclists.org/oss-sec/2017/q2/151
• https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7475
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7475
• https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E

NVD Description

Note: Versions mentioned in the description apply only to the upstream imagemagick package and not the imagemagick package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image.

Remediation

There is no fixed version for Debian:13 imagemagick.

References

• https://security-tracker.debian.org/tracker/CVE-2005-0406
• http://seclists.org/lists/fulldisclosure/2005/Feb/0343.html
• http://www.redteam-pentesting.de/advisories/rt-sa-2005-008.txt

NVD Description

Note: Versions mentioned in the description apply only to the upstream imagemagick package and not the imagemagick package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862 and CVE-2016-8866.

Remediation

There is no fixed version for Debian:13 imagemagick.

References

• https://security-tracker.debian.org/tracker/CVE-2017-7275
• https://github.com/ImageMagick/ImageMagick/issues/271
• https://blogs.gentoo.org/ago/2017/03/27/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c-incomplete-fix-for-cve-2016-8862-and-cve-2016-8866/
• http://www.securityfocus.com/bid/97166

NVD Description

Note: Versions mentioned in the description apply only to the upstream imagemagick package and not the imagemagick package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

The IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted file. NOTE: the vendor says "This is a Q64 issue and we do not support Q64."

Remediation

There is no fixed version for Debian:13 imagemagick.

References

• https://security-tracker.debian.org/tracker/CVE-2016-8678
• https://github.com/ImageMagick/ImageMagick/issues/272
• http://www.openwall.com/lists/oss-security/2016/10/16/2
• http://www.openwall.com/lists/oss-security/2016/12/08/18
• https://bugzilla.redhat.com/show_bug.cgi?id=1385694
• http://www.securityfocus.com/bid/93599

NVD Description

Note: Versions mentioned in the description apply only to the upstream libpng1.6 package and not the libpng1.6 package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

A heap overflow flaw was found in libpngs' pngimage.c program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the pngimage utility, causing an application to crash, leading to a denial of service.

Remediation

There is no fixed version for Debian:13 libpng1.6.

References

• https://security-tracker.debian.org/tracker/CVE-2021-4214
• https://access.redhat.com/security/cve/CVE-2021-4214
• https://bugzilla.redhat.com/show_bug.cgi?id=2043393
• https://github.com/glennrp/libpng/issues/302
• https://security.netapp.com/advisory/ntap-20221020-0001/

NVD Description

Note: Versions mentioned in the description apply only to the upstream libraw package and not the libraw package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

libraw 20.0 has a null pointer dereference vulnerability in parse_tiff_ifd in src/metadata/tiff.cpp, which may result in context-dependent arbitrary code execution. Note: this vulnerability occurs only if you compile the software in a certain way

Remediation

There is no fixed version for Debian:13 libraw.

References

• https://security-tracker.debian.org/tracker/CVE-2020-24890
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWHUZCRMGOC3QS6C65KWBM6ZJM25V6HI/
• https://security.gentoo.org/glsa/202010-05
• https://github.com/LibRaw/LibRaw/issues/335
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWHUZCRMGOC3QS6C65KWBM6ZJM25V6HI/

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2 package and not the libxml2 package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions xmlXPathRunEval, xmlXPathCtxtCompile, and xmlXPathEvalExpr were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.

Remediation

There is no fixed version for Debian:13 libxml2.

References

• https://security-tracker.debian.org/tracker/CVE-2025-9714
• https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21

NVD Description

Note: Versions mentioned in the description apply only to the upstream openexr package and not the openexr package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, applications trust unvalidated dataWindow size values from file headers, which can lead to excessive memory allocation and performance degradation when processing malicious files. This is fixed in version 3.3.3.

Remediation

There is no fixed version for Debian:13 openexr.

References

• https://security-tracker.debian.org/tracker/CVE-2025-48074
• https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-x22w-82jp-8rvf
• https://github.com/ShielderSec/poc/tree/main/CVE-2025-48074

NVD Description

Note: Versions mentioned in the description apply only to the upstream openexr package and not the openexr package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file that is accessed with the ImfOpenInputFile function in IlmImf/ImfCRgbaFile.cpp. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid

Remediation

There is no fixed version for Debian:13 openexr.

References

• https://security-tracker.debian.org/tracker/CVE-2017-14988
• https://github.com/openexr/openexr/issues/248
• http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00063.html

NVD Description

Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.

Remediation

There is no fixed version for Debian:13 patch.

References

• https://security-tracker.debian.org/tracker/CVE-2021-45261
• https://savannah.gnu.org/bugs/?61685

NVD Description

Note: Versions mentioned in the description apply only to the upstream util-linux package and not the util-linux package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.

Remediation

There is no fixed version for Debian:13 util-linux.

References

• https://security-tracker.debian.org/tracker/CVE-2022-0563
• https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u
• https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w%40ws.net.home/T/#u
• https://security.gentoo.org/glsa/202401-08
• https://security.netapp.com/advisory/ntap-20220331-0002/

NVD Description

Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

Directory traversal vulnerability in util.c in GNU patch 2.6.1 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a filename that is specified with a .. (dot dot) or full pathname, a related issue to CVE-2010-1679.

Remediation

There is no fixed version for Debian:13 patch.

References

• https://security-tracker.debian.org/tracker/CVE-2010-4651
• http://support.apple.com/kb/HT4723
• http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html
• http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055241.html
• http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055246.html
• http://git.savannah.gnu.org/cgit/patch.git/commit/?id=685a78b6052f4df6eac6d625a545cfb54a6ac0e1
• http://lists.gnu.org/archive/html/bug-patch/2010-12/msg00000.html
• http://www.vupen.com/english/advisories/2011/0600
• http://openwall.com/lists/oss-security/2011/01/05/10
• http://openwall.com/lists/oss-security/2011/01/06/19
• http://openwall.com/lists/oss-security/2011/01/06/20
• http://openwall.com/lists/oss-security/2011/01/06/21
• https://bugzilla.redhat.com/show_bug.cgi?id=667529
• http://secunia.com/advisories/43663
• http://secunia.com/advisories/43677
• http://www.securityfocus.com/bid/46768
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-4651

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.

Remediation

There is no fixed version for Debian:13 binutils.

References

• https://security-tracker.debian.org/tracker/CVE-2025-5244
• https://sourceware.org/bugzilla/attachment.cgi?id=16010
• https://sourceware.org/bugzilla/show_bug.cgi?id=32858
• https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d1458933830456e54223d9fc61f0d9b3a19256f5
• https://vuldb.com/?ctiid.310346
• https://vuldb.com/?id.310346
• https://vuldb.com/?submit.584634
• https://www.gnu.org/

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.

Remediation

There is no fixed version for Debian:13 binutils.

References

• https://security-tracker.debian.org/tracker/CVE-2025-5245
• https://sourceware.org/bugzilla/attachment.cgi?id=16004
• https://sourceware.org/bugzilla/show_bug.cgi?id=32829
• https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6c3458a8b7ee7d39f070c7b2350851cb2110c65a
• https://vuldb.com/?ctiid.310347
• https://vuldb.com/?id.310347
• https://vuldb.com/?submit.584635
• https://www.gnu.org/

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.

Remediation

There is no fixed version for Debian:13 binutils.

References

• https://security-tracker.debian.org/tracker/CVE-2025-1147
• https://sourceware.org/bugzilla/attachment.cgi?id=15881
• https://sourceware.org/bugzilla/show_bug.cgi?id=32556
• https://vuldb.com/?ctiid.295051
• https://vuldb.com/?id.295051
• https://www.gnu.org/
• https://security.netapp.com/advisory/ntap-20250404-0003/
• https://vuldb.com/?submit.485254

NVD Description

Note: Versions mentioned in the description apply only to the upstream bluez package and not the bluez package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

In BlueZ 5.42, a buffer overflow was observed in "commands_dump" function in "tools/parser/csr.c" source file. The issue exists because "commands" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame "frm->ptr" parameter. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.

Remediation

There is no fixed version for Debian:13 bluez.

References

• https://security-tracker.debian.org/tracker/CVE-2016-9804
• https://www.spinics.net/lists/linux-bluetooth/msg68892.html
• http://www.securityfocus.com/bid/94652
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9804

NVD Description

Note: Versions mentioned in the description apply only to the upstream bluez package and not the bluez package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

In BlueZ 5.42, a buffer overflow was observed in "pklg_read_hci" function in "btsnoop.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash.

Remediation

There is no fixed version for Debian:13 bluez.

References

• https://security-tracker.debian.org/tracker/CVE-2016-9799
• https://www.spinics.net/lists/linux-bluetooth/msg68898.html
• http://www.securityfocus.com/bid/94652
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9799

NVD Description

Note: Versions mentioned in the description apply only to the upstream bluez package and not the bluez package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

In BlueZ 5.42, a buffer over-read was observed in "l2cap_dump" function in "tools/parser/l2cap.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.

Remediation

There is no fixed version for Debian:13 bluez.

References

• https://security-tracker.debian.org/tracker/CVE-2016-9797
• https://www.spinics.net/lists/linux-bluetooth/msg68892.html
• http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00069.html
• http://www.securityfocus.com/bid/94652
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9797

NVD Description

Note: Versions mentioned in the description apply only to the upstream bluez package and not the bluez package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

In BlueZ 5.42, a buffer over-read was identified in "l2cap_packet" function in "monitor/packet.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash.

Remediation

There is no fixed version for Debian:13 bluez.

References

• https://security-tracker.debian.org/tracker/CVE-2016-9802
• https://www.spinics.net/lists/linux-bluetooth/msg68898.html
• http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00069.html
• http://www.securityfocus.com/bid/94652
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9802

NVD Description

Note: Versions mentioned in the description apply only to the upstream bluez package and not the bluez package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

In BlueZ 5.42, a buffer overflow was observed in "pin_code_reply_dump" function in "tools/parser/hci.c" source file. The issue exists because "pin" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame "pin_code_reply_cp *cp" parameter.

Remediation

There is no fixed version for Debian:13 bluez.

References

• https://security-tracker.debian.org/tracker/CVE-2016-9800
• https://www.spinics.net/lists/linux-bluetooth/msg68892.html
• http://www.securityfocus.com/bid/94652
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9800

NVD Description

Note: Versions mentioned in the description apply only to the upstream bluez package and not the bluez package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

In BlueZ 5.42, a buffer overflow was observed in "set_ext_ctrl" function in "tools/parser/l2cap.c" source file when processing corrupted dump file.

Remediation

There is no fixed version for Debian:13 bluez.

References

• https://security-tracker.debian.org/tracker/CVE-2016-9801
• https://www.spinics.net/lists/linux-bluetooth/msg68892.html
• http://www.securityfocus.com/bid/94652
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9801

NVD Description

Note: Versions mentioned in the description apply only to the upstream bluez package and not the bluez package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

In BlueZ 5.42, an out-of-bounds read was observed in "le_meta_ev_dump" function in "tools/parser/hci.c" source file. This issue exists because 'subevent' (which is used to read correct element from 'ev_le_meta_str' array) is overflowed.

Remediation

There is no fixed version for Debian:13 bluez.

References

• https://security-tracker.debian.org/tracker/CVE-2016-9803
• https://www.spinics.net/lists/linux-bluetooth/msg68892.html
• http://www.securityfocus.com/bid/94652
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9803

NVD Description

Note: Versions mentioned in the description apply only to the upstream bluez package and not the bluez package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

In BlueZ 5.42, a use-after-free was identified in "conf_opt" function in "tools/parser/l2cap.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.

Remediation

There is no fixed version for Debian:13 bluez.

References

• https://security-tracker.debian.org/tracker/CVE-2016-9798
• https://www.spinics.net/lists/linux-bluetooth/msg68892.html
• http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00069.html
• http://www.securityfocus.com/bid/94652
• http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00071.html
• http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00072.html
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9798

NVD Description

Note: Versions mentioned in the description apply only to the upstream elfutils package and not the elfutils package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

A vulnerability was found in GNU elfutils 0.192. It has been declared as critical. Affected by this vulnerability is the function dump_data_section/print_string_section of the file readelf.c of the component eu-readelf. The manipulation of the argument z/x leads to buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 73db9d2021cab9e23fd734b0a76a612d52a6f1db. It is recommended to apply a patch to fix this issue.

Remediation

There is no fixed version for Debian:13 elfutils.

References

• https://security-tracker.debian.org/tracker/CVE-2025-1372
• https://sourceware.org/bugzilla/attachment.cgi?id=15927
• https://sourceware.org/bugzilla/show_bug.cgi?id=32656
• https://sourceware.org/bugzilla/show_bug.cgi?id=32656#c3
• https://sourceware.org/bugzilla/show_bug.cgi?id=32657
• https://vuldb.com/?ctiid.295981
• https://vuldb.com/?id.295981
• https://vuldb.com/?submit.496485
• https://www.gnu.org/

NVD Description

Note: Versions mentioned in the description apply only to the upstream elfutils package and not the elfutils package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

A vulnerability, which was classified as critical, was found in GNU elfutils 0.192. This affects the function process_symtab of the file readelf.c of the component eu-readelf. The manipulation of the argument D/a leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of the patch is 5e5c0394d82c53e97750fe7b18023e6f84157b81. It is recommended to apply a patch to fix this issue.

Remediation

There is no fixed version for Debian:13 elfutils.

References

• https://security-tracker.debian.org/tracker/CVE-2025-1365
• https://sourceware.org/bugzilla/attachment.cgi?id=15925
• https://sourceware.org/bugzilla/show_bug.cgi?id=32654
• https://sourceware.org/bugzilla/show_bug.cgi?id=32654#c2
• https://vuldb.com/?ctiid.295977
• https://vuldb.com/?id.295977
• https://vuldb.com/?submit.496483
• https://www.gnu.org/

NVD Description

Note: Versions mentioned in the description apply only to the upstream glib2.0 package and not the glib2.0 package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this issue may be disputed by the vendor; the existence of the g_str_hash function is not a vulnerability in the library, because callers of g_hash_table_new and g_hash_table_new_full can specify an arbitrary hash function that is appropriate for the application.

Remediation

There is no fixed version for Debian:13 glib2.0.

References

• https://security-tracker.debian.org/tracker/CVE-2012-0039
• http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655044
• http://mail.gnome.org/archives/gtk-devel-list/2003-May/msg00111.html
• http://openwall.com/lists/oss-security/2012/01/10/12
• https://bugzilla.redhat.com/show_bug.cgi?id=772720

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat.

Remediation

There is no fixed version for Debian:13 glibc.

References

• https://security-tracker.debian.org/tracker/CVE-2019-1010024
• https://support.f5.com/csp/article/K06046097
• https://support.f5.com/csp/article/K06046097?utm_source=f5support&utm_medium=RSS
• https://sourceware.org/bugzilla/show_bug.cgi?id=22852
• http://www.securityfocus.com/bid/109162
• https://ubuntu.com/security/CVE-2019-1010024
• https://support.f5.com/csp/article/K06046097?utm_source=f5support&amp%3Butm_medium=RSS

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is "ASLR bypass itself is not a vulnerability.

Remediation

There is no fixed version for Debian:13 glibc.

References

• https://security-tracker.debian.org/tracker/CVE-2019-1010025
• https://support.f5.com/csp/article/K06046097
• https://support.f5.com/csp/article/K06046097?utm_source=f5support&utm_medium=RSS
• https://sourceware.org/bugzilla/show_bug.cgi?id=22853
• https://ubuntu.com/security/CVE-2019-1010025
• https://support.f5.com/csp/article/K06046097?utm_source=f5support&amp%3Butm_medium=RSS

NVD Description

Note: Versions mentioned in the description apply only to the upstream imagemagick package and not the imagemagick package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, there is undefined behavior (function-type-mismatch) in splay tree cloning callback. This results in a deterministic abort under UBSan (DoS in sanitizer builds), with no crash in a non-sanitized build. This issue has been patched in versions 6.9.13-27 and 7.1.2-1.

Remediation

There is no fixed version for Debian:13 imagemagick.

References

• https://security-tracker.debian.org/tracker/CVE-2025-55160
• https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6hgw-6x87-578x

NVD Description

Note: Versions mentioned in the description apply only to the upstream imagemagick package and not the imagemagick package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, and (9) TGA decoder readers; and (b) the GetImageCharacteristics function in magick/image.c, as reachable from a crafted (10) PNG, (11) JPEG, (12) BMP, or (13) TIFF file.

Remediation

There is no fixed version for Debian:13 imagemagick.

