Vulnerabilities > Fedoraproject > Fedora
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-04 | CVE-2019-13283 | Out-of-bounds Read vulnerability in multiple products In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in strncpy from FoFiType1::parse in fofi/FoFiType1.cc because it does not ensure the source string has a valid length before making a fixed-length copy. | 7.8 |
| 2019-07-04 | CVE-2019-13282 | Out-of-bounds Read vulnerability in multiple products In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in SampledFunction::transform in Function.cc when using a large index for samples. | 7.8 |
| 2019-07-04 | CVE-2019-13281 | Out-of-bounds Write vulnerability in multiple products In Xpdf 4.01.01, a heap-based buffer overflow could be triggered in DCTStream::decodeImage() in Stream.cc when writing to frameBuf memory. | 7.8 |
| 2019-07-04 | CVE-2019-13226 | Link Following vulnerability in multiple products deepin-clone before 1.1.3 uses a predictable path /tmp/.deepin-clone/mount/<block-dev-basename> in the Helper::temporaryMountDevice() function to temporarily mount a file system as root. | 7.0 |
| 2019-07-03 | CVE-2019-7165 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A buffer overflow in DOSBox 0.74-2 allows attackers to execute arbitrary code. | 9.8 |
| 2019-07-01 | CVE-2019-13118 | Type Confusion vulnerability in multiple products In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data. | 5.3 |
| 2019-07-01 | CVE-2019-13117 | Use of Uninitialized Resource vulnerability in multiple products In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. | 5.3 |
| 2019-06-30 | CVE-2019-13114 | NULL Pointer Dereference vulnerability in multiple products http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service (crash due to a NULL pointer dereference) by returning a crafted response that lacks a space character. | 6.5 |
| 2019-06-30 | CVE-2019-13113 | Reachable Assertion vulnerability in multiple products Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to assertion failure) via an invalid data location in a CRW image file. | 6.5 |
| 2019-06-30 | CVE-2019-13112 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products A PngChunk::parseChunkContent uncontrolled memory allocation in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to an std::bad_alloc exception) via a crafted PNG image file. | 6.5 |