Openvswitch 2.17.8 was discovered to contain a memory leak via the function xmalloc_ in openvswitch-2.17.8/lib/util.c.ĬommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. Mupdf v1.23.9 was discovered to contain a memory leak via the menuEntry variable in the glutAddSubMenu function. Mupdf v1.23.9 was discovered to contain a memory leak via the menuEntry variable in the glutAddMenuEntry function. Gpac v2.2.1 was discovered to contain a memory leak via the dst_props variable in the gf_filter_pid_merge_properties_internal function. Gpac v2.2.1 was discovered to contain a memory leak via the gfio_blob variable in the gf_fileio_from_blob function. Users should upgrade to version 1.6.5 or 1.7.2. As such, libgit2 versions before 1.4.0 are not affected. Potentially, this could also leak memory if the extracted rev spec is reflected back to the attacker. There is an edge-case during parsing that allows a bad actor to force the loop conditions to access arbitrary memory. The revparse function in `src/libgit2/revparse.c` uses a loop to parse the user-provided spec string. Using well-crafted inputs to `git_revparse_single` can cause the function to enter an infinite loop, potentially causing a Denial of Service attack in the calling application. Libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |