Attachment #218650 for bug #250190

View | Details | Raw Unified | Return to bug 250190 | Differences between
Collapse All | Expand All




  * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
  <vuln vid="040707f9-0b2a-11eb-8834-00155d01f202">
    <topic>mozjpeg -- heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file</topic>
    <affects>
      <package>
	<name>mozjpeg</name>
	<range><lt>4.0.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>NIST reports:</p>
	<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2020-13790">
	<ul>
	   <li>Heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.</li>
	</ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2020-13790</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2020-13790</url>
    </references>
    <dates>
      <discovery>2020-06-03</discovery>
      <entry>2020-10-10</entry>
    </dates>
  </vuln>

  <vuln vid="23a667c7-0b28-11eb-8834-00155d01f202">
    <topic>libjpeg-turbo -- Issue in the PPM reader causing a buffer overrun in cjpeg, TJBench, or the tjLoadImage() function.</topic>
    <affects>
      <package>
	<name>libjpeg-turbo</name>
	<range><lt>2.0.4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>libjpeg-turbo releases reports:</p>
	<blockquote cite="https://github.com/libjpeg-turbo/libjpeg-turbo/releases/tag/2.0.5">
	  <p>This release fixes the following security issue:</p>
	  <ul>
	     <li>Heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2020-13790</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2020-13790</url>
    </references>
    <dates>
      <discovery>2020-06-03</discovery>
      <entry>2020-10-10</entry>
    </dates>
  </vuln>

  <vuln vid="b07bdd3c-0809-11eb-a3a4-0019dbb15b3f">
    <topic>Payara -- path trasversal flaw via either loc/con parameters in Eclipse Mojarra</topic>
    <affects>

Return to bug 250190

Lines 58-63 Notes: Link Here

(-)b/security/vuxml/vuln.xml (+57 lines)
58	* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)	58	* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
59	-->	59	-->
60	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">	60	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
		61	<vuln vid="040707f9-0b2a-11eb-8834-00155d01f202">
		62	<topic>mozjpeg -- heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file</topic>
		63	<affects>
		64	<package>
		65	<name>mozjpeg</name>
		66	<range><lt>4.0.0</lt></range>
		67	</package>
		68	</affects>
		69	<description>
		70	<body xmlns="http://www.w3.org/1999/xhtml">
		71	<p>NIST reports:</p>
		72	<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2020-13790">
		73	<ul>
		74	<li>Heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.</li>
		75	</ul>
		76	</blockquote>
		77	</body>
		78	</description>
		79	<references>
		80	<cvename>CVE-2020-13790</cvename>
		81	<url>https://nvd.nist.gov/vuln/detail/CVE-2020-13790</url>
		82	</references>
		83	<dates>
		84	<discovery>2020-06-03</discovery>
		85	<entry>2020-10-10</entry>
		86	</dates>
		87	</vuln>
		88
		89	<vuln vid="23a667c7-0b28-11eb-8834-00155d01f202">
		90	<topic>libjpeg-turbo -- Issue in the PPM reader causing a buffer overrun in cjpeg, TJBench, or the tjLoadImage() function.</topic>
		91	<affects>
		92	<package>
		93	<name>libjpeg-turbo</name>
		94	<range><lt>2.0.4</lt></range>
		95	</package>
		96	</affects>
		97	<description>
		98	<body xmlns="http://www.w3.org/1999/xhtml">
		99	<p>libjpeg-turbo releases reports:</p>
		100	<blockquote cite="https://github.com/libjpeg-turbo/libjpeg-turbo/releases/tag/2.0.5">
		101	<p>This release fixes the following security issue:</p>
		102	<ul>
		103	<li>Heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.</li>
		104	</ul>
		105	</blockquote>
		106	</body>
		107	</description>
		108	<references>
		109	<cvename>CVE-2020-13790</cvename>
		110	<url>https://nvd.nist.gov/vuln/detail/CVE-2020-13790</url>
		111	</references>
		112	<dates>
		113	<discovery>2020-06-03</discovery>
		114	<entry>2020-10-10</entry>
		115	</dates>
		116	</vuln>
		117
61	<vuln vid="b07bdd3c-0809-11eb-a3a4-0019dbb15b3f">	118	<vuln vid="b07bdd3c-0809-11eb-a3a4-0019dbb15b3f">
62	<topic>Payara -- path trasversal flaw via either loc/con parameters in Eclipse Mojarra</topic>	119	<topic>Payara -- path trasversal flaw via either loc/con parameters in Eclipse Mojarra</topic>
63	<affects>	120	<affects>