Lines 58-63
Notes:
Link Here
|
58 |
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.) |
58 |
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.) |
59 |
--> |
59 |
--> |
60 |
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> |
60 |
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> |
|
|
61 |
<vuln vid="040707f9-0b2a-11eb-8834-00155d01f202"> |
62 |
<topic>mozjpeg -- heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file</topic> |
63 |
<affects> |
64 |
<package> |
65 |
<name>mozjpeg</name> |
66 |
<range><lt>4.0.0</lt></range> |
67 |
</package> |
68 |
</affects> |
69 |
<description> |
70 |
<body xmlns="http://www.w3.org/1999/xhtml"> |
71 |
<p>NIST reports:</p> |
72 |
<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2020-13790"> |
73 |
<ul> |
74 |
<li>Heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.</li> |
75 |
</ul> |
76 |
</blockquote> |
77 |
</body> |
78 |
</description> |
79 |
<references> |
80 |
<cvename>CVE-2020-13790</cvename> |
81 |
<url>https://nvd.nist.gov/vuln/detail/CVE-2020-13790</url> |
82 |
</references> |
83 |
<dates> |
84 |
<discovery>2020-06-03</discovery> |
85 |
<entry>2020-10-10</entry> |
86 |
</dates> |
87 |
</vuln> |
88 |
|
89 |
<vuln vid="23a667c7-0b28-11eb-8834-00155d01f202"> |
90 |
<topic>libjpeg-turbo -- Issue in the PPM reader causing a buffer overrun in cjpeg, TJBench, or the tjLoadImage() function.</topic> |
91 |
<affects> |
92 |
<package> |
93 |
<name>libjpeg-turbo</name> |
94 |
<range><lt>2.0.4</lt></range> |
95 |
</package> |
96 |
</affects> |
97 |
<description> |
98 |
<body xmlns="http://www.w3.org/1999/xhtml"> |
99 |
<p>libjpeg-turbo releases reports:</p> |
100 |
<blockquote cite="https://github.com/libjpeg-turbo/libjpeg-turbo/releases/tag/2.0.5"> |
101 |
<p>This release fixes the following security issue:</p> |
102 |
<ul> |
103 |
<li>Heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.</li> |
104 |
</ul> |
105 |
</blockquote> |
106 |
</body> |
107 |
</description> |
108 |
<references> |
109 |
<cvename>CVE-2020-13790</cvename> |
110 |
<url>https://nvd.nist.gov/vuln/detail/CVE-2020-13790</url> |
111 |
</references> |
112 |
<dates> |
113 |
<discovery>2020-06-03</discovery> |
114 |
<entry>2020-10-10</entry> |
115 |
</dates> |
116 |
</vuln> |
117 |
|
61 |
<vuln vid="b07bdd3c-0809-11eb-a3a4-0019dbb15b3f"> |
118 |
<vuln vid="b07bdd3c-0809-11eb-a3a4-0019dbb15b3f"> |
62 |
<topic>Payara -- path trasversal flaw via either loc/con parameters in Eclipse Mojarra</topic> |
119 |
<topic>Payara -- path trasversal flaw via either loc/con parameters in Eclipse Mojarra</topic> |
63 |
<affects> |
120 |
<affects> |