References

• https://security-tracker.debian.org/tracker/CVE-2008-3134
• http://sourceforge.net/forum/forum.php?forum_id=841176
• http://sourceforge.net/project/shownotes.php?release_id=610253
• http://www.vupen.com/english/advisories/2008/1984/references
• http://xforce.iss.net/xforce/xfdb/43511
• http://xforce.iss.net/xforce/xfdb/43513
• http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00004.html
• http://secunia.com/advisories/30879
• http://secunia.com/advisories/32151
• http://www.securityfocus.com/bid/30055
• http://www.securitytracker.com/id?1020413
• https://exchange.xforce.ibmcloud.com/vulnerabilities/43511
• https://exchange.xforce.ibmcloud.com/vulnerabilities/43513

NVD Description

Note: Versions mentioned in the description apply only to the upstream libwmf package and not the libwmf package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allow attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value.

Remediation

There is no fixed version for Debian:13 libwmf.

References

• https://security-tracker.debian.org/tracker/CVE-2007-3477
• http://www.securityfocus.com/archive/1/478796/100/0/threaded
• ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgz
• http://bugs.libgd.org/?do=details&task_id=74
• http://bugs.libgd.org/?do=details&task_id=92
• https://issues.rpath.com/browse/RPL-1643
• http://www.debian.org/security/2008/dsa-1613
• http://fedoranews.org/updates/FEDORA-2007-205.shtml
• http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.html
• http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html
• http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html
• http://security.gentoo.org/glsa/glsa-200708-05.xml
• http://security.gentoo.org/glsa/glsa-200711-34.xml
• http://security.gentoo.org/glsa/glsa-200805-13.xml
• http://www.libgd.org/ReleaseNote020035
• http://osvdb.org/42062
• https://bugzilla.redhat.com/show_bug.cgi?id=277421
• http://secunia.com/advisories/25860
• http://secunia.com/advisories/26272
• http://secunia.com/advisories/26390
• http://secunia.com/advisories/26415
• http://secunia.com/advisories/26467
• http://secunia.com/advisories/26663
• http://secunia.com/advisories/26766
• http://secunia.com/advisories/26856
• http://secunia.com/advisories/30168
• http://secunia.com/advisories/31168
• http://secunia.com/advisories/42813
• http://www.securityfocus.com/bid/24651
• http://www.novell.com/linux/security/advisories/2007_15_sr.html
• http://www.trustix.org/errata/2007/0024/
• http://www.vupen.com/english/advisories/2011/0022
• http://www.mandriva.com/security/advisories?name=MDKSA-2007:153
• http://www.mandriva.com/security/advisories?name=MDKSA-2007:164

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxslt package and not the libxslt package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs.

Remediation

There is no fixed version for Debian:13 libxslt.

References

• https://security-tracker.debian.org/tracker/CVE-2015-9019
• https://bugzilla.gnome.org/show_bug.cgi?id=758400
• https://bugzilla.suse.com/show_bug.cgi?id=934119
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-9019

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product

Remediation

There is no fixed version for Debian:13 openssh.

References

• https://security-tracker.debian.org/tracker/CVE-2016-20012
• https://security.netapp.com/advisory/ntap-20211014-0005/
• https://github.com/openssh/openssh-portable/blob/d0fffc88c8fe90c1815c6f4097bc8cbcabc0f3dd/auth2-pubkey.c#L261-L265
• https://github.com/openssh/openssh-portable/pull/270
• https://rushter.com/blog/public-ssh-keys/
• https://utcc.utoronto.ca/~cks/space/blog/tech/SSHKeysAreInfoLeak
• https://github.com/openssh/openssh-portable/pull/270#issuecomment-920577097
• https://github.com/openssh/openssh-portable/pull/270#issuecomment-943909185
• https://www.openwall.com/lists/oss-security/2018/08/24/1

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483.

Remediation

There is no fixed version for Debian:13 openssh.

References

• https://security-tracker.debian.org/tracker/CVE-2007-2243
• https://security.netapp.com/advisory/ntap-20191107-0003/
• http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053906.html
• http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053951.html
• http://securityreason.com/securityalert/2631
• http://www.securityfocus.com/bid/23601
• https://exchange.xforce.ibmcloud.com/vulnerabilities/33794
• http://www.osvdb.org/34600

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability.'

Remediation

There is no fixed version for Debian:13 openssh.

References

• https://security-tracker.debian.org/tracker/CVE-2018-15919
• https://security.netapp.com/advisory/ntap-20181221-0001/
• http://seclists.org/oss-sec/2018/q3/180
• http://www.securityfocus.com/bid/105163
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-15919