English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 324607 CVE Beschreibungen
und 145615 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.1.10.2020.0459
Kategorie:Mageia Linux Local Security Checks
Titel:Mageia: Security Advisory (MGASA-2020-0459)
Zusammenfassung:The remote host is missing an update for the 'sam2p' package(s) announced via the MGASA-2020-0459 advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'sam2p' package(s) announced via the MGASA-2020-0459 advisory.

Vulnerability Insight:
In sam2p 0.49.3, a heap-based buffer overflow exists in the pcxLoadImage24
function of the file in_pcx.cpp. (CVE-2017-14628).

In sam2p 0.49.3, the in_xpm_reader function in in_xpm.cpp has an integer
signedness error, leading to a crash when writing to an out-of-bounds array
element. (CVE-2017-14629).

In sam2p 0.49.3, an integer overflow exists in the pcxLoadImage24 function
of the file in_pcx.cpp, leading to an invalid write operation.
(CVE-2017-14630).

In sam2p 0.49.3, the pcxLoadRaster function in in_pcx.cpp has an integer
signedness error leading to a heap-based buffer overflow. (CVE-2017-14631).

Because of an integer overflow in sam2p 0.49.3, a loop executes 0xffffffff
times, ending with an invalid read of size 1 in the Image::Indexed::sortPal
function in image.cpp. However, this also causes memory corruption because
of an attempted write to the invalid d[0xfffffffe] array element.
(CVE-2017-14636).

In sam2p 0.49.3, there is an invalid read of size 2 in the parse_rgb function
in in_xpm.cpp. However, this can also cause a write to an illegal address.
(CVE-2017-14637).

In sam2p 0.49.4, there are integer overflows (with resultant heap-based buffer
overflows) in input-bmp.ci in the function ReadImage, because 'width * height'
multiplications occur unsafely. (CVE-2017-16663).

There is a heap-based buffer overflow in the LoadPCX function of in_pcx.cpp
in sam2p 0.49.4. A Crafted input will lead to a denial of service or possibly
unspecified other impact. (CVE-2018-7487).

There is an invalid free in MiniPS::delete0 in minips.cpp that leads to a
Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of
service or possibly unspecified other impact. (CVE-2018-7551).

There is a heap-based buffer overflow in the pcxLoadRaster function of
in_pcx.cpp in sam2p 0.49.4. A crafted input will lead to a denial of service
or possibly unspecified other impact. (CVE-2018-7553).

There is an invalid free in ReadImage in input-bmp.ci that leads to a
Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of
service or possibly unspecified other impact. (CVE-2018-7554).

There is a heap-based buffer overflow in bmp_compress1_row in appliers.cpp
in sam2p 0.49.4 that leads to a denial of service or possibly unspecified
other impact. (CVE-2018-12578).

There is a heap-based buffer overflow in ReadImage in input-tga.ci in sam2p
0.49.4 that leads to a denial of service or possibly unspecified other impact.
(CVE-2018-12601).

Affected Software/OS:
'sam2p' package(s) on Mageia 7.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2017-14628
https://github.com/pts/sam2p/issues/14
Common Vulnerability Exposure (CVE) ID: CVE-2017-14629
Common Vulnerability Exposure (CVE) ID: CVE-2017-14630
Common Vulnerability Exposure (CVE) ID: CVE-2017-14631
Common Vulnerability Exposure (CVE) ID: CVE-2017-14636
Common Vulnerability Exposure (CVE) ID: CVE-2017-14637
Common Vulnerability Exposure (CVE) ID: CVE-2017-16663
https://lists.debian.org/debian-lts-announce/2017/11/msg00031.html
Common Vulnerability Exposure (CVE) ID: CVE-2018-12578
https://github.com/pts/sam2p/issues/39
https://lists.debian.org/debian-lts-announce/2018/08/msg00010.html
Common Vulnerability Exposure (CVE) ID: CVE-2018-12601
https://github.com/pts/sam2p/issues/41
Common Vulnerability Exposure (CVE) ID: CVE-2018-7487
https://github.com/pts/sam2p/issues/18
https://lists.debian.org/debian-lts-announce/2018/04/msg00004.html
Common Vulnerability Exposure (CVE) ID: CVE-2018-7551
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891527
https://github.com/pts/sam2p/issues/28
Common Vulnerability Exposure (CVE) ID: CVE-2018-7553
https://github.com/pts/sam2p/issues/32
Common Vulnerability Exposure (CVE) ID: CVE-2018-7554
https://github.com/pts/sam2p/issues/29
CopyrightCopyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2025 E-Soft Inc. Alle Rechte vorbehalten.