View | Details | Raw Unified | Return to bug 250190 | Differences between
and this patch

Collapse All | Expand All

(-)b/security/vuxml/vuln.xml (+57 lines)
Lines 58-63 Notes: Link Here
58
  * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
58
  * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
59
-->
59
-->
60
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
60
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
61
  <vuln vid="040707f9-0b2a-11eb-8834-00155d01f202">
62
    <topic>mozjpeg -- heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file</topic>
63
    <affects>
64
      <package>
65
	<name>mozjpeg</name>
66
	<range><lt>4.0.0</lt></range>
67
      </package>
68
    </affects>
69
    <description>
70
      <body xmlns="http://www.w3.org/1999/xhtml">
71
	<p>NIST reports:</p>
72
	<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2020-13790">
73
	<ul>
74
	   <li>Heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.</li>
75
	</ul>
76
	</blockquote>
77
      </body>
78
    </description>
79
    <references>
80
      <cvename>CVE-2020-13790</cvename>
81
      <url>https://nvd.nist.gov/vuln/detail/CVE-2020-13790</url>
82
    </references>
83
    <dates>
84
      <discovery>2020-06-03</discovery>
85
      <entry>2020-10-10</entry>
86
    </dates>
87
  </vuln>
88
89
  <vuln vid="23a667c7-0b28-11eb-8834-00155d01f202">
90
    <topic>libjpeg-turbo -- Issue in the PPM reader causing a buffer overrun in cjpeg, TJBench, or the tjLoadImage() function.</topic>
91
    <affects>
92
      <package>
93
	<name>libjpeg-turbo</name>
94
	<range><lt>2.0.4</lt></range>
95
      </package>
96
    </affects>
97
    <description>
98
      <body xmlns="http://www.w3.org/1999/xhtml">
99
	<p>libjpeg-turbo releases reports:</p>
100
	<blockquote cite="https://github.com/libjpeg-turbo/libjpeg-turbo/releases/tag/2.0.5">
101
	  <p>This release fixes the following security issue:</p>
102
	  <ul>
103
	     <li>Heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.</li>
104
	  </ul>
105
	</blockquote>
106
      </body>
107
    </description>
108
    <references>
109
      <cvename>CVE-2020-13790</cvename>
110
      <url>https://nvd.nist.gov/vuln/detail/CVE-2020-13790</url>
111
    </references>
112
    <dates>
113
      <discovery>2020-06-03</discovery>
114
      <entry>2020-10-10</entry>
115
    </dates>
116
  </vuln>
117
61
  <vuln vid="b07bdd3c-0809-11eb-a3a4-0019dbb15b3f">
118
  <vuln vid="b07bdd3c-0809-11eb-a3a4-0019dbb15b3f">
62
    <topic>Payara -- path trasversal flaw via either loc/con parameters in Eclipse Mojarra</topic>
119
    <topic>Payara -- path trasversal flaw via either loc/con parameters in Eclipse Mojarra</topic>
63
    <affects>
120
    <affects>

Return to bug 250